BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus removal help
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Virus removal help  
Forum Quick Jump
 
New Topic Post reply to : Virus removal help Printable version of : Virus removal help
42 posts in this thread.
Viewing Page :
 1  2 
[ << Previous Thread | Next Thread >> ]

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/23/2010 7:41 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Hello, I was wondering if you could help me out with the problems I am having.
 
About a week ago links from google search started to get redirected.
I did system restore (did not help). I installed Hitman 3.5 and after running it problem seemed to dissapear for a day. The next day, problem returned.
 
Yesterday, I noticed that my Windows XP has Windows Classic look. There is no way of changing it back in Control Panel-> Display (no other options except Classic).
I did system restore again and after that I am unable to access internet. I have "Limited or No Connectivity" message". My ip address is gone (zeros). Modem is fine, checked it with other computer (the one I am using now). I also noticed that Hitmas was uninstalled.
 
I did everything required in your "Before posting a log" post.
AVS found and removed "java:agent-f" trojan, after mbam restart XP look came back. ISP was assigned numbers, but no connection. Removed old Java versions, can't install new one (no internet). After restart Classic look is back again.
 
Sorry for long description, I wanted to provide the details.
 
HJT log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:20 PM, on 5/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Google Update Service (gupdate1c9de492995e2fc) (gupdate1c9de492995e2fc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10794 bytes
 
mbam log:
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/22/2010 6:24:17 PM
mbam-log-2010-05-22 (18-24-17).txt
Scan type: Full scan (C:\|)
Objects scanned: 228877
Time elapsed: 1 hour(s), 23 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adwarealert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\PIOTR\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Log\2008 May 14 - 06_04_27 AM_953.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Log\2008 May 14 - 06_15_04 AM_015.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
 
DDS log:
 

DDS (Ver_10-03-17.01) - NTFSx86 
Run by PIOTR at 18:36:42.04 on Sat 05/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.502.162 [GMT -5:00]
AV: avast! antivirus 4.8.1368 [VPS 100522-1] *On-access scanning disabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\PIOTR\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [mm_server] "c:\program files\musicmatch\musicmatch jukebox\mm_server.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\benq\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: musicmatch.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-26 138680]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-5-25 1245064]
S2 gupdate1c9de492995e2fc;Google Update Service (gupdate1c9de492995e2fc);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-26 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-26 352920]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2009-1-31 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [2009-1-31 3768]
=============== Created Last 30 ================
2010-05-22 21:44:41 0 d-----w- c:\docume~1\piotr\applic~1\Malwarebytes
2010-05-22 21:44:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 21:44:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-22 21:44:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 21:44:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 21:29:03 0 d-----w- c:\program files\CCleaner
2010-05-22 17:05:43 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-20 23:30:39 0 d-----w- c:\program files\Astroburn Lite
2010-05-20 23:29:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Astroburn Lite
2010-05-20 17:52:40 0 d-----w- c:\docume~1\piotr\applic~1\DAEMON Tools Lite
2010-05-20 17:52:34 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-05-18 19:23:37 390 ----a-w- c:\windows\system32\.crusader
2010-05-18 19:07:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-05-10 03:33:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4
2010-05-10 03:33:39 0 d-----w- c:\program files\Search Toolbar
2010-04-29 16:21:57 0 d-----w- c:\program files\common files\DivX Shared
2010-04-29 16:20:40 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-04-29 15:23:24 0 d-----w- c:\program files\TMPGEnc-2.525.64.184-EN-Free
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
==================== Find3M  ====================
2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-02 04:12:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 04:09:03 37648214 ----a-w- c:\program files\EskkItaDemoSetup.exe
2010-02-27 05:30:26 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-15 17:28:14 479925 ----a-w- c:\program files\nowegg_www_SoftMania_pl.exe
2007-10-10 05:39:22 670720 ----a-w- c:\program files\CoolPDFReader.exe
2006-09-21 01:10:21 6258609 -c--a-w- c:\program files\XP Codec Pack 2.0.4.exe
2006-09-21 00:57:08 2068266 -c--a-w- c:\program files\iv5setup.exe
2006-09-21 00:55:49 643711 -c--a-w- c:\program files\XviD-1.1.0-30122005.exe
2006-06-24 15:42:16 10586880 ----a-w- c:\program files\Onet-SkypeSetup.exe
2006-04-30 00:46:30 179 ----a-w- c:\program files\Free-Codecs.txt
2006-01-13 01:30:52 10432544 -c----w- c:\program files\rp505enu.exe
2005-10-10 00:59:05 12754672 ----a-w- c:\program files\MP10Setup.exe
2005-09-24 02:43:17 24265736 ----a-w- c:\program files\dotnetfx.exe
2005-09-17 22:27:05 558240 -c--a-w- c:\program files\GoogleToolbarInstaller.exe
2005-08-31 02:24:15 7545056 -c--a-w- c:\program files\NMP-1.4.0.35.exe
2005-08-31 01:46:57 10737061 -c--a-w- c:\program files\NeroMIX-1.4.0.34a.exe
2005-08-30 15:44:29 37492192 -c--a-w- c:\program files\NVE-3.1.0.16.exe
2005-08-30 07:41:36 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe
2005-08-30 05:46:28 22396022 ----a-w- c:\program files\NVE2content.exe
2005-08-09 00:08:01 6765354 ----a-w- c:\program files\InCD-4.3.20.1.exe
2005-07-28 02:09:29 10844936 -c--a-w- c:\program files\GoogleEarth.exe
2005-06-09 02:12:31 1012466 ------w- c:\program files\wrar35b5.exe
2000-11-15 14:21:16 178688 ----a-w- c:\program files\hjsplit.exe
2008-09-12 14:26:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat
============= FINISH: 18:38:26.09 ===============
DDS attach log:
 
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/11/2005 11:18:45 PM
System Uptime: 5/22/2010 6:27:52 PM (0 hours ago)
Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 16.17 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP635: 5/16/2010 8:24:04 PM - System Checkpoint
RP636: 5/18/2010 1:33:23 AM - System Checkpoint
RP637: 5/19/2010 2:31:16 AM - System Checkpoint
RP638: 5/20/2010 2:39:41 AM - System Checkpoint
RP639: 5/20/2010 12:54:08 PM - SPTD setup V1.62
RP640: 5/21/2010 10:32:18 AM - Removed Bonjour
RP641: 5/22/2010 11:47:58 AM - Restore Operation
RP642: 5/22/2010 12:03:21 PM - Restore Operation
RP643: 5/22/2010 4:24:42 PM - Removed Bonjour
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AiO_Scan
Any Video Converter 2.5.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
ArcSoft PhotoImpression 3.0
avast! Antivirus
Avidemux 2.5
Banctec Service Agreement
BenQ QVideo
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Carbonite
CCleaner
Combined Community Codec Pack 2008-09-21 16:18
ComcastSUPPORT
Compatibility Pack for the 2007 Office system
ConsumerUpdate
Copy Utility
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
DivX Setup
Doc Convertor 1.0 (Beta)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
foobar2000 v0.9.6.3
FreeRIP v3.04
Genie Backup Assistant
Google Chrome
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Ipswitch WS_FTP Pro
IsoBuster 2.7
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
jetAudio Basic
Macromedia Flash Player
Malwarebytes' Anti-Malware
MediaMonkey 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mkw Audio Compression Toolkit
Move Media Player
MovieEdit Task
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero Media Player
Nero Suite
NeroMIX
OmniFormat
Onet.pl - Skype 3.1
Pakiet Multimedialny ESKK W³oski Demo 3.0
Pdf995
PhotoStitch
PL-2303 USB-to-Serial
PowerDVD 5.3
QFolder
QuickTime
RAW Image Task 1.2
RayV
RealPlayer
RemoteCapture Task 1.1
Scan
ScanToWeb
Search Toolbar
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Skype Plugin Manager
Smilebox
SolveigMM AVI Trimmer
SopCast 3.0.3
Symantec KB-DocID:2003093015493306
TVAnts 1.0
TVUPlayer 2.3.7.1
Unlocker 1.8.7
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Video/Audio Device Driver
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
XP Codec Pack
XviD 1.1 final uninstall
==== Event Viewer Messages From Past Week ========
5/22/2010 6:32:09 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/22/2010 6:30:00 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
5/22/2010 4:00:38 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/22/2010 12:20:38 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
5/22/2010 12:20:38 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
5/22/2010 12:20:38 PM, error: Service Control Manager [7000]  - The Cryptographic Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 12:09:03 PM, error: Service Control Manager [7022]  - The Windows Image Acquisition (WIA) service hung on starting.
5/22/2010 12:08:28 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
5/22/2010 12:08:28 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
5/22/2010 12:08:28 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
5/22/2010 12:08:28 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
5/22/2010 12:08:28 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
5/22/2010 12:08:28 PM, error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 12:08:28 PM, error: Service Control Manager [7000]  - The Workstation service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 12:08:28 PM, error: Service Control Manager [7000]  - The Windows Audio service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 12:08:28 PM, error: Service Control Manager [7000]  - The Task Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 12:08:28 PM, error: Service Control Manager [7000]  - The Background Intelligent Transfer Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 11:57:47 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
5/22/2010 11:57:47 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
5/22/2010 11:57:47 AM, error: Service Control Manager [7000]  - The Wireless Zero Configuration service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 11:57:47 AM, error: Service Control Manager [7000]  - The DHCP Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/22/2010 11:30:17 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/22/2010 11:30:17 AM, error: Service Control Manager [7000]  - The Themes service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/21/2010 12:19:27 PM, error: Service Control Manager [7034]  - The avast! Web Scanner service terminated unexpectedly.  It has done this 1 time(s).
5/21/2010 12:15:04 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
5/21/2010 12:15:04 PM, error: Service Control Manager [7000]  - The avast! Web Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/21/2010 10:32:19 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
5/20/2010 7:35:12 PM, error: VolSnap [12]  - The shadow copy of volume C: became low on diff area space before it was properly installed.
5/18/2010 8:02:29 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
5/18/2010 8:02:13 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
5/18/2010 2:28:35 PM, error: Service Control Manager [7024]  - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
5/18/2010 2:27:32 PM, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/18/2010 2:27:32 PM, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.
5/16/2010 7:20:49 PM, error: VolSnap [25]  - The shadow copy of volume C: was aborted because the diff area file could not grow in time.  Consider reducing the IO load on this system to avoid this problem in the future.
5/16/2010 7:20:49 PM, error: VolSnap [24]  - There was insufficient disk space on volume C: to persist the shadow copy of volume C:.  Diff area file growth failed.
5/15/2010 3:30:25 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/15/2010 3:30:07 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 AFD aswSP aswTdi eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The Fax service depends on the Print Spooler service which failed to start because of the following error:  The dependency service or group failed to start.
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/15/2010 3:30:07 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/15/2010 3:29:41 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
5/15/2010 3:29:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
==== End Of File ===========================
 
 
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/23/2010 7:49 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
open hijackthis, klick scan, check the following.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
close all browser windows, fix checked
To set your DNS, you need to find the Internet Protocol window.

For Users on a Dial-up Connection:
    Go to My Computer>Dialup Networking.
    Right-click your internet connection and select Properties.
    A window will open - click the Server Types tab. Click TCP/IP Settings.

For All Other Users:
    Go to Control Panel>Network Connections and select your local network.
    Click Properties, then select Internet Protocol (TCP/IP).
    Click Properties.

You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK

now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen
rebot and post a combofix log.
www.bleepingcomputer.com/combofix/how-to-use-combofix
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/24/2010 6:30 AM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Markus, thank you very much for fast response.

Finally, after several attempts, it seems internet is on.
Don't seem to have redirect problem.

Here is combofix log. It is a second one, as the first one was created before MS Recovery Console was installed.
Please let me know if you need it.

Please let me know if you see anything suspicious.
Do you recommend keeping CCleaner and Malwarebtes on?
Should I get anything else?
Should I keep HijackThis, HJInstall and Combofix?

ComboFix 10-05-22.01 - PIOTR 05/23/2010 14:22:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.172 [GMT -5:00]
Running from: c:\documents and settings\PIOTR\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PIOTR\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1368 [VPS 100522-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\Trend Micro
2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Malwarebytes
2010-05-22 21:44 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 21:44 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 21:29 . 2010-05-22 21:29 -------- d-----w- c:\program files\CCleaner
2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 14:04 . 2010-05-22 14:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-20 23:30 . 2010-05-22 17:04 -------- d-----w- c:\program files\Astroburn Lite
2010-05-20 23:29 . 2010-05-20 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Astroburn Lite
2010-05-20 17:52 . 2010-05-22 17:04 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DAEMON Tools Lite
2010-05-20 17:52 . 2010-05-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-18 19:07 . 2010-05-22 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-15 20:12 . 2010-05-15 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-05 14:35 . 2010-05-05 14:35 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-05 14:34 . 2010-05-05 14:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-05 14:34 . 2010-05-05 14:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-29 16:27 . 2010-05-05 14:35 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-29 16:26 . 2010-05-05 14:31 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-29 16:26 . 2010-04-29 16:20 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-29 16:26 . 2010-04-29 16:26 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-29 16:23 . 2010-04-29 16:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-29 16:23 . 2010-04-29 16:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-29 16:23 . 2010-04-29 16:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-29 16:21 . 2010-04-29 16:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-29 16:21 . 2010-04-29 16:21 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-29 16:20 . 2010-05-05 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-29 16:12 . 2010-05-22 17:04 -------- d-----w- c:\program files\Gabest
2010-04-29 15:40 . 2010-04-29 15:40 -------- d-----w- c:\documents and settings\PIOTR\Local Settings\Application Data\WMTools Downloaded Files
2010-04-29 15:23 . 2010-04-29 15:24 -------- d-----w- c:\program files\TMPGEnc-2.525.64.184-EN-Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 18:09 . 2005-11-14 03:33 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Skype
2010-05-22 23:53 . 2005-04-08 05:27 -------- d-----w- c:\program files\Java
2010-05-22 21:21 . 2009-08-13 21:40 -------- d-----w- c:\program files\BitTorrent
2010-05-22 16:19 . 2010-02-16 22:15 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-22 16:19 . 2009-11-25 16:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\vlc
2010-05-21 21:48 . 2010-02-16 22:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\avidemux
2010-05-17 01:03 . 2010-03-22 00:55 439816 ----a-w- c:\documents and settings\PIOTR\Application Data\Real\Update\setup3.10\setup.exe
2010-05-16 22:21 . 2008-05-07 14:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Any Video Converter
2010-05-12 14:25 . 2006-07-16 16:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\U3
2010-05-05 14:35 . 2006-04-25 05:03 -------- d-----w- c:\program files\DivX
2010-05-04 21:45 . 2009-09-26 16:50 -------- d-----w- c:\documents and settings\PIOTR\Application Data\dvdcss
2010-04-29 17:04 . 2006-10-09 04:02 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DivX
2010-04-20 16:28 . 2010-04-20 16:28 -------- d-----w- c:\program files\Doc Convertor
2010-04-03 17:52 . 2005-04-18 02:55 44568 ----a-w- c:\documents and settings\PIOTR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 01:58 . 2007-06-21 02:06 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2005-04-08 05:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2005-04-08 05:33 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2005-04-08 05:33 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-02 04:12 . 2008-12-03 00:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 04:09 . 2010-03-02 04:08 37648214 ----a-w- c:\program files\EskkItaDemoSetup.exe
2010-02-27 05:30 . 2010-02-27 05:30 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
2010-02-25 06:24 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-15 17:28 . 2009-11-15 17:28 479925 ----a-w- c:\program files\nowegg_www_SoftMania_pl.exe
2007-10-10 05:39 . 2007-10-10 05:39 670720 ----a-w- c:\program files\CoolPDFReader.exe
2006-09-21 01:10 . 2006-09-21 01:10 6258609 -c--a-w- c:\program files\XP Codec Pack 2.0.4.exe
2006-09-21 00:57 . 2006-09-21 00:57 2068266 -c--a-w- c:\program files\iv5setup.exe
2006-09-21 00:55 . 2006-09-21 00:55 643711 -c--a-w- c:\program files\XviD-1.1.0-30122005.exe
2006-06-24 15:42 . 2005-11-14 03:19 10586880 ----a-w- c:\program files\Onet-SkypeSetup.exe
2006-04-30 00:46 . 2006-09-21 13:44 179 ----a-w- c:\program files\Free-Codecs.txt
2006-01-13 01:30 . 2006-01-13 01:30 10432544 -c----w- c:\program files\rp505enu.exe
2005-10-10 00:59 . 2005-10-10 00:58 12754672 ----a-w- c:\program files\MP10Setup.exe
2005-09-24 02:43 . 2005-09-24 02:37 24265736 ----a-w- c:\program files\dotnetfx.exe
2005-09-17 22:27 . 2005-09-17 22:26 558240 -c--a-w- c:\program files\GoogleToolbarInstaller.exe
2005-08-31 02:24 . 2005-08-31 02:24 7545056 -c--a-w- c:\program files\NMP-1.4.0.35.exe
2005-08-31 01:46 . 2005-08-31 01:46 10737061 -c--a-w- c:\program files\NeroMIX-1.4.0.34a.exe
2005-08-30 15:44 . 2005-08-30 15:44 37492192 -c--a-w- c:\program files\NVE-3.1.0.16.exe
2005-08-30 07:41 . 2005-08-30 07:41 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe
2005-08-30 05:46 . 2005-08-30 05:46 22396022 ----a-w- c:\program files\NVE2content.exe
2005-08-09 00:08 . 2005-08-08 14:39 6765354 ----a-w- c:\program files\InCD-4.3.20.1.exe
2005-07-28 02:09 . 2005-07-28 02:08 10844936 -c--a-w- c:\program files\GoogleEarth.exe
2005-06-09 02:12 . 2005-06-09 02:12 1012466 ------w- c:\program files\wrar35b5.exe
2000-11-15 14:21 . 2006-06-09 01:10 178688 ----a-w- c:\program files\hjsplit.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25366056]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 36864]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-01-19 102400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\BenQ\Common\Bin\WinCinemaMgr.exe [2005-4-18 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/26/2009 12:16 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/26/2009 12:16 AM 20560]
S2 gupdate1c9de492995e2fc;Google Update Service (gupdate1c9de492995e2fc);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 4:30 PM 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\SYSTEM32\DRIVERS\DrmCAudio.sys [1/31/2009 6:13 PM 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\SYSTEM32\DRIVERS\DrmCVideo.sys [1/31/2009 6:13 PM 3768]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-23 14:37:16
ComboFix-quarantined-files.txt 2010-05-23 19:37
ComboFix2.txt 2010-05-23 19:12

Pre-Run: 17,698,557,952 bytes free
Post-Run: 17,670,574,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - FA1FE3B5CA9AA42559B9A2B74B829EB9
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/24/2010 12:34 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
i need the first cf log please. i will you tell later what you can do to stay secure.
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/24/2010 5:37 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Great, here is the first cf log:

ComboFix 10-05-22.01 - PIOTR 05/23/2010 13:51:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.132 [GMT -5:00]
Running from: c:\documents and settings\PIOTR\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100522-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\PIOTR\Application Data\.#
c:\documents and settings\PIOTR\Application Data\Desktopicon
c:\documents and settings\PIOTR\Application Data\inst.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\download
c:\windows\system32\Download\ispinfo.csv

Infected copy of c:\windows\system32\drivers\viaide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\Trend Micro
2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Malwarebytes
2010-05-22 21:44 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 21:44 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 21:29 . 2010-05-22 21:29 -------- d-----w- c:\program files\CCleaner
2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 14:04 . 2010-05-22 14:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-20 23:30 . 2010-05-22 17:04 -------- d-----w- c:\program files\Astroburn Lite
2010-05-20 23:29 . 2010-05-20 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Astroburn Lite
2010-05-20 17:52 . 2010-05-22 17:04 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DAEMON Tools Lite
2010-05-20 17:52 . 2010-05-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-18 19:07 . 2010-05-22 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-15 20:12 . 2010-05-15 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-29 16:21 . 2010-04-29 16:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-29 16:20 . 2010-05-05 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-29 16:12 . 2010-05-22 17:04 -------- d-----w- c:\program files\Gabest
2010-04-29 15:40 . 2010-04-29 15:40 -------- d-----w- c:\documents and settings\PIOTR\Local Settings\Application Data\WMTools Downloaded Files
2010-04-29 15:23 . 2010-04-29 15:24 -------- d-----w- c:\program files\TMPGEnc-2.525.64.184-EN-Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 18:09 . 2005-11-14 03:33 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Skype
2010-05-22 23:53 . 2005-04-08 05:27 -------- d-----w- c:\program files\Java
2010-05-22 21:21 . 2009-08-13 21:40 -------- d-----w- c:\program files\BitTorrent
2010-05-22 16:19 . 2010-02-16 22:15 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-22 16:19 . 2009-11-25 16:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\vlc
2010-05-21 21:48 . 2010-02-16 22:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\avidemux
2010-05-17 01:03 . 2010-03-22 00:55 439816 ----a-w- c:\documents and settings\PIOTR\Application Data\Real\Update\setup3.10\setup.exe
2010-05-16 22:21 . 2008-05-07 14:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Any Video Converter
2010-05-12 14:25 . 2006-07-16 16:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\U3
2010-05-05 14:35 . 2010-04-29 16:27 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-05 14:35 . 2010-05-05 14:35 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-05 14:35 . 2006-04-25 05:03 -------- d-----w- c:\program files\DivX
2010-05-05 14:34 . 2010-05-05 14:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-05 14:34 . 2010-05-05 14:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-05 14:33 . 2010-05-05 14:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-05 14:31 . 2010-04-29 16:26 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-04 21:45 . 2009-09-26 16:50 -------- d-----w- c:\documents and settings\PIOTR\Application Data\dvdcss
2010-04-29 17:04 . 2006-10-09 04:02 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DivX
2010-04-29 16:26 . 2010-04-29 16:26 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-29 16:23 . 2010-04-29 16:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-29 16:23 . 2010-04-29 16:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-29 16:23 . 2010-04-29 16:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-29 16:22 . 2010-04-29 16:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-29 16:21 . 2010-04-29 16:21 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-29 16:20 . 2010-04-29 16:26 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-20 16:28 . 2010-04-20 16:28 -------- d-----w- c:\program files\Doc Convertor
2010-04-03 17:52 . 2005-04-18 02:55 44568 ----a-w- c:\documents and settings\PIOTR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 01:58 . 2007-06-21 02:06 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2005-04-08 05:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2005-04-08 05:33 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2005-04-08 05:33 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-02 04:12 . 2008-12-03 00:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 04:09 . 2010-03-02 04:08 37648214 ----a-w- c:\program files\EskkItaDemoSetup.exe
2010-02-27 05:30 . 2010-02-27 05:30 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
2010-02-25 06:24 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-15 17:28 . 2009-11-15 17:28 479925 ----a-w- c:\program files\nowegg_www_SoftMania_pl.exe
2007-10-10 05:39 . 2007-10-10 05:39 670720 ----a-w- c:\program files\CoolPDFReader.exe
2006-09-21 01:10 . 2006-09-21 01:10 6258609 -c--a-w- c:\program files\XP Codec Pack 2.0.4.exe
2006-09-21 00:57 . 2006-09-21 00:57 2068266 -c--a-w- c:\program files\iv5setup.exe
2006-09-21 00:55 . 2006-09-21 00:55 643711 -c--a-w- c:\program files\XviD-1.1.0-30122005.exe
2006-06-24 15:42 . 2005-11-14 03:19 10586880 ----a-w- c:\program files\Onet-SkypeSetup.exe
2006-04-30 00:46 . 2006-09-21 13:44 179 ----a-w- c:\program files\Free-Codecs.txt
2006-01-13 01:30 . 2006-01-13 01:30 10432544 -c----w- c:\program files\rp505enu.exe
2005-10-10 00:59 . 2005-10-10 00:58 12754672 ----a-w- c:\program files\MP10Setup.exe
2005-09-24 02:43 . 2005-09-24 02:37 24265736 ----a-w- c:\program files\dotnetfx.exe
2005-09-17 22:27 . 2005-09-17 22:26 558240 -c--a-w- c:\program files\GoogleToolbarInstaller.exe
2005-08-31 02:24 . 2005-08-31 02:24 7545056 -c--a-w- c:\program files\NMP-1.4.0.35.exe
2005-08-31 01:46 . 2005-08-31 01:46 10737061 -c--a-w- c:\program files\NeroMIX-1.4.0.34a.exe
2005-08-30 15:44 . 2005-08-30 15:44 37492192 -c--a-w- c:\program files\NVE-3.1.0.16.exe
2005-08-30 07:41 . 2005-08-30 07:41 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe
2005-08-30 05:46 . 2005-08-30 05:46 22396022 ----a-w- c:\program files\NVE2content.exe
2005-08-09 00:08 . 2005-08-08 14:39 6765354 ----a-w- c:\program files\InCD-4.3.20.1.exe
2005-07-28 02:09 . 2005-07-28 02:08 10844936 -c--a-w- c:\program files\GoogleEarth.exe
2005-06-09 02:12 . 2005-06-09 02:12 1012466 ------w- c:\program files\wrar35b5.exe
2000-11-15 14:21 . 2006-06-09 01:10 178688 ----a-w- c:\program files\hjsplit.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25366056]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 36864]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-01-19 102400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\BenQ\Common\Bin\WinCinemaMgr.exe [2005-4-18 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/26/2009 12:16 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/26/2009 12:16 AM 20560]
S2 gupdate1c9de492995e2fc;Google Update Service (gupdate1c9de492995e2fc);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 4:30 PM 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\SYSTEM32\DRIVERS\DrmCAudio.sys [1/31/2009 6:13 PM 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\SYSTEM32\DRIVERS\DrmCVideo.sys [1/31/2009 6:13 PM 3768]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-SolveigMM AVI Trimmer 1.3 Beta - c:\program files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 14:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-23 14:12:17
ComboFix-quarantined-files.txt 2010-05-23 19:12

Pre-Run: 17,514,868,736 bytes free
Post-Run: 17,685,913,600 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 2AED1F554D834D823847090A897D8A9C
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/24/2010 5:57 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
upgrade avast to version 5
gmer:

Please download GMER from one of the following locations and save it to your desktop:
gmer.net/download.php
This version will download a randomly named file (Recommended)
gmer.net/gmer.zip
Disconnect from the Internet and close all running programs.
Temporarily turn off all antivirus programs

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 6:00 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Markus,

I did the above.
No warnings after first scan.
I did scan and when I returnet to computer several hours later, it was frozen with no display. I turned it off and on. I got Windows message,
here is the manifest:

Server=watson.microsoft.com
UI LCID=1033
Flags=1696080
Brand=WINDOWS
TitleName=Microsoft Windows
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
ErrorText=A log of this error has been created.
HeaderText=The system has recovered from a serious error.
Stage2URL=
Stage2URL=/dw/bluetwo.asp?BCCode=10000050&BCP1=FB41A047&BCP2=00000000&BCP3=A8E11D3D&BCP4=00000000&OSVer=5_1_2600&SP=3_0&Product=768_1
DataFiles=C:\DOCUME~1\PIOTR\LOCALS~1\Temp\WER3a6d.dir00\Mini052410-01.dmp|C:\DOCUME~1\PIOTR\LOCALS~1\Temp\WER3a6d.dir00\sysdata.xml
ErrorSubPath=blue
DirectoryDelete=C:\DOCUME~1\PIOTR\LOCALS~1\Temp\WER3a6d.dir00

There are 2 files (xml and dmp) also saved. Please let me know if you need them.

I scanned with gmer again. When done, the computer was very slow. Saving log took several minutes. I was unable to restart from start menu,
so turned computer off and on again.

Gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 09:30:12
Windows 5.1.2600 Service Pack 3
Running: 6wtbprl8.exe; Driver: C:\DOCUME~1\PIOTR\LOCALS~1\Temp\awroapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA3DCC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA3DCB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA3DD0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA3DD014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA3DC70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) Z!!!enKey [0xAA3DCC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) Z!!!enProcess [0xAA3DC64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) Z!!!enThread [0xAA3DC6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA3DCD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA3DD1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA3DCCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA3DCE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA3E9AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA3E98EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA3E9A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54AA3DD0
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AA3E9A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP AA3E98EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP AA3E5536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP AA3E6EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AA3E9ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1432] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 016D1102 C:\Program Files\Unlocker\UnlockerHook.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 6:04 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
no, not needed.
looks also ok
i think we can fix it today :-)
We need to create an OTL Report

1. Please download OTL
oldtimer.geekstogo.com/OTL.exe

2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
6. Copy and Paste the following into the textbox.


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
winlogon.exe
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

7. Push "scan"
8. Two reports will open, copy and paste them in a reply here:
• OTListIt.txt <-- Will be opened
• Extra.txt <-- Will be minimized
perhaps you must post in two or more parts.
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 7:10 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Here is OTL.txt:

OTL logfile created on: 5/25/2010 10:44:35 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\PIOTR\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.47 Gb Total Space | 16.12 Gb Free Space | 22.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.88 Gb Total Space | 0.25 Gb Free Space | 13.17% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJQ2M771
Current User Name: PIOTR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/25 10:40:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/06 23:56:18 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/18 21:09:14 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/09/18 21:09:14 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/08/26 11:14:26 | 000,189,056 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
PRC - [2008/05/14 07:17:24 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/29 21:06:50 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/01/19 12:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/19 12:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 12:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
PRC - [2006/01/19 12:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2004/09/21 22:30:14 | 000,184,320 | ---- | M] (InterVideo Inc.) -- C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
PRC - [2002/04/24 20:37:43 | 001,544,192 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/05/25 10:40:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe
MOD - [2009/10/06 23:57:02 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/23 22:00:15 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr71.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2007/03/21 21:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSVCP71.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/18 21:09:14 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008/05/14 07:17:24 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2008/11/11 15:58:58 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DrmCVideo.sys -- (DrmCVideo)
DRV - [2008/11/11 15:58:54 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DrmCAudio.sys -- (DrmCAudio)
DRV - [2008/09/20 16:58:47 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2004/09/22 18:41:00 | 000,020,608 | ---- | M] (Empia Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2004/09/22 10:42:00 | 000,079,563 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/09/21 15:52:00 | 000,110,653 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/09/21 15:52:00 | 000,004,857 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2003/06/17 03:39:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-80-0-14Ndt"


[2009/12/05 16:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Mozilla\Firefox\Profiles\hk8q98s7.default\extensions
[2006/11/27 22:26:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\PIOTR\Application Data\Mozilla\Firefox\Profiles\hk8q98s7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/12/15 00:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/21 08:53:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2010/05/23 14:05:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PIOTR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PIOTR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell - "" = AutoRun
O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/04/08 00:03:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 10:40:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe
[2010/05/24 10:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/23 22:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Desktop\security
[2010/05/23 22:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/23 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/23 22:25:16 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/23 22:25:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/23 22:25:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/23 22:25:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/23 22:25:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/23 20:00:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/23 14:18:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/23 12:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/23 12:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/23 12:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/23 12:15:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/23 12:14:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/23 12:11:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/22 19:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/22 16:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Application Data\Malwarebytes
[2010/05/22 16:44:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 16:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/22 16:44:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/22 16:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/22 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/22 02:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/20 18:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Astroburn Lite
[2010/05/20 18:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2010/05/20 12:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Application Data\DAEMON Tools Lite
[2010/05/20 12:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/18 14:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/17 19:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/15 15:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/29 11:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/04/29 11:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/29 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/04/29 10:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/29 10:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\TMPGEnc-2.525.64.184-EN-Free
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[57 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\PIOTR\My Documents\*.tmp files -> C:\Documents and Settings\PIOTR\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/25 10:40:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe
[2010/05/25 10:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/25 09:42:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/05/25 09:41:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/25 09:41:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/25 09:41:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/05/25 09:41:25 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 10:31:38 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\PIOTR\ntuser.dat
[2010/05/24 10:31:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\PIOTR\NTUSER.INI
[2010/05/24 10:25:47 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/24 10:25:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/23 22:24:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/23 22:24:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/23 22:24:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/23 22:24:56 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/23 22:24:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/23 14:32:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/23 14:18:33 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/05/23 14:05:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/20 17:39:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/18 14:23:37 | 000,000,390 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/05/17 13:32:04 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\PIOTR\My Documents\PG cover letter.doc
[2010/05/14 06:45:51 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\PIOTR\My Documents\10 min pilates sclupting.doc
[2010/05/13 18:37:09 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/13 18:36:47 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/05/13 17:00:08 | 000,183,296 | ---- | M] () -- C:\Documents and Settings\PIOTR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 10:50:59 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\PIOTR\My Documents\Piotr Ganatowski resume.doc
[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 09:34:59 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\PIOTR\Desktop\DivX Movies.lnk
[2010/05/05 09:34:09 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/05 09:33:22 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 10:24:35 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\PIOTR\Desktop\Shortcut to TMPGEnc.lnk
[2010/04/27 16:55:47 | 000,000,164 | ---- | M] () -- C:\WINDOWS\asfbinapp.INI
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[57 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\PIOTR\My Documents\*.tmp files -> C:\Documents and Settings\PIOTR\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 10:25:47 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/23 14:18:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/23 14:18:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/23 12:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 12:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/23 12:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/23 12:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/23 12:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/18 14:23:37 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/05/17 13:04:56 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\PIOTR\My Documents\PG cover letter.doc
[2010/05/16 20:23:53 | 015,204,352 | ---- | C] () -- C:\Documents and Settings\PIOTR\ntuser.dat
[2010/05/15 15:33:33 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/12 13:03:53 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\PIOTR\My Documents\Piotr Ganatowski resume.doc
[2010/05/05 09:34:59 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\PIOTR\Desktop\DivX Movies.lnk
[2010/04/29 11:24:47 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/04/29 11:23:01 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/04/29 10:24:35 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\PIOTR\Desktop\Shortcut to TMPGEnc.lnk
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/11/02 21:01:36 | 000,001,037 | ---- | C] () -- C:\WINDOWS\wsftppro.INI
[2007/11/02 20:56:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2007/10/08 22:34:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/10/08 22:28:32 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/10/08 22:28:31 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/08/09 12:51:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/12/14 23:59:55 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/07 20:27:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\asfbinapp.INI
[2006/11/26 19:24:09 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2006/11/26 19:24:09 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2006/09/20 20:12:35 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/09/20 20:12:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/09/30 23:06:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/08/31 12:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/08/29 23:39:04 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/12 21:27:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/05/01 22:39:05 | 000,000,085 | ---- | C] () -- C:\WINDOWS\D2HNAV16.INI
[2005/05/01 22:28:28 | 000,000,592 | ---- | C] () -- C:\WINDOWS\PCAWin.ini
[2005/04/30 17:58:57 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/30 17:45:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/04/30 17:41:14 | 000,003,099 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/04/30 17:35:57 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2005/04/30 17:23:09 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/04/23 16:41:56 | 000,007,964 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/18 19:37:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/18 19:37:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/18 19:37:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/18 19:37:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/18 19:37:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/18 19:37:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/08 00:38:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/08 00:07:10 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/12 00:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/05/24 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/20 18:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2005/04/18 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BenQ
[2009/10/08 23:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/05/20 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/22 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/02 22:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/02/12 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox
[2007/05/03 21:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/24 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/11 21:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/16 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Any Video Converter
[2010/05/21 16:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\avidemux
[2005/11/22 23:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\COWON
[2010/05/22 12:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\DAEMON Tools Lite
[2010/03/16 00:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\foobar2000
[2009/10/08 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Genie-Soft
[2005/04/18 19:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\InterVideo
[2009/12/10 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Leadertech
[2005/08/25 23:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Musicmatch
[2007/10/08 22:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\pdf995
[2009/09/28 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\RayV
[2009/08/19 00:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Smilebox
[2009/08/19 00:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Vso
[2006/12/24 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Zylom

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/10/23 11:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/09/28 09:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010/05/24 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/02/13 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/01/11 21:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/20 18:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2005/04/18 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BenQ
[2009/10/08 23:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/05/20 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/05 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/02/16 12:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/02/12 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/08/19 00:33:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2010/05/22 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2005/04/08 00:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/04/08 00:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/01/26 13:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/05/22 16:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/31 11:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2005/04/20 21:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/04/08 19:22:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/08/24 10:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/12/02 22:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2005/04/30 17:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/03/08 02:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2005/04/08 00:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/03/03 10:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/02/12 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox
[2010/05/23 22:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2006/01/30 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/05/26 00:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/05/03 21:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/06 06:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2006/04/26 18:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/12/24 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/01/11 21:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/04/29 11:21:54 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
[2010/05/05 09:33:19 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010/05/05 09:33:22 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
[2010/05/05 09:33:25 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
[2010/04/29 11:23:09 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
[2010/05/05 09:35:00 | 000,056,766 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010/04/29 11:23:09 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
[2010/05/05 09:33:32 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
[2010/05/05 09:33:34 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
[2010/04/29 11:23:22 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
[2010/04/29 11:22:35 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
[2010/04/29 11:22:32 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010/05/05 09:34:32 | 000,057,679 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe
[2010/04/29 11:22:14 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010/04/29 11:20:39 | 001,180,952 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010/04/29 11:22:57 | 000,054,629 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
[2010/05/05 09:33:48 | 000,084,040 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
[2010/05/05 09:34:51 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010/04/29 11:26:48 | 000,056,978 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
[2009/08/18 19:25:42 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

< %APPDATA%\*. >
[2009/08/19 00:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Adobe
[2007/02/22 00:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\AdobeUM
[2005/11/16 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Ahead
[2010/05/16 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Any Video Converter
[2010/01/11 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Apple Computer
[2005/08/07 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\ArcSoft
[2010/05/21 16:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\avidemux
[2005/05/23 22:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Corel
[2005/11/22 23:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\COWON
[2005/04/18 23:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\CyberLink
[2010/05/22 12:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\DAEMON Tools Lite
[2010/04/29 12:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\DivX
[2010/05/04 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\dvdcss
[2010/03/16 00:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\foobar2000
[2009/10/08 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Genie-Soft
[2006/08/03 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Google
[2009/08/19 00:33:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PIOTR\Application Data\Gtek
[2005/05/01 22:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Help
[2006/12/24 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Identities
[2005/04/18 19:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\InterVideo
[2007/11/02 20:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Ipswitch
[2005/10/08 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Jasc Software Inc
[2009/12/10 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Leadertech
[2009/06/10 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Macromedia
[2010/05/22 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Malwarebytes
[2005/04/11 23:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\McAfee.com Personal Firewall
[2008/03/07 21:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Media Player Classic
[2009/08/19 00:32:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\PIOTR\Application Data\Microsoft
[2010/02/09 22:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Move Networks
[2006/10/06 17:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Mozilla
[2005/08/25 23:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Musicmatch
[2007/10/08 22:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\pdf995
[2009/09/28 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\RayV
[2009/10/06 23:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Real
[2010/05/25 10:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Skype
[2009/08/19 00:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Smilebox
[2005/04/08 00:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Sun
[2008/05/22 20:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Symantec
[2008/09/06 06:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\TVU Networks
[2010/05/12 09:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\U3
[2010/05/22 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\vlc
[2009/08/19 00:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Vso
[2009/01/24 13:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\WinRAR
[2006/12/24 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Zylom

< %APPDATA%\*.exe /s >
[2007/04/13 23:32:52 | 001,214,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\PIOTR\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009/11/15 21:21:24 | 001,794,456 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
[2009/11/15 21:21:34 | 000,143,976 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Move Networks\uninstall.exe
[2009/10/14 19:50:30 | 000,097,216 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010/05/23 22:20:44 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Real\Update\setup3.10\setup.exe
[2008/04/20 14:17:47 | 000,353,840 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Real\Update\temp\~Upg0\setup.exe
[2009/07/31 14:10:24 | 001,573,512 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxClient.exe
[2009/07/31 14:17:20 | 000,205,448 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxDvd.exe
[2009/07/31 14:17:20 | 000,373,384 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxStarter.exe
[2009/07/31 14:17:20 | 000,266,888 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxTray.exe
[2009/07/31 13:41:04 | 000,123,528 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxUpdater.exe
[2008/09/14 19:24:43 | 000,057,907 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\uninstall.exe
[2008/10/16 08:17:42 | 000,193,160 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\VideoWizard.exe
[2009/07/30 11:56:13 | 005,589,408 | ---- | M] (TVU networks) -- C:\Documents and Settings\PIOTR\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
[2005/06/06 10:29:14 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >
[2005/04/21 22:37:31 | 000,192,512 | ---- | M] (TODO: <Company name>) -- C:\register.exe
[2005/04/20 00:22:09 | 001,144,133 | ---- | M] () -- C:\SetupAnyDVD5101.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/12 09:06:16 | 018,738,937 | ---- | M] () .cab file -- C:\DELL\MEDIAEXE\MEDIA\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 09:06:16 | 018,738,937 | ---- | M] () .cab file -- C:\DELL\MEDIAEXE\MEDIA\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 09:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\DELL\MEDIAEXE\MEDIA\I386\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\I386\USERINIT.EXE
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[57 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
< End of report >


Extras.txt:

OTL Extras logfile created on: 5/25/2010 10:44:35 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\PIOTR\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.47 Gb Total Space | 16.12 Gb Free Space | 22.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.88 Gb Total Space | 0.25 Gb Free Space | 13.17% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJQ2M771
Current User Name: PIOTR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher -- (Support.com, Inc.)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV)
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0B168FED-B9EC-4DA8-AC17-9A41F284640B}" = BenQ QVideo
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.04
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.5.9
"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
"avast5" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Copy Utility" = Copy Utility
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Setup.divx.com" = DivX Setup
"Doc Convertor (Beta)_is1" = Doc Convertor 1.0 (Beta)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EskkInternetPlus_is1" = Pakiet Multimedialny ESKK W³oski Demo 3.0
"foobar2000" = foobar2000 v0.9.6.3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 2.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mkwACT" = mkw Audio Compression Toolkit
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"OmniFormat" = OmniFormat
"Pdf995" = Pdf995
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RayV" = RayV
"RealPlayer 12.0" = RealPlayer
"Skype_is1" = Onet.pl - Skype 3.1
"SopCast" = SopCast 3.0.3
"Support.com" = ComcastSUPPORT
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.7.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/1/2009 12:58:04 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 9/1/2009 12:59:00 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 9/1/2009 12:59:01 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 9/1/2009 12:59:02 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 9/1/2009 12:59:06 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 9/1/2009 12:59:06 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 9/1/2009 12:59:06 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 10/7/2009 8:21:47 PM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 2/2/2010 9:24:09 PM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

Error - 2/2/2010 9:39:12 PM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/23/2010 12:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 1:15:06 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 3:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 4:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 5:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 6:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 7:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 8:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 9:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

Error - 5/23/2010 10:15:14 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/23/2010 11:35:27 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/23/2010 11:35:27 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/23/2010 11:50:04 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/23/2010 11:50:04 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/23/2010 11:50:22 PM | Computer Name = DJQ2M771 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 00132015CF8A has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 5/24/2010 9:02:50 PM | Computer Name = DJQ2M771 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 fb41a047, parameter2 00000000, parameter3
a8e11d3d, parameter4 00000000.


< End of report >
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 7:28 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
i see you have norton instaled. you can remove it if you want. use the removal tool:
service1.symantec.com/support/tsgeninfo.nsf/docid/2005033108162039

otl script
• Please double-click OTL.exe to run it. (Note: If you are running on Vista, or win 7, right-click on the file and choose Run As Administrator).
• Copy all the lines
below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose
Copy):

:otl
IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\URLSearchHook: - Reg Error: Key error. File not found
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
(Windows Genuine Advantage Validation Tool)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl
Class)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell - "" = AutoRun
O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun - "" = AutoPlay
O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
:commants
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
• Close any browser(s) windows that may be open.
• Using your mouse, click on the red-lettered button Run Fix.
• Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
• The log will open in Notepad (your default text editor).
• Save the log. Post it in your next reply

Post Edited (markusg) : 25-05-2010 16:30:02 GMT

Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 8:26 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Here is OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-443216631-3613593573-2154630143-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {38AB0814-B09B-4378-9940-14A19638C3C2}
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{38AB0814-B09B-4378-9940-14A19638C3C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38AB0814-B09B-4378-9940-14A19638C3C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{38AB0814-B09B-4378-9940-14A19638C3C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38AB0814-B09B-4378-9940-14A19638C3C2}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ not found.
Starting removal of ActiveX control {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ not found.
Starting removal of ActiveX control {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
Starting removal of ActiveX control {C5E28B9D-0A68-4B50-94E9-E8F6B4697516}
C:\WINDOWS\Downloaded Program Files\nsvplayx_vp6_mp3.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {E87F6C8E-16C0-11D3-BEF7-009027438003}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E87F6C8E-16C0-11D3-BEF7-009027438003}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ not found.
Starting removal of ActiveX control {F127B9BA-89EA-4B04-9C67-2074A9DF61FD}
C:\WINDOWS\Downloaded Program Files\PCAXSetup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ not found.
Starting removal of ActiveX control {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}
C:\WINDOWS\Downloaded Program Files\ampx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found.
File F:\LaunchU3.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F deleted successfully.
Error: Unable to interpret <:commants> in the current context!
Error: Unable to interpret <[purity]> in the current context!
Error: Unable to interpret <[EMPTYFLASH] > in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.5.0 log created on 05252010_115407

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 8:29 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
new otl script
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]
post the log
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 8:49 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
ok, here it is:

All processes killed
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 5338 bytes

User: NetworkService
->Flash cache emptied: 13824 bytes

User: PIOTR
->Flash cache emptied: 1224000 bytes

Total Flash Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 426118 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: PIOTR
->Temp folder emptied: 25616790 bytes
->Temporary Internet Files folder emptied: 14353125 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1574447 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 48163089 bytes
%systemroot%\System32\dllcache .tmp files removed: 114688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3039568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 854064 bytes

Total Files Cleaned = 90.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05252010_124207

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9e0.dat not found!

Registry entries deleted on Reboot...
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 9:02 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Prevx safe online.
I use this tool, this protect you against data stealing techniques.
for example, you have an unknown malware and this will send your password to an backdoor server, it can protect you.
this tool is cloud based and net an internet conection to work korekt.
an test for better understanding:
info.prevx.com/download.asp?GRAB=IMMUNITY
please install the program:
pxnow.prevx.com/zeroL/PREVXFACEBOOK.EXE
it will start an "learn scan" let it run.
open your web browser. you will see the prevx safe online symbol.
klick it, select configure and set all to maximum.
screenshot:
www.pic-upload.de/view-5696014/prevx.jpg.html

select "safe"
have a look if all is working korekt, if not, tell me.
The program can also detect malware, but it can not remove it in this version. Please klick the symbol in the tray, select heuristik, set all to maximum.
klick now the "scan" buton.

now right klick the prevx symbol in the tray, select tool and safe log.
www.file-upload.net
klick "durchsuchen" search the log.
after this klick "datei hochladen"
post the download link
when you are installing much programms, you must set the age /popularity heuristik from maximum to high.
if you have problems to use prevx in the future, wilders have the prevx suport forum and you can open a thread.
www.wilderssecurity.com/
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 9:38 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Prevx works fine.
Here is the download link:

http://www.file-upload.net/download-2545445/prevxscan.log.html
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 9:41 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
is the pc also running fine now or any problems
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 9:46 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Since the OTL restarts it seems to be working fine, I would say faster than before :)
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 9:49 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
sounds nice.
you can prevx use on all your pcs when you have more.
ewe have do do something.
1. start run
combofix /uninstall
enter.
2. change all your passwords, yours are stolen.
3. you have security  holes.
go to
windowsupdate.microsoft.com
install all important updates.
4.
download
PSI (personal secunia software inspector)
secunia.com/vulnerability_scanning/personal/
this tool shows you all updates for your software, this is important!!
5.
Download:
oldtimer.geekstogo.com/OTM.exe
klick cleanit, this tool removes all used tools and itself.
6.
de- and reactivate system restore:
windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off
7.
For safer surfing try sandboxie:
www.sandboxie.com/index.php?GettingStarted
8.
use atf cleaner:
majorgeeks.com/ATF_Cleaner_d4949.html
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
also sandboxie and secunia is good for all pcs :-)
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 9:51 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
something...
i think you must open crome and ff, think you are using this and configure the http protection for this browsers (i mean prevx safe online)
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 10:38 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
I am trying to update programs recommended by Secunia, however during setup there is an error reading from file C\...\Documents and settings\Temporary internet files...
verify that the file exists and you can access it.
I don't see "Temporary internet files" folder at all (I marked "show hidden files" from tools menu in the browser)
Shoul I just create it or is it a different issue?
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 10:40 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
use at first atf cleaner and try again secunia later
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/25/2010 10:40 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
use at first atf cleaner and try again secunia later
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 11:19 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Ok, I did that. At first, the same message appeared (error reading...), now Windows Data execution prevention shuts down downloads.
Back to Top
 

piotrg66
New Member


Date Joined May 2010
Total Posts : 21
 
   Posted 5/25/2010 11:42 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
Also, one of the secunia threats was google chrome. I did not do anything, but it was removed from the list, and then google gears patched.
Was it done automatically?
Back to Top
 

markusg
Senior Member


Date Joined Feb 2010
Total Posts : 605
 
   Posted 5/26/2010 1:24 PM (GMT +3)    Quote: Virus removal helpAlert an admin about: Virus removal help
yes i think so. is secunia done now or any problems, if yes say me the program and we will update it manual
Back to Top
 
New Topic Post reply to : Virus removal help Printable version of : Virus removal help
42 posts in this thread.
Viewing Page :
 1  2 
 
Forum Information
Currently it is Wednesday, September 03, 2014 5:10 AM (GMT +3)
There are a total of 60,587 posts in 13,315 threads.
In the last 3 days there were 3 new threads and 4 reply posts. View Active Threads
Who's Online
This forum has 36306 registered members. Please welcome our newest member, bcbjork.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Slow Performance Since Installing Bullguard (0)9/2/2014 8:24:31 PM (bcbjork)
BullGuard2014 Quarantine BUG (0)9/2/2014 5:40:39 PM (ztlol1314)
Bullguard Backup: 3 GB of files are "missing" but freespace calcuation seems to think they (3)8/31/2014 11:20:08 PM (Robert Mateescu)
Blocking of sites (5)8/31/2014 6:53:45 PM (Robert Mateescu)