Virus removal help

Posted 5/23/2010 4:41 PM
#86105
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Hello, I was wondering if you could help me out with the problems I am having. <br/> <br/> <br/>About a week ago links from google search started to get redirected. <br/> <br/>I did system restore (did not help). I installed Hitman 3.5 and after running it problem seemed to dissapear for a day. The next day, problem returned. <br/> <br/> <br/> <br/>Yesterday, I noticed that my Windows XP has Windows Classic look. There is no way of changing it back in Control Panel-> Display (no other options except Classic). <br/> <br/>I did system restore again and after that I am unable to access internet. I have "Limited or No Connectivity" message". My ip address is gone (zeros). Modem is fine, checked it with other computer (the one I am using now). I also noticed that Hitmas was uninstalled. <br/> <br/> <br/> <br/>I did everything required in your "Before posting a log" post. <br/> <br/>AVS found and removed "java:agent-f" trojan, after mbam restart XP look came back. ISP was assigned numbers, but no connection. Removed old Java versions, can't install new one (no internet). After restart Classic look is back again. <br/> <br/> <br/> <br/>Sorry for long description, I wanted to provide the details. <br/> <br/> <br/> <br/>HJT log: <br/> <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 7:14:20 PM, on 5/22/2010 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\WINDOWS\System32\vssvc.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe <br/>C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe <br/>C:\Program Files\support.com\bin\tgcmd.exe <br/>C:\WINDOWS\system32\hkcmd.exe <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\Program Files\Unlocker\UnlockerAssistant.exe <br/>C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe <br/>C:\Program Files\DivX\DivX Update\DivXUpdate.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe <br/>C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe <br/>C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe <br/>C:\Program Files\Skype\Plugin Manager\skypePM.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 <br/>R3 - URLSearchHook: (no name) - - (no file) <br/>R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll <br/>O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll <br/>O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll <br/>O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll <br/>O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll <br/>O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll <br/>O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll <br/>O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" <br/>O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" <br/>O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe <br/>O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe <br/>O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe" <br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe <br/>O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server <br/>O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe <br/>O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <br/>O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized <br/>O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe <br/>O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" <br/>O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe <br/>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) <br/>O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) <br/>O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab <br/>O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab <br/>O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx <br/>O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab <br/>O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx <br/>O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? <br/>O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab <br/>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL <br/>O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe <br/>O23 - Service: Google Update Service (gupdate1c9de492995e2fc) (gupdate1c9de492995e2fc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE <br/>O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe <br/>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/> <br/>-- <br/>End of file - 10794 bytes <br/> <br/> <br/> <br/> <br/>mbam log: <br/> <br/> <br/> <br/>Malwarebytes' Anti-Malware 1.46 <br/>www.malwarebytes.org <br/> <br/>Database version: 4052 <br/> <br/>Windows 5.1.2600 Service Pack 3 <br/>Internet Explorer 8.0.6001.18702 <br/> <br/>5/22/2010 6:24:17 PM <br/>mbam-log-2010-05-22 (18-24-17).txt <br/> <br/>Scan type: Full scan (C:\|) <br/>Objects scanned: 228877 <br/>Time elapsed: 1 hour(s), 23 minute(s), 50 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 18 <br/>Registry Values Infected: 3 <br/>Registry Data Items Infected: 2 <br/>Folders Infected: 3 <br/>Files Infected: 5 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adwarealert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. <br/> <br/>Folders Infected: <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/> <br/>Files Infected: <br/>C:\Documents and Settings\PIOTR\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Log\2008 May 14 - 06_04_27 AM_953.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Log\2008 May 14 - 06_15_04 AM_015.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\PIOTR\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. <br/> <br/> <br/> <br/> <br/>DDS log: <br/> <br/> <br/> <br/> <br/>DDS (Ver_10-03-17.01) - NTFSx86 <br/>Run by PIOTR at 18:36:42.04 on Sat 05/22/2010 <br/>Internet Explorer: 8.0.6001.18702 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.162 [GMT -5:00] <br/> <br/>AV: avast! antivirus 4.8.1368 [VPS 100522-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\System32\svchost.exe -k netsvcs <br/>C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup <br/>svchost.exe <br/>svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>svchost.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\svchost.exe -k imgsvc <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\WINDOWS\System32\vssvc.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe <br/>C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\Program Files\Unlocker\UnlockerAssistant.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\Program Files\DivX\DivX Update\DivXUpdate.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\Skype\Phone\Skype.exe <br/>C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe <br/>C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe <br/>C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe <br/>C:\Program Files\Skype\Plugin Manager\skypePM.exe <br/>C:\Documents and Settings\PIOTR\Desktop\dds.scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uSearch Page = hxxp://www.google.com <br/>uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mWindow Title = Microsoft Internet Explorer presented by Comcast <br/>uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>mSearchAssistant = hxxp://www.google.com/ie <br/>uURLSearchHooks: H - No File <br/>uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll <br/>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll <br/>BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll <br/>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll <br/>BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll <br/>BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll <br/>TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File <br/>TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll <br/>TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll <br/>TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File <br/>TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File <br/>uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background <br/>uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe" <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" <br/>uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized <br/>uRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe <br/>uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" <br/>mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" <br/>mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" <br/>mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe <br/>mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe <br/>mRun: [mm_server] "c:\program files\musicmatch\musicmatch jukebox\mm_server.exe" <br/>mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe <br/>mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server <br/>mRun: [igfxtray] c:\windows\system32\igfxtray.exe <br/>mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe <br/>mRun: [igfxpers] c:\windows\system32\igfxpers.exe <br/>mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" <br/>mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" <br/>mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe <br/>mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot <br/>mRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe <br/>mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe <br/>mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime <br/>mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" <br/>mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\benq\common\bin\WinCinemaMgr.exe <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE <br/>IE: &Search <br/>IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 <br/>IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ <br/>IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ <br/>IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>Trusted Zone: musicmatch.com\online <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab <br/>DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab <br/>DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab <br/>DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx <br/>DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab <br/>DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab <br/>DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab <br/>DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab <br/>DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab <br/>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab <br/>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx <br/>DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? <br/>DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab <br/>Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll <br/>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL <br/>Notify: igfxcui - igfxdev.dll <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-26 114768] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-26 20560] <br/>R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-26 138680] <br/>R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-5-25 1245064] <br/>S2 gupdate1c9de492995e2fc;Google Update Service (gupdate1c9de492995e2fc);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104] <br/>S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-26 254040] <br/>S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-26 352920] <br/>S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2009-1-31 23096] <br/>S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [2009-1-31 3768] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2010-05-22 21:44:41 0 d-----w- c:\docume~1\piotr\applic~1\Malwarebytes <br/>2010-05-22 21:44:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-05-22 21:44:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes <br/>2010-05-22 21:44:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-05-22 21:44:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-05-22 21:29:03 0 d-----w- c:\program files\CCleaner <br/>2010-05-22 17:05:43 0 d-----w- c:\windows\system32\wbem\Repository <br/>2010-05-20 23:30:39 0 d-----w- c:\program files\Astroburn Lite <br/>2010-05-20 23:29:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Astroburn Lite <br/>2010-05-20 17:52:40 0 d-----w- c:\docume~1\piotr\applic~1\DAEMON Tools Lite <br/>2010-05-20 17:52:34 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite <br/>2010-05-18 19:23:37 390 ----a-w- c:\windows\system32\.crusader <br/>2010-05-18 19:07:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro <br/>2010-05-10 03:33:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4 <br/>2010-05-10 03:33:39 0 d-----w- c:\program files\Search Toolbar <br/>2010-04-29 16:21:57 0 d-----w- c:\program files\common files\DivX Shared <br/>2010-04-29 16:20:40 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX <br/>2010-04-29 15:23:24 0 d-----w- c:\program files\TMPGEnc-2.525.64.184-EN-Free <br/>2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl <br/> <br/>==================== Find3M ==================== <br/> <br/>2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys <br/>2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll <br/>2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe <br/>2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe <br/>2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll <br/>2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll <br/>2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll <br/>2010-03-02 04:12:08 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2010-03-02 04:09:03 37648214 ----a-w- c:\program files\EskkItaDemoSetup.exe <br/>2010-02-27 05:30:26 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe <br/>2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll <br/>2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys <br/>2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe <br/>2009-11-15 17:28:14 479925 ----a-w- c:\program files\nowegg_www_SoftMania_pl.exe <br/>2007-10-10 05:39:22 670720 ----a-w- c:\program files\CoolPDFReader.exe <br/>2006-09-21 01:10:21 6258609 -c--a-w- c:\program files\XP Codec Pack 2.0.4.exe <br/>2006-09-21 00:57:08 2068266 -c--a-w- c:\program files\iv5setup.exe <br/>2006-09-21 00:55:49 643711 -c--a-w- c:\program files\XviD-1.1.0-30122005.exe <br/>2006-06-24 15:42:16 10586880 ----a-w- c:\program files\Onet-SkypeSetup.exe <br/>2006-04-30 00:46:30 179 ----a-w- c:\program files\Free-Codecs.txt <br/>2006-01-13 01:30:52 10432544 -c----w- c:\program files\rp505enu.exe <br/>2005-10-10 00:59:05 12754672 ----a-w- c:\program files\MP10Setup.exe <br/>2005-09-24 02:43:17 24265736 ----a-w- c:\program files\dotnetfx.exe <br/>2005-09-17 22:27:05 558240 -c--a-w- c:\program files\GoogleToolbarInstaller.exe <br/>2005-08-31 02:24:15 7545056 -c--a-w- c:\program files\NMP-1.4.0.35.exe <br/>2005-08-31 01:46:57 10737061 -c--a-w- c:\program files\NeroMIX-1.4.0.34a.exe <br/>2005-08-30 15:44:29 37492192 -c--a-w- c:\program files\NVE-3.1.0.16.exe <br/>2005-08-30 07:41:36 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe <br/>2005-08-30 05:46:28 22396022 ----a-w- c:\program files\NVE2content.exe <br/>2005-08-09 00:08:01 6765354 ----a-w- c:\program files\InCD-4.3.20.1.exe <br/>2005-07-28 02:09:29 10844936 -c--a-w- c:\program files\GoogleEarth.exe <br/>2005-06-09 02:12:31 1012466 ------w- c:\program files\wrar35b5.exe <br/>2000-11-15 14:21:16 178688 ----a-w- c:\program files\hjsplit.exe <br/>2008-09-12 14:26:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat <br/> <br/>============= FINISH: 18:38:26.09 =============== <br/> <br/> <br/>DDS attach log: <br/> <br/> <br/> <br/>DDS (Ver_10-03-17.01) <br/> <br/>Microsoft Windows XP Home Edition <br/>Boot Device: \Device\HarddiskVolume2 <br/>Install Date: 4/11/2005 11:18:45 PM <br/>System Uptime: 5/22/2010 6:27:52 PM (0 hours ago) <br/> <br/>Motherboard: Dell Inc. | | 0M3918 <br/>Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>A: is Removable <br/>C: is FIXED (NTFS) - 71 GiB total, 16.17 GiB free. <br/>D: is CDROM () <br/>E: is CDROM () <br/>F: is Removable <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>==== System Restore Points =================== <br/> <br/>RP635: 5/16/2010 8:24:04 PM - System Checkpoint <br/>RP636: 5/18/2010 1:33:23 AM - System Checkpoint <br/>RP637: 5/19/2010 2:31:16 AM - System Checkpoint <br/>RP638: 5/20/2010 2:39:41 AM - System Checkpoint <br/>RP639: 5/20/2010 12:54:08 PM - SPTD setup V1.62 <br/>RP640: 5/21/2010 10:32:18 AM - Removed Bonjour <br/>RP641: 5/22/2010 11:47:58 AM - Restore Operation <br/>RP642: 5/22/2010 12:03:21 PM - Restore Operation <br/>RP643: 5/22/2010 4:24:42 PM - Removed Bonjour <br/> <br/>==== Installed Programs ====================== <br/> <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Reader 8.1.3 <br/>Adobe Shockwave Player 11.5 <br/>AiO_Scan <br/>Any Video Converter 2.5.9 <br/>Apple Application Support <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>ArcSoft Camera Suite 1.3 <br/>ArcSoft PhotoImpression 3.0 <br/>avast! Antivirus <br/>Avidemux 2.5 <br/>Banctec Service Agreement <br/>BenQ QVideo <br/>Camera Support Core Library <br/>Camera Window DS <br/>Camera Window DVC <br/>Camera Window MC <br/>Canon Camera Support Core Library <br/>Canon Camera Window DS for ZoomBrowser EX <br/>Canon Camera Window DVC for ZoomBrowser EX <br/>Canon Camera Window for ZoomBrowser EX <br/>Canon MovieEdit Task for ZoomBrowser EX <br/>Canon PhotoRecord <br/>Canon RAW Image Task for ZoomBrowser EX <br/>Canon RemoteCapture Task for ZoomBrowser EX <br/>Canon Utilities PhotoStitch 3.1 <br/>Canon ZoomBrowser EX <br/>Carbonite <br/>CCleaner <br/>Combined Community Codec Pack 2008-09-21 16:18 <br/>ComcastSUPPORT <br/>Compatibility Pack for the 2007 Office system <br/>ConsumerUpdate <br/>Copy Utility <br/>Critical Update for Windows Media Player 11 (KB959772) <br/>Dell Digital Jukebox Driver <br/>Dell Driver Reset Tool <br/>Dell Picture Studio v3.0 <br/>Dell System Restore <br/>DivX Setup <br/>Doc Convertor 1.0 (Beta) <br/>DVD Decrypter (Remove Only) <br/>DVD Shrink 3.2 <br/>foobar2000 v0.9.6.3 <br/>FreeRIP v3.04 <br/>Genie Backup Assistant <br/>Google Chrome <br/>Google Toolbar for Firefox <br/>Google Toolbar for Internet Explorer <br/>Google Update Helper <br/>Hotfix for Windows Internet Explorer 7 (KB947864) <br/>Hotfix for Windows Media Format 11 SDK (KB929399) <br/>Hotfix for Windows Media Player 11 (KB939683) <br/>Hotfix for Windows XP (KB952287) <br/>Hotfix for Windows XP (KB970653-v3) <br/>Hotfix for Windows XP (KB976098-v2) <br/>Hotfix for Windows XP (KB979306) <br/>HP Image Zone 4.2 <br/>HP PSC & OfficeJet 4.2 <br/>Intel(R) Graphics Media Accelerator Driver <br/>Intel(R) PRO Network Adapters and Drivers <br/>Intel(R) PROSet for Wired Connections <br/>Internet Explorer Default Page <br/>Ipswitch WS_FTP Pro <br/>IsoBuster 2.7 <br/>J2SE Runtime Environment 5.0 Update 11 <br/>J2SE Runtime Environment 5.0 Update 6 <br/>J2SE Runtime Environment 5.0 Update 9 <br/>Jasc Paint Shop Photo Album 5 <br/>Jasc Paint Shop Pro Studio, Dell Editon <br/>Java 2 Runtime Environment, SE v1.4.2_03 <br/>Java(TM) 6 Update 16 <br/>Java(TM) 6 Update 2 <br/>Java(TM) 6 Update 3 <br/>Java(TM) 6 Update 5 <br/>Java(TM) 6 Update 7 <br/>Java(TM) SE Runtime Environment 6 Update 1 <br/>jetAudio Basic <br/>Macromedia Flash Player <br/>Malwarebytes' Anti-Malware <br/>MediaMonkey 2.5 <br/>Microsoft .NET Framework 1.1 <br/>Microsoft .NET Framework 1.1 Security Update (KB953297) <br/>Microsoft Compression Client Pack 1.0 for Windows XP <br/>Microsoft Internationalized Domain Names Mitigation APIs <br/>Microsoft National Language Support Downlevel APIs <br/>Microsoft Office XP Professional with FrontPage <br/>Microsoft Plus! Digital Media Edition Installer <br/>Microsoft Plus! Photo Story 2 LE <br/>Microsoft Silverlight <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>Microsoft Visual C++ 2005 Redistributable <br/>mkw Audio Compression Toolkit <br/>Move Media Player <br/>MovieEdit Task <br/>MSXML 4.0 SP2 (KB927978) <br/>MSXML 4.0 SP2 (KB936181) <br/>MSXML 4.0 SP2 (KB954430) <br/>MSXML 4.0 SP2 (KB973688) <br/>Musicmatch® Jukebox <br/>Nero Media Player <br/>Nero Suite <br/>NeroMIX <br/>OmniFormat <br/>Onet.pl - Skype 3.1 <br/>Pakiet Multimedialny ESKK W³oski Demo 3.0 <br/>Pdf995 <br/>PhotoStitch <br/>PL-2303 USB-to-Serial <br/>PowerDVD 5.3 <br/>QFolder <br/>QuickTime <br/>RAW Image Task 1.2 <br/>RayV <br/>RealPlayer <br/>RemoteCapture Task 1.1 <br/>Scan <br/>ScanToWeb <br/>Search Toolbar <br/>Security Update for Step By Step Interactive Training (KB898458) <br/>Security Update for Step By Step Interactive Training (KB923723) <br/>Security Update for Windows Internet Explorer 7 (KB928090) <br/>Security Update for Windows Internet Explorer 7 (KB929969) <br/>Security Update for Windows Internet Explorer 7 (KB931768) <br/>Security Update for Windows Internet Explorer 7 (KB933566) <br/>Security Update for Windows Internet Explorer 7 (KB937143) <br/>Security Update for Windows Internet Explorer 7 (KB938127) <br/>Security Update for Windows Internet Explorer 7 (KB939653) <br/>Security Update for Windows Internet Explorer 7 (KB942615) <br/>Security Update for Windows Internet Explorer 7 (KB944533) <br/>Security Update for Windows Internet Explorer 7 (KB950759) <br/>Security Update for Windows Internet Explorer 7 (KB953838) <br/>Security Update for Windows Internet Explorer 7 (KB956390) <br/>Security Update for Windows Internet Explorer 7 (KB958215) <br/>Security Update for Windows Internet Explorer 7 (KB960714) <br/>Security Update for Windows Internet Explorer 7 (KB961260) <br/>Security Update for Windows Internet Explorer 7 (KB963027) <br/>Security Update for Windows Internet Explorer 7 (KB969897) <br/>Security Update for Windows Internet Explorer 8 (KB969897) <br/>Security Update for Windows Internet Explorer 8 (KB971961) <br/>Security Update for Windows Internet Explorer 8 (KB972260) <br/>Security Update for Windows Internet Explorer 8 (KB974455) <br/>Security Update for Windows Internet Explorer 8 (KB976325) <br/>Security Update for Windows Internet Explorer 8 (KB978207) <br/>Security Update for Windows Internet Explorer 8 (KB981332) <br/>Security Update for Windows Media Player (KB911564) <br/>Security Update for Windows Media Player (KB952069) <br/>Security Update for Windows Media Player (KB954155) <br/>Security Update for Windows Media Player (KB968816) <br/>Security Update for Windows Media Player (KB973540) <br/>Security Update for Windows Media Player 10 (KB911565) <br/>Security Update for Windows Media Player 10 (KB917734) <br/>Security Update for Windows Media Player 11 (KB936782) <br/>Security Update for Windows Media Player 11 (KB954154) <br/>Security Update for Windows Media Player 6.4 (KB925398) <br/>Security Update for Windows XP (KB923561) <br/>Security Update for Windows XP (KB923689) <br/>Security Update for Windows XP (KB938464-v2) <br/>Security Update for Windows XP (KB938464) <br/>Security Update for Windows XP (KB941569) <br/>Security Update for Windows XP (KB946648) <br/>Security Update for Windows XP (KB950760) <br/>Security Update for Windows XP (KB950762) <br/>Security Update for Windows XP (KB950974) <br/>Security Update for Windows XP (KB951066) <br/>Security Update for Windows XP (KB951376-v2) <br/>Security Update for Windows XP (KB951376) <br/>Security Update for Windows XP (KB951698) <br/>Security Update for Windows XP (KB951748) <br/>Security Update for Windows XP (KB952004) <br/>Security Update for Windows XP (KB952954) <br/>Security Update for Windows XP (KB953839) <br/>Security Update for Windows XP (KB954211) <br/>Security Update for Windows XP (KB954459) <br/>Security Update for Windows XP (KB954600) <br/>Security Update for Windows XP (KB955069) <br/>Security Update for Windows XP (KB956391) <br/>Security Update for Windows XP (KB956572) <br/>Security Update for Windows XP (KB956744) <br/>Security Update for Windows XP (KB956802) <br/>Security Update for Windows XP (KB956803) <br/>Security Update for Windows XP (KB956841) <br/>Security Update for Windows XP (KB956844) <br/>Security Update for Windows XP (KB957095) <br/>Security Update for Windows XP (KB957097) <br/>Security Update for Windows XP (KB958644) <br/>Security Update for Windows XP (KB958687) <br/>Security Update for Windows XP (KB958690) <br/>Security Update for Windows XP (KB958869) <br/>Security Update for Windows XP (KB959426) <br/>Security Update for Windows XP (KB960225) <br/>Security Update for Windows XP (KB960715) <br/>Security Update for Windows XP (KB960803) <br/>Security Update for Windows XP (KB960859) <br/>Security Update for Windows XP (KB961371) <br/>Security Update for Windows XP (KB961373) <br/>Security Update for Windows XP (KB961501) <br/>Security Update for Windows XP (KB968537) <br/>Security Update for Windows XP (KB969059) <br/>Security Update for Windows XP (KB969898) <br/>Security Update for Windows XP (KB969947) <br/>Security Update for Windows XP (KB970238) <br/>Security Update for Windows XP (KB970430) <br/>Security Update for Windows XP (KB971468) <br/>Security Update for Windows XP (KB971486) <br/>Security Update for Windows XP (KB971557) <br/>Security Update for Windows XP (KB971633) <br/>Security Update for Windows XP (KB971657) <br/>Security Update for Windows XP (KB972270) <br/>Security Update for Windows XP (KB973346) <br/>Security Update for Windows XP (KB973354) <br/>Security Update for Windows XP (KB973507) <br/>Security Update for Windows XP (KB973525) <br/>Security Update for Windows XP (KB973869) <br/>Security Update for Windows XP (KB973904) <br/>Security Update for Windows XP (KB974112) <br/>Security Update for Windows XP (KB974318) <br/>Security Update for Windows XP (KB974392) <br/>Security Update for Windows XP (KB974571) <br/>Security Update for Windows XP (KB975025) <br/>Security Update for Windows XP (KB975467) <br/>Security Update for Windows XP (KB975560) <br/>Security Update for Windows XP (KB975561) <br/>Security Update for Windows XP (KB975713) <br/>Security Update for Windows XP (KB977165) <br/>Security Update for Windows XP (KB977816) <br/>Security Update for Windows XP (KB977914) <br/>Security Update for Windows XP (KB978037) <br/>Security Update for Windows XP (KB978251) <br/>Security Update for Windows XP (KB978262) <br/>Security Update for Windows XP (KB978338) <br/>Security Update for Windows XP (KB978542) <br/>Security Update for Windows XP (KB978601) <br/>Security Update for Windows XP (KB978706) <br/>Security Update for Windows XP (KB979309) <br/>Security Update for Windows XP (KB979683) <br/>Security Update for Windows XP (KB980232) <br/>Skype Plugin Manager <br/>Smilebox <br/>SolveigMM AVI Trimmer <br/>SopCast 3.0.3 <br/>Symantec KB-DocID:2003093015493306 <br/>TVAnts 1.0 <br/>TVUPlayer 2.3.7.1 <br/>Unlocker 1.8.7 <br/>Update for Windows Internet Explorer 8 (KB971930) <br/>Update for Windows Internet Explorer 8 (KB976662) <br/>Update for Windows Internet Explorer 8 (KB976749) <br/>Update for Windows Internet Explorer 8 (KB980182) <br/>Update for Windows XP (KB951072-v2) <br/>Update for Windows XP (KB951978) <br/>Update for Windows XP (KB955759) <br/>Update for Windows XP (KB955839) <br/>Update for Windows XP (KB967715) <br/>Update for Windows XP (KB968389) <br/>Update for Windows XP (KB971737) <br/>Update for Windows XP (KB973687) <br/>Update for Windows XP (KB973815) <br/>USB Video/Audio Device Driver <br/>VC80CRTRedist - 8.0.50727.4053 <br/>VLC media player 1.0.5 <br/>VobSub v2.23 (Remove Only) <br/>WebFldrs XP <br/>Windows Genuine Advantage Notifications (KB905474) <br/>Windows Genuine Advantage Validation Tool (KB892130) <br/>Windows Internet Explorer 7 <br/>Windows Internet Explorer 8 <br/>Windows Media Format 11 runtime <br/>Windows Media Player 10 <br/>Windows Media Player 11 <br/>Windows XP Service Pack 3 <br/>WinRAR archiver <br/>WordPerfect Office 12 <br/>XP Codec Pack <br/>XviD 1.1 final uninstall <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>5/22/2010 6:32:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) <br/>5/22/2010 6:30:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde <br/>5/22/2010 4:00:38 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} <br/>5/22/2010 12:20:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect. <br/>5/22/2010 12:20:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect. <br/>5/22/2010 12:20:38 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 12:09:03 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 12:08:28 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 11:57:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect. <br/>5/22/2010 11:57:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect. <br/>5/22/2010 11:57:47 AM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 11:57:47 AM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/22/2010 11:30:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect. <br/>5/22/2010 11:30:17 AM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/21/2010 12:19:27 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s). <br/>5/21/2010 12:15:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect. <br/>5/21/2010 12:15:04 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. <br/>5/21/2010 10:32:19 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. <br/>5/20/2010 7:35:12 PM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed. <br/>5/18/2010 8:02:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. <br/>5/18/2010 8:02:13 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} <br/>5/18/2010 2:28:35 PM, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0). <br/>5/18/2010 2:27:32 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. <br/>5/18/2010 2:27:32 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. <br/>5/16/2010 7:20:49 PM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future. <br/>5/16/2010 7:20:49 PM, error: VolSnap [24] - There was insufficient disk space on volume C: to persist the shadow copy of volume C:. Diff area file growth failed. <br/>5/15/2010 3:30:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/15/2010 3:30:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/15/2010 3:29:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} <br/>5/15/2010 3:29:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} <br/> <br/>==== End Of File ===========================
Posted 5/23/2010 4:49 PM
#86106
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
open hijackthis, klick scan, check the following. <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 <br/>close all browser windows, fix checked <br/>To set your DNS, you need to find the Internet Protocol window. <br/> <br/>For Users on a Dial-up Connection: <br/>    Go to My Computer>Dialup Networking. <br/>    Right-click your internet connection and select Properties. <br/>    A window will open - click the Server Types tab. Click TCP/IP Settings. <br/> <br/>For All Other Users: <br/>    Go to Control Panel>Network Connections and select your local network. <br/>    Click Properties, then select Internet Protocol (TCP/IP). <br/>    Click Properties. <br/> <br/>You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK <br/> <br/>now go to start/run & type cmd press OK <br/> <br/>when the black screen opens type this exactly including all spaces <br/> <br/>ipconfig /flushdns and press OK then close that black screen <br/>rebot and post a combofix log. <br/>http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Posted 5/24/2010 3:30 AM
#86122
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Markus, thank you very much for fast response. <br/> <br/>Finally, after several attempts, it seems internet is on. <br/>Don't seem to have redirect problem. <br/> <br/>Here is combofix log. It is a second one, as the first one was created before MS Recovery Console was installed. <br/>Please let me know if you need it. <br/> <br/>Please let me know if you see anything suspicious. <br/>Do you recommend keeping CCleaner and Malwarebtes on? <br/>Should I get anything else? <br/>Should I keep HijackThis, HJInstall and Combofix? <br/> <br/>ComboFix 10-05-22.01 - PIOTR 05/23/2010 14:22:12.2.2 - x86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.172 [GMT -5:00] <br/>Running from: c:\documents and settings\PIOTR\Desktop\ComboFix.exe <br/>Command switches used :: c:\documents and settings\PIOTR\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe <br/>AV: avast! antivirus 4.8.1368 [VPS 100522-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\Trend Micro <br/>2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Malwarebytes <br/>2010-05-22 21:44 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-05-22 21:44 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-05-22 21:29 . 2010-05-22 21:29 -------- d-----w- c:\program files\CCleaner <br/>2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\windows\system32\wbem\Repository <br/>2010-05-22 14:04 . 2010-05-22 14:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache <br/>2010-05-20 23:30 . 2010-05-22 17:04 -------- d-----w- c:\program files\Astroburn Lite <br/>2010-05-20 23:29 . 2010-05-20 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Astroburn Lite <br/>2010-05-20 17:52 . 2010-05-22 17:04 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DAEMON Tools Lite <br/>2010-05-20 17:52 . 2010-05-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite <br/>2010-05-18 19:07 . 2010-05-22 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro <br/>2010-05-15 20:12 . 2010-05-15 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache <br/>2010-05-05 14:35 . 2010-05-05 14:35 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe <br/>2010-05-05 14:34 . 2010-05-05 14:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe <br/>2010-05-05 14:34 . 2010-05-05 14:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe <br/>2010-04-29 16:27 . 2010-05-05 14:35 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll <br/>2010-04-29 16:26 . 2010-05-05 14:31 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll <br/>2010-04-29 16:26 . 2010-04-29 16:20 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe <br/>2010-04-29 16:26 . 2010-04-29 16:26 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe <br/>2010-04-29 16:23 . 2010-04-29 16:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe <br/>2010-04-29 16:23 . 2010-04-29 16:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe <br/>2010-04-29 16:23 . 2010-04-29 16:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe <br/>2010-04-29 16:21 . 2010-04-29 16:22 -------- d-----w- c:\program files\Common Files\DivX Shared <br/>2010-04-29 16:21 . 2010-04-29 16:21 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe <br/>2010-04-29 16:20 . 2010-05-05 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX <br/>2010-04-29 16:12 . 2010-05-22 17:04 -------- d-----w- c:\program files\Gabest <br/>2010-04-29 15:40 . 2010-04-29 15:40 -------- d-----w- c:\documents and settings\PIOTR\Local Settings\Application Data\WMTools Downloaded Files <br/>2010-04-29 15:23 . 2010-04-29 15:24 -------- d-----w- c:\program files\TMPGEnc-2.525.64.184-EN-Free <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-05-23 18:09 . 2005-11-14 03:33 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Skype <br/>2010-05-22 23:53 . 2005-04-08 05:27 -------- d-----w- c:\program files\Java <br/>2010-05-22 21:21 . 2009-08-13 21:40 -------- d-----w- c:\program files\BitTorrent <br/>2010-05-22 16:19 . 2010-02-16 22:15 -------- d-----w- c:\program files\Avidemux 2.5 <br/>2010-05-22 16:19 . 2009-11-25 16:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\vlc <br/>2010-05-21 21:48 . 2010-02-16 22:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\avidemux <br/>2010-05-17 01:03 . 2010-03-22 00:55 439816 ----a-w- c:\documents and settings\PIOTR\Application Data\Real\Update\setup3.10\setup.exe <br/>2010-05-16 22:21 . 2008-05-07 14:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Any Video Converter <br/>2010-05-12 14:25 . 2006-07-16 16:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\U3 <br/>2010-05-05 14:35 . 2006-04-25 05:03 -------- d-----w- c:\program files\DivX <br/>2010-05-04 21:45 . 2009-09-26 16:50 -------- d-----w- c:\documents and settings\PIOTR\Application Data\dvdcss <br/>2010-04-29 17:04 . 2006-10-09 04:02 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DivX <br/>2010-04-20 16:28 . 2010-04-20 16:28 -------- d-----w- c:\program files\Doc Convertor <br/>2010-04-03 17:52 . 2005-04-18 02:55 44568 ----a-w- c:\documents and settings\PIOTR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2010-03-31 01:58 . 2007-06-21 02:06 133616 ------w- c:\windows\system32\pxafs.dll <br/>2010-03-31 01:58 . 2005-04-08 05:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys <br/>2010-03-31 01:58 . 2005-04-08 05:33 125424 ------w- c:\windows\system32\pxinsi64.exe <br/>2010-03-31 01:58 . 2005-04-08 05:33 123888 ------w- c:\windows\system32\pxcpyi64.exe <br/>2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll <br/>2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll <br/>2010-03-02 04:12 . 2008-12-03 00:35 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2010-03-02 04:09 . 2010-03-02 04:08 37648214 ----a-w- c:\program files\EskkItaDemoSetup.exe <br/>2010-02-27 05:30 . 2010-02-27 05:30 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe <br/>2010-02-25 06:24 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys <br/>2009-11-15 17:28 . 2009-11-15 17:28 479925 ----a-w- c:\program files\nowegg_www_SoftMania_pl.exe <br/>2007-10-10 05:39 . 2007-10-10 05:39 670720 ----a-w- c:\program files\CoolPDFReader.exe <br/>2006-09-21 01:10 . 2006-09-21 01:10 6258609 -c--a-w- c:\program files\XP Codec Pack 2.0.4.exe <br/>2006-09-21 00:57 . 2006-09-21 00:57 2068266 -c--a-w- c:\program files\iv5setup.exe <br/>2006-09-21 00:55 . 2006-09-21 00:55 643711 -c--a-w- c:\program files\XviD-1.1.0-30122005.exe <br/>2006-06-24 15:42 . 2005-11-14 03:19 10586880 ----a-w- c:\program files\Onet-SkypeSetup.exe <br/>2006-04-30 00:46 . 2006-09-21 13:44 179 ----a-w- c:\program files\Free-Codecs.txt <br/>2006-01-13 01:30 . 2006-01-13 01:30 10432544 -c----w- c:\program files\rp505enu.exe <br/>2005-10-10 00:59 . 2005-10-10 00:58 12754672 ----a-w- c:\program files\MP10Setup.exe <br/>2005-09-24 02:43 . 2005-09-24 02:37 24265736 ----a-w- c:\program files\dotnetfx.exe <br/>2005-09-17 22:27 . 2005-09-17 22:26 558240 -c--a-w- c:\program files\GoogleToolbarInstaller.exe <br/>2005-08-31 02:24 . 2005-08-31 02:24 7545056 -c--a-w- c:\program files\NMP-1.4.0.35.exe <br/>2005-08-31 01:46 . 2005-08-31 01:46 10737061 -c--a-w- c:\program files\NeroMIX-1.4.0.34a.exe <br/>2005-08-30 15:44 . 2005-08-30 15:44 37492192 -c--a-w- c:\program files\NVE-3.1.0.16.exe <br/>2005-08-30 07:41 . 2005-08-30 07:41 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe <br/>2005-08-30 05:46 . 2005-08-30 05:46 22396022 ----a-w- c:\program files\NVE2content.exe <br/>2005-08-09 00:08 . 2005-08-08 14:39 6765354 ----a-w- c:\program files\InCD-4.3.20.1.exe <br/>2005-07-28 02:09 . 2005-07-28 02:08 10844936 -c--a-w- c:\program files\GoogleEarth.exe <br/>2005-06-09 02:12 . 2005-06-09 02:12 1012466 ------w- c:\program files\wrar35b5.exe <br/>2000-11-15 14:21 . 2006-06-09 01:10 178688 ----a-w- c:\program files\hjsplit.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] <br/>@="{95A27763-F62A-4114-9072-E81D87DE3B68}" <br/>[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] <br/>2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] <br/>@="{E300CD91-100F-4E67-9AF3-1384A6124015}" <br/>[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] <br/>2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] <br/>@="{5E529433-B50E-4bef-A63B-16A6B71B071A}" <br/>[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] <br/>2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25366056] <br/>"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] <br/>"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592] <br/>"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 36864] <br/>"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776] <br/>"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-01-19 102400] <br/>"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] <br/>"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192] <br/>"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] <br/>"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] <br/>"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] <br/>"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] <br/>"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160] <br/>"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] <br/>"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] <br/>"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>InterVideo WinCinema Manager.lnk - c:\program files\BenQ\Common\Bin\WinCinemaMgr.exe [2005-4-18 184320] <br/>Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\support.com\\bin\\tgcmd.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\RayV\\RayV\\RayV.exe"= <br/>"c:\\Program Files\\RayV\\RayV\\RayV.dll"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/26/2009 12:16 AM 114768] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/26/2009 12:16 AM 20560] <br/>S2 gupdate1c9de492995e2fc;Google Update Service (gupdate1c9de492995e2fc);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 4:30 PM 133104] <br/>S3 DrmCAudio;DrmCAudio;c:\windows\SYSTEM32\DRIVERS\DrmCAudio.sys [1/31/2009 6:13 PM 23096] <br/>S3 DrmCVideo;DrmCVideo;c:\windows\SYSTEM32\DRIVERS\DrmCVideo.sys [1/31/2009 6:13 PM 3768] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] <br/> <br/>2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30] <br/> <br/>2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mWindow Title = Microsoft Internet Explorer presented by Comcast <br/>uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 <br/>Trusted Zone: musicmatch.com\online <br/>DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2010-05-23 14:32 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>HKLM\Software\Microsoft\Windows\CurrentVersion\Run <br/> tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(3688) <br/>c:\windows\system32\WININET.dll <br/>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\webcheck.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>Completion time: 2010-05-23 14:37:16 <br/>ComboFix-quarantined-files.txt 2010-05-23 19:37 <br/>ComboFix2.txt 2010-05-23 19:12 <br/> <br/>Pre-Run: 17,698,557,952 bytes free <br/>Post-Run: 17,670,574,080 bytes free <br/> <br/>WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe <br/>[boot loader] <br/>timeout=2 <br/>default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS <br/>[operating systems] <br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons <br/>multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect <br/> <br/>Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4 <br/>- - End Of File - - FA1FE3B5CA9AA42559B9A2B74B829EB9
Posted 5/24/2010 9:34 AM
#86127
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
i need the first cf log please. i will you tell later what you can do to stay secure.
Posted 5/24/2010 2:37 PM
#86146
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Great, here is the first cf log: <br/> <br/>ComboFix 10-05-22.01 - PIOTR 05/23/2010 13:51:10.1.2 - x86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.132 [GMT -5:00] <br/>Running from: c:\documents and settings\PIOTR\Desktop\ComboFix.exe <br/>AV: avast! antivirus 4.8.1368 [VPS 100522-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/> <br/>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\documents and settings\All Users\Application Data\Toolbar4 <br/>c:\documents and settings\PIOTR\Application Data\.# <br/>c:\documents and settings\PIOTR\Application Data\Desktopicon <br/>c:\documents and settings\PIOTR\Application Data\inst.exe <br/>c:\program files\Search Toolbar <br/>c:\program files\Search Toolbar\basis.xml <br/>c:\program files\Search Toolbar\bg.bmp <br/>c:\program files\Search Toolbar\bing_logo.png <br/>c:\program files\Search Toolbar\celebrity.png <br/>c:\program files\Search Toolbar\drop_images.png <br/>c:\program files\Search Toolbar\drop_maps.png <br/>c:\program files\Search Toolbar\drop_news.png <br/>c:\program files\Search Toolbar\drop_videos.png <br/>c:\program files\Search Toolbar\drop_web.png <br/>c:\program files\Search Toolbar\facebook.png <br/>c:\program files\Search Toolbar\favicon.png <br/>c:\program files\Search Toolbar\games.png <br/>c:\program files\Search Toolbar\hotmail.png <br/>c:\program files\Search Toolbar\icon.ico <br/>c:\program files\Search Toolbar\images.png <br/>c:\program files\Search Toolbar\include.xml <br/>c:\program files\Search Toolbar\info.txt <br/>c:\program files\Search Toolbar\lifestyle.png <br/>c:\program files\Search Toolbar\maps.png <br/>c:\program files\Search Toolbar\messenger.png <br/>c:\program files\Search Toolbar\msn.png <br/>c:\program files\Search Toolbar\news.png <br/>c:\program files\Search Toolbar\SearchToolbar.dll <br/>c:\program files\Search Toolbar\SearchToolbarUninstall.exe <br/>c:\program files\Search Toolbar\tbcore3.dll <br/>c:\program files\Search Toolbar\tbhelper.dll <br/>c:\program files\Search Toolbar\twitter.png <br/>c:\program files\Search Toolbar\uninstall.exe <br/>c:\program files\Search Toolbar\update.exe <br/>c:\program files\Search Toolbar\version.txt <br/>c:\program files\Search Toolbar\video.png <br/>c:\program files\Search Toolbar\videos.png <br/>c:\program files\Search Toolbar\weather.png <br/>c:\program files\Search Toolbar\web.png <br/>c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf <br/>c:\windows\system32\_000006_.tmp.dll <br/>c:\windows\system32\_000009_.tmp.dll <br/>c:\windows\system32\_000010_.tmp.dll <br/>c:\windows\system32\download <br/>c:\windows\system32\Download\ispinfo.csv <br/> <br/>Infected copy of c:\windows\system32\drivers\viaide.sys was found and disinfected <br/>Restored copy from - Kitty had a snack :p <br/>. <br/>((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-05-23 00:13 . 2010-05-23 00:13 -------- d-----w- c:\program files\Trend Micro <br/>2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Malwarebytes <br/>2010-05-22 21:44 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2010-05-22 21:44 . 2010-05-22 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2010-05-22 21:44 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-05-22 21:29 . 2010-05-22 21:29 -------- d-----w- c:\program files\CCleaner <br/>2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\windows\system32\wbem\Repository <br/>2010-05-22 14:04 . 2010-05-22 14:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache <br/>2010-05-20 23:30 . 2010-05-22 17:04 -------- d-----w- c:\program files\Astroburn Lite <br/>2010-05-20 23:29 . 2010-05-20 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Astroburn Lite <br/>2010-05-20 17:52 . 2010-05-22 17:04 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DAEMON Tools Lite <br/>2010-05-20 17:52 . 2010-05-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite <br/>2010-05-18 19:07 . 2010-05-22 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro <br/>2010-05-15 20:12 . 2010-05-15 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache <br/>2010-04-29 16:21 . 2010-04-29 16:22 -------- d-----w- c:\program files\Common Files\DivX Shared <br/>2010-04-29 16:20 . 2010-05-05 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX <br/>2010-04-29 16:12 . 2010-05-22 17:04 -------- d-----w- c:\program files\Gabest <br/>2010-04-29 15:40 . 2010-04-29 15:40 -------- d-----w- c:\documents and settings\PIOTR\Local Settings\Application Data\WMTools Downloaded Files <br/>2010-04-29 15:23 . 2010-04-29 15:24 -------- d-----w- c:\program files\TMPGEnc-2.525.64.184-EN-Free <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-05-23 18:09 . 2005-11-14 03:33 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Skype <br/>2010-05-22 23:53 . 2005-04-08 05:27 -------- d-----w- c:\program files\Java <br/>2010-05-22 21:21 . 2009-08-13 21:40 -------- d-----w- c:\program files\BitTorrent <br/>2010-05-22 16:19 . 2010-02-16 22:15 -------- d-----w- c:\program files\Avidemux 2.5 <br/>2010-05-22 16:19 . 2009-11-25 16:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\vlc <br/>2010-05-21 21:48 . 2010-02-16 22:16 -------- d-----w- c:\documents and settings\PIOTR\Application Data\avidemux <br/>2010-05-17 01:03 . 2010-03-22 00:55 439816 ----a-w- c:\documents and settings\PIOTR\Application Data\Real\Update\setup3.10\setup.exe <br/>2010-05-16 22:21 . 2008-05-07 14:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\Any Video Converter <br/>2010-05-12 14:25 . 2006-07-16 16:54 -------- d-----w- c:\documents and settings\PIOTR\Application Data\U3 <br/>2010-05-05 14:35 . 2010-04-29 16:27 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll <br/>2010-05-05 14:35 . 2010-05-05 14:35 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe <br/>2010-05-05 14:35 . 2006-04-25 05:03 -------- d-----w- c:\program files\DivX <br/>2010-05-05 14:34 . 2010-05-05 14:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe <br/>2010-05-05 14:34 . 2010-05-05 14:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe <br/>2010-05-05 14:33 . 2010-05-05 14:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe <br/>2010-05-05 14:31 . 2010-04-29 16:26 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll <br/>2010-05-04 21:45 . 2009-09-26 16:50 -------- d-----w- c:\documents and settings\PIOTR\Application Data\dvdcss <br/>2010-04-29 17:04 . 2006-10-09 04:02 -------- d-----w- c:\documents and settings\PIOTR\Application Data\DivX <br/>2010-04-29 16:26 . 2010-04-29 16:26 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe <br/>2010-04-29 16:23 . 2010-04-29 16:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe <br/>2010-04-29 16:23 . 2010-04-29 16:23 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe <br/>2010-04-29 16:23 . 2010-04-29 16:23 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe <br/>2010-04-29 16:22 . 2010-04-29 16:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe <br/>2010-04-29 16:21 . 2010-04-29 16:21 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe <br/>2010-04-29 16:20 . 2010-04-29 16:26 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe <br/>2010-04-20 16:28 . 2010-04-20 16:28 -------- d-----w- c:\program files\Doc Convertor <br/>2010-04-03 17:52 . 2005-04-18 02:55 44568 ----a-w- c:\documents and settings\PIOTR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2010-03-31 01:58 . 2007-06-21 02:06 133616 ------w- c:\windows\system32\pxafs.dll <br/>2010-03-31 01:58 . 2005-04-08 05:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys <br/>2010-03-31 01:58 . 2005-04-08 05:33 125424 ------w- c:\windows\system32\pxinsi64.exe <br/>2010-03-31 01:58 . 2005-04-08 05:33 123888 ------w- c:\windows\system32\pxcpyi64.exe <br/>2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll <br/>2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll <br/>2010-03-02 04:12 . 2008-12-03 00:35 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2010-03-02 04:09 . 2010-03-02 04:08 37648214 ----a-w- c:\program files\EskkItaDemoSetup.exe <br/>2010-02-27 05:30 . 2010-02-27 05:30 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe <br/>2010-02-25 06:24 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys <br/>2009-11-15 17:28 . 2009-11-15 17:28 479925 ----a-w- c:\program files\nowegg_www_SoftMania_pl.exe <br/>2007-10-10 05:39 . 2007-10-10 05:39 670720 ----a-w- c:\program files\CoolPDFReader.exe <br/>2006-09-21 01:10 . 2006-09-21 01:10 6258609 -c--a-w- c:\program files\XP Codec Pack 2.0.4.exe <br/>2006-09-21 00:57 . 2006-09-21 00:57 2068266 -c--a-w- c:\program files\iv5setup.exe <br/>2006-09-21 00:55 . 2006-09-21 00:55 643711 -c--a-w- c:\program files\XviD-1.1.0-30122005.exe <br/>2006-06-24 15:42 . 2005-11-14 03:19 10586880 ----a-w- c:\program files\Onet-SkypeSetup.exe <br/>2006-04-30 00:46 . 2006-09-21 13:44 179 ----a-w- c:\program files\Free-Codecs.txt <br/>2006-01-13 01:30 . 2006-01-13 01:30 10432544 -c----w- c:\program files\rp505enu.exe <br/>2005-10-10 00:59 . 2005-10-10 00:58 12754672 ----a-w- c:\program files\MP10Setup.exe <br/>2005-09-24 02:43 . 2005-09-24 02:37 24265736 ----a-w- c:\program files\dotnetfx.exe <br/>2005-09-17 22:27 . 2005-09-17 22:26 558240 -c--a-w- c:\program files\GoogleToolbarInstaller.exe <br/>2005-08-31 02:24 . 2005-08-31 02:24 7545056 -c--a-w- c:\program files\NMP-1.4.0.35.exe <br/>2005-08-31 01:46 . 2005-08-31 01:46 10737061 -c--a-w- c:\program files\NeroMIX-1.4.0.34a.exe <br/>2005-08-30 15:44 . 2005-08-30 15:44 37492192 -c--a-w- c:\program files\NVE-3.1.0.16.exe <br/>2005-08-30 07:41 . 2005-08-30 07:41 34235626 -c--a-w- c:\program files\Nero-6.6.0.16.exe <br/>2005-08-30 05:46 . 2005-08-30 05:46 22396022 ----a-w- c:\program files\NVE2content.exe <br/>2005-08-09 00:08 . 2005-08-08 14:39 6765354 ----a-w- c:\program files\InCD-4.3.20.1.exe <br/>2005-07-28 02:09 . 2005-07-28 02:08 10844936 -c--a-w- c:\program files\GoogleEarth.exe <br/>2005-06-09 02:12 . 2005-06-09 02:12 1012466 ------w- c:\program files\wrar35b5.exe <br/>2000-11-15 14:21 . 2006-06-09 01:10 178688 ----a-w- c:\program files\hjsplit.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] <br/>@="{95A27763-F62A-4114-9072-E81D87DE3B68}" <br/>[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] <br/>2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] <br/>@="{E300CD91-100F-4E67-9AF3-1384A6124015}" <br/>[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] <br/>2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] <br/>@="{5E529433-B50E-4bef-A63B-16A6B71B071A}" <br/>[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] <br/>2009-09-19 02:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856] <br/>"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25366056] <br/>"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] <br/>"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592] <br/>"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-08-16 36864] <br/>"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776] <br/>"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-01-19 102400] <br/>"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] <br/>"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-25 1544192] <br/>"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] <br/>"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] <br/>"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] <br/>"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] <br/>"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 198160] <br/>"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] <br/>"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] <br/>"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>InterVideo WinCinema Manager.lnk - c:\program files\BenQ\Common\Bin\WinCinemaMgr.exe [2005-4-18 184320] <br/>Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] <br/>"DisableMonitoring"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\support.com\\bin\\tgcmd.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\RayV\\RayV\\RayV.exe"= <br/>"c:\\Program Files\\RayV\\RayV\\RayV.dll"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/26/2009 12:16 AM 114768] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/26/2009 12:16 AM 20560] <br/>S2 gupdate1c9de492995e2fc;Google Update Service (gupdate1c9de492995e2fc);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 4:30 PM 133104] <br/>S3 DrmCAudio;DrmCAudio;c:\windows\SYSTEM32\DRIVERS\DrmCAudio.sys [1/31/2009 6:13 PM 23096] <br/>S3 DrmCVideo;DrmCVideo;c:\windows\SYSTEM32\DRIVERS\DrmCVideo.sys [1/31/2009 6:13 PM 3768] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] <br/> <br/>2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30] <br/> <br/>2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:30] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mWindow Title = Microsoft Internet Explorer presented by Comcast <br/>uInternet Connection Wizard,ShellNext = hxxp://my.netzero.net/s/sp?r=al&cf=sp&mem=gapis&login=2d133557ed812198e9a6c48740c50922/gapis:netzero.net/1113281017/30/sss.0.64855/&ts=425b51f9&A=0&B=1046419200000&C=1046419200000&D=1066546800000&I=7.NQ4&N=PL&O=A&UT=companion <br/>uSearchAssistant = hxxp://www.google.com/ie <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 <br/>Trusted Zone: musicmatch.com\online <br/>DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll <br/>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll <br/>HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe <br/>AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe <br/>AddRemove-SolveigMM AVI Trimmer 1.3 Beta - c:\program files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe <br/> <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2010-05-23 14:06 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>HKLM\Software\Microsoft\Windows\CurrentVersion\Run <br/> tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>Completion time: 2010-05-23 14:12:17 <br/>ComboFix-quarantined-files.txt 2010-05-23 19:12 <br/> <br/>Pre-Run: 17,514,868,736 bytes free <br/>Post-Run: 17,685,913,600 bytes free <br/> <br/>Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4 <br/>- - End Of File - - 2AED1F554D834D823847090A897D8A9C
Posted 5/24/2010 2:57 PM
#86147
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
upgrade avast to version 5 <br/>gmer: <br/> <br/>Please download GMER from one of the following locations and save it to your desktop: <br/>http://gmer.net/download.php <br/>This version will download a randomly named file (Recommended) <br/>http://gmer.net/gmer.zip <br/>Disconnect from the Internet and close all running programs. <br/>Temporarily turn off all antivirus programs <br/> <br/>Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. <br/>Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. <br/> <br/>GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) <br/>If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. <br/>Now click the Scan button. If you see a rootkit warning window, click OK. <br/>When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. <br/>Click the Copy button and paste the results into your next reply. <br/>Exit GMER and re-enable all active protection when done.
Posted 5/25/2010 3:00 PM
#86171
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Markus, <br/> <br/>I did the above. <br/>No warnings after first scan. <br/>I did scan and when I returnet to computer several hours later, it was frozen with no display. I turned it off and on. I got Windows message, <br/>here is the manifest: <br/> <br/>Server=watson.microsoft.com <br/>UI LCID=1033 <br/>Flags=1696080 <br/>Brand=WINDOWS <br/>TitleName=Microsoft Windows <br/>DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId <br/>ErrorText=A log of this error has been created. <br/>HeaderText=The system has recovered from a serious error. <br/>Stage2URL= <br/>Stage2URL=/dw/bluetwo.asp?BCCode=10000050&BCP1=FB41A047&BCP2=00000000&BCP3=A8E11D3D&BCP4=00000000&OSVer=5_1_2600&SP=3_0&Product=768_1 <br/>DataFiles=C:\DOCUME~1\PIOTR\LOCALS~1\Temp\WER3a6d.dir00\Mini052410-01.dmp|C:\DOCUME~1\PIOTR\LOCALS~1\Temp\WER3a6d.dir00\sysdata.xml <br/>ErrorSubPath=blue <br/>DirectoryDelete=C:\DOCUME~1\PIOTR\LOCALS~1\Temp\WER3a6d.dir00 <br/> <br/>There are 2 files (xml and dmp) also saved. Please let me know if you need them. <br/> <br/>I scanned with gmer again. When done, the computer was very slow. Saving log took several minutes. I was unable to restart from start menu, <br/>so turned computer off and on again. <br/> <br/>Gmer log: <br/> <br/>GMER 1.0.15.15281 - http://www.gmer.net <br/>Rootkit scan 2010-05-25 09:30:12 <br/>Windows 5.1.2600 Service Pack 3 <br/>Running: 6wtbprl8.exe; Driver: C:\DOCUME~1\PIOTR\LOCALS~1\Temp\awroapow.sys <br/> <br/> <br/>---- System - GMER 1.0.15 ---- <br/> <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA3DCC7A] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA3DCB36] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA3DD0EA] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA3DD014] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA3DC70C] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA3DCC10] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA3DC64C] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA3DC6B0] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA3DCD30] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA3DD1B8] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA3DCCF0] <br/>SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA3DCE70] <br/> <br/>Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA3E9AC6] <br/>Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA3E98EA] <br/>Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA3E9A24] <br/>Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection <br/>Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject <br/>Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject <br/> <br/>---- Kernel code sections - GMER 1.0.15 ---- <br/> <br/>.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54AA3DD0 <br/>PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AA3E9A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) <br/>PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP AA3E98EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) <br/>PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP AA3E5536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) <br/>PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP AA3E6EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) <br/>PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AA3E9ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) <br/> <br/>---- User code sections - GMER 1.0.15 ---- <br/> <br/>.text C:\WINDOWS\Explorer.EXE[1432] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 016D1102 C:\Program Files\Unlocker\UnlockerHook.dll <br/> <br/>---- User IAT/EAT - GMER 1.0.15 ---- <br/> <br/>IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002 <br/>IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000 <br/> <br/>---- Devices - GMER 1.0.15 ---- <br/> <br/>Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) <br/> <br/>AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) <br/> <br/>Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software) <br/> <br/>AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) <br/>AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) <br/>AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) <br/>AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) <br/> <br/>Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software) <br/> <br/>AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) <br/>AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) <br/> <br/>---- EOF - GMER 1.0.15 ----
Posted 5/25/2010 3:04 PM
#86172
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
no, not needed. <br/>looks also ok <br/>i think we can fix it today :-) <br/>We need to create an OTL Report <br/> <br/>1. Please download OTL <br/>http://oldtimer.geekstogo.com/OTL.exe <br/> <br/>2. Save it to your desktop. <br/>3. Double click on the icon on your desktop. <br/>4. Click the "Scan All Users" checkbox. <br/>5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured. <br/>6. Copy and Paste the following into the textbox. <br/> <br/> <br/>netsvcs <br/>msconfig <br/>safebootminimal <br/>safebootnetwork <br/>activex <br/>drivers32 <br/>%ALLUSERSPROFILE%\Application Data\*. <br/>%ALLUSERSPROFILE%\Application Data\*.exe /s <br/>%APPDATA%\*. <br/>%APPDATA%\*.exe /s <br/>%SYSTEMDRIVE%\*.exe <br/>/md5start <br/>userinit.exe <br/>eventlog.dll <br/>scecli.dll <br/>netlogon.dll <br/>cngaudit.dll <br/>sceclt.dll <br/>ntelogon.dll <br/>logevent.dll <br/>iaStor.sys <br/>nvstor.sys <br/>atapi.sys <br/>IdeChnDr.sys <br/>viasraid.sys <br/>AGP440.sys <br/>vaxscsi.sys <br/>nvatabus.sys <br/>viamraid.sys <br/>nvata.sys <br/>nvgts.sys <br/>iastorv.sys <br/>ViPrt.sys <br/>eNetHook.dll <br/>ahcix86.sys <br/>KR10N.sys <br/>nvstor32.sys <br/>winlogon.exe <br/>ahcix86s.sys <br/>/md5stop <br/>%systemroot%\system32\drivers\*.sys /lockedfiles <br/>%systemroot%\System32\config\*.sav <br/>%systemroot%\*. /mp /s <br/>%systemroot%\system32\*.dll /lockedfiles <br/>CREATERESTOREPOINT <br/> <br/>7. Push "scan" <br/>8. Two reports will open, copy and paste them in a reply here: <br/>• OTListIt.txt <-- Will be opened <br/>• Extra.txt <-- Will be minimized <br/>perhaps you must post in two or more parts.
Posted 5/25/2010 4:10 PM
#86181
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Here is OTL.txt: <br/> <br/>OTL logfile created on: 5/25/2010 10:44:35 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\PIOTR\Desktop <br/>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.18702) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>502.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 36.00% Memory free <br/>1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free <br/>Paging file location(s): C:\pagefile.sys 756 1512 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 71.47 Gb Total Space | 16.12 Gb Free Space | 22.55% Space Free | Partition Type: NTFS <br/>D: Drive not present or media not loaded <br/>E: Drive not present or media not loaded <br/>Drive F: | 1.88 Gb Total Space | 0.25 Gb Free Space | 13.17% Space Free | Partition Type: FAT <br/>G: Drive not present or media not loaded <br/>H: Drive not present or media not loaded <br/>I: Drive not present or media not loaded <br/> <br/>Computer Name: DJQ2M771 <br/>Current User Name: PIOTR <br/>Logged in as Administrator. <br/> <br/>Current Boot Mode: Normal <br/>Scan Mode: All users <br/>Company Name Whitelist: Off <br/>Skip Microsoft Files: Off <br/>File Age = 30 Days <br/>Output = Standard <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2010/05/25 10:40:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe <br/>PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe <br/>PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe <br/>PRC - [2009/10/06 23:56:18 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>PRC - [2009/09/18 21:09:14 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe <br/>PRC - [2009/09/18 21:09:14 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe <br/>PRC - [2008/08/26 11:14:26 | 000,189,056 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe <br/>PRC - [2008/05/14 07:17:24 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe <br/>PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe <br/>PRC - [2007/06/29 21:06:50 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>PRC - [2006/01/19 12:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe <br/>PRC - [2006/01/19 12:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe <br/>PRC - [2006/01/19 12:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe <br/>PRC - [2006/01/19 12:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe <br/>PRC - [2004/09/21 22:30:14 | 000,184,320 | ---- | M] (InterVideo Inc.) -- C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe <br/>PRC - [2002/04/24 20:37:43 | 001,544,192 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe <br/> <br/> <br/>[color=#E56717]========== Modules (SafeList) ==========[/color] <br/> <br/>MOD - [2010/05/25 10:40:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe <br/>MOD - [2009/10/06 23:57:02 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll <br/>MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll <br/>MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll <br/>MOD - [2008/04/23 22:00:15 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr71.dll <br/>MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx <br/>MOD - [2007/03/21 21:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSVCP71.DLL <br/> <br/> <br/>[color=#E56717]========== Win32 Services (SafeList) ==========[/color] <br/> <br/>SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) <br/>SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) <br/>SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) <br/>SRV - [2009/09/18 21:09:14 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService) <br/>SRV - [2008/05/14 07:17:24 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi) <br/>DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP) <br/>DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr) <br/>DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2) <br/>DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk) <br/>DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4) <br/>DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl) <br/>DRV - [2008/11/11 15:58:58 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DrmCVideo.sys -- (DrmCVideo) <br/>DRV - [2008/11/11 15:58:54 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DrmCAudio.sys -- (DrmCAudio) <br/>DRV - [2008/09/20 16:58:47 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd) <br/>DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) <br/>DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) <br/>DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl) <br/>DRV - [2004/09/22 18:41:00 | 000,020,608 | ---- | M] (Empia Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio) <br/>DRV - [2004/09/22 10:42:00 | 000,079,563 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA) <br/>DRV - [2004/09/21 15:52:00 | 000,110,653 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA) <br/>DRV - [2004/09/21 15:52:00 | 000,004,857 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA) <br/>DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv) <br/>DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm) <br/>DRV - [2003/06/17 03:39:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (Pfc) <br/>DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) <br/>DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) <br/>DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) <br/>DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) <br/>DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) <br/>DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) <br/>DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) <br/>DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) <br/>DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) <br/>DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) <br/>DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) <br/>DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) <br/>DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) <br/>DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) <br/>DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) <br/>DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) <br/>DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie <br/> <br/> <br/>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz <br/>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz <br/>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz <br/>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz <br/>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage <br/> <br/>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage <br/> <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/ <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\URLSearchHook: - Reg Error: Key error. File not found <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF - prefs.js..browser.search.defaultenginename: "Google" <br/>FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" <br/>FF - prefs.js..browser.search.selectedEngine: "Google" <br/>FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-80-0-14Ndt" <br/> <br/> <br/>[2009/12/05 16:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Mozilla\Firefox\Profiles\hk8q98s7.default\extensions <br/>[2006/11/27 22:26:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\PIOTR\Application Data\Mozilla\Firefox\Profiles\hk8q98s7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} <br/>[2006/12/15 00:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions <br/>[2006/09/21 08:53:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} <br/> <br/>O1 HOSTS File: ([2010/05/23 14:05:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts <br/>O1 - Hosts: 127.0.0.1 localhost <br/>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) <br/>O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) <br/>O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) <br/>O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) <br/>O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found <br/>O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. <br/>O3 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O3 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) <br/>O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) <br/>O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) <br/>O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) <br/>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () <br/>O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft) <br/>O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) <br/>O4 - HKLM..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe (Musicmatch, Inc.) <br/>O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) <br/>O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh) <br/>O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\printray.exe (Lexmark) <br/>O4 - HKLM..\Run: [tgcmd] C:\Program Files\support.com\bin\tgcmd.exe (Support.com, Inc.) <br/>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) <br/>O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () <br/>O4 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft) <br/>O4 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) <br/>O4 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.) <br/>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) <br/>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 <br/>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 <br/>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 <br/>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 <br/>O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 <br/>O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 <br/>O7 - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) <br/>O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found <br/>O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found <br/>O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found <br/>O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet) <br/>O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) <br/>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) <br/>O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control) <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) <br/>O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control) <br/>O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) <br/>O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) <br/>O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab (NsvPlayX Control) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) <br/>O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload) <br/>O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class) <br/>O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 <br/>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) <br/>O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) <br/>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) <br/>O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) <br/>O24 - Desktop WallPaper: C:\Documents and Settings\PIOTR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp <br/>O24 - Desktop BackupWallPaper: C:\Documents and Settings\PIOTR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] <br/>O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell - "" = AutoRun <br/>O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun - "" = Auto&Play <br/>O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found <br/>O34 - HKLM BootExecute: (autocheck autochk *) - File not found <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37 - HKLM\...com [@ = ComFile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/> <br/>NetSvcs: 6to4 - File not found <br/>NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/04/08 00:03:46 | 000,000,000 | ---D | M] <br/>NetSvcs: Iprip - File not found <br/>NetSvcs: Irmon - File not found <br/>NetSvcs: NWCWorkstation - File not found <br/>NetSvcs: Nwsapagent - File not found <br/>NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation) <br/>NetSvcs: WmdmPmSp - File not found <br/> <br/>MsConfig - State: "system.ini" - 0 <br/>MsConfig - State: "win.ini" - 0 <br/>MsConfig - State: "bootini" - 2 <br/>MsConfig - State: "services" - 0 <br/>MsConfig - State: "startup" - 0 <br/> <br/>SafeBootMin: Base - Driver Group <br/>SafeBootMin: Boot Bus Extender - Driver Group <br/>SafeBootMin: Boot file system - Driver Group <br/>SafeBootMin: File system - Driver Group <br/>SafeBootMin: Filter - Driver Group <br/>SafeBootMin: PCI Configuration - Driver Group <br/>SafeBootMin: PNP Filter - Driver Group <br/>SafeBootMin: Primary disk - Driver Group <br/>SafeBootMin: SCSI Class - Driver Group <br/>SafeBootMin: sermouse.sys - Driver <br/>SafeBootMin: System Bus Extender - Driver Group <br/>SafeBootMin: vds - Service <br/>SafeBootMin: vga.sys - Driver <br/>SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers <br/>SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive <br/>SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive <br/>SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller <br/>SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc <br/>SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard <br/>SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse <br/>SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters <br/>SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter <br/>SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System <br/>SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive <br/>SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy <br/>SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume <br/>SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices <br/> <br/>SafeBootNet: Base - Driver Group <br/>SafeBootNet: Boot Bus Extender - Driver Group <br/>SafeBootNet: Boot file system - Driver Group <br/>SafeBootNet: File system - Driver Group <br/>SafeBootNet: Filter - Driver Group <br/>SafeBootNet: NDIS Wrapper - Driver Group <br/>SafeBootNet: NetBIOSGroup - Driver Group <br/>SafeBootNet: NetDDEGroup - Driver Group <br/>SafeBootNet: Network - Driver Group <br/>SafeBootNet: NetworkProvider - Driver Group <br/>SafeBootNet: PCI Configuration - Driver Group <br/>SafeBootNet: PNP Filter - Driver Group <br/>SafeBootNet: PNP_TDI - Driver Group <br/>SafeBootNet: Primary disk - Driver Group <br/>SafeBootNet: SCSI Class - Driver Group <br/>SafeBootNet: sermouse.sys - Driver <br/>SafeBootNet: Streams Drivers - Driver Group <br/>SafeBootNet: System Bus Extender - Driver Group <br/>SafeBootNet: TDI - Driver Group <br/>SafeBootNet: vga.sys - Driver <br/>SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers <br/>SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive <br/>SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive <br/>SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller <br/>SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc <br/>SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard <br/>SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse <br/>SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net <br/>SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient <br/>SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService <br/>SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans <br/>SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters <br/>SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter <br/>SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System <br/>SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive <br/>SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume <br/>SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices <br/> <br/>ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) <br/>ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) <br/>ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow <br/>ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 <br/>ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation <br/>ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll <br/>ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java <br/>ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack <br/>ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe <br/>ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) <br/>ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring <br/>ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install <br/>ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT <br/>ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow <br/>ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx <br/>ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help <br/>ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes <br/>ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 <br/>ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser <br/>ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW <br/>ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools <br/>ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements <br/>ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player <br/>ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access <br/>ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders <br/>ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll <br/>ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings <br/>ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install <br/>ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser <br/>ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding <br/>ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider <br/>ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts <br/>ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework <br/>ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler <br/>ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 <br/>ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player <br/>ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) <br/>ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help <br/>ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface <br/>ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe <br/>ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP <br/>ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig <br/>ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP <br/>ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP <br/>ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE <br/> <br/>Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Ligos Corporation) <br/>Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) <br/>Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) <br/>Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.) <br/>Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) <br/>Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) <br/>Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) <br/>Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation) <br/>Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () <br/>Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) <br/> <br/>CREATERESTOREPOINT <br/>Restore point Set: OTL Restore Point (16902109354000384) <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2010/05/25 10:40:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe <br/>[2010/05/24 10:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software <br/>[2010/05/23 22:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Desktop\security <br/>[2010/05/23 22:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun <br/>[2010/05/23 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java <br/>[2010/05/23 22:25:16 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll <br/>[2010/05/23 22:25:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe <br/>[2010/05/23 22:25:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe <br/>[2010/05/23 22:25:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe <br/>[2010/05/23 22:25:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl <br/>[2010/05/23 20:00:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER <br/>[2010/05/23 14:18:24 | 000,000,000 | RHSD | C] -- C:\cmdcons <br/>[2010/05/23 12:15:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe <br/>[2010/05/23 12:15:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe <br/>[2010/05/23 12:15:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe <br/>[2010/05/23 12:15:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe <br/>[2010/05/23 12:14:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT <br/>[2010/05/23 12:11:43 | 000,000,000 | ---D | C] -- C:\Qoobox <br/>[2010/05/22 19:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro <br/>[2010/05/22 16:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Application Data\Malwarebytes <br/>[2010/05/22 16:44:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys <br/>[2010/05/22 16:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>[2010/05/22 16:44:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys <br/>[2010/05/22 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware <br/>[2010/05/22 16:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner <br/>[2010/05/22 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia <br/>[2010/05/22 02:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real <br/>[2010/05/20 18:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Astroburn Lite <br/>[2010/05/20 18:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite <br/>[2010/05/20 12:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Application Data\DAEMON Tools Lite <br/>[2010/05/20 12:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite <br/>[2010/05/18 14:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro <br/>[2010/05/17 19:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe <br/>[2010/05/15 15:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia <br/>[2010/04/29 11:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared <br/>[2010/04/29 11:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX <br/>[2010/04/29 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest <br/>[2010/04/29 10:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PIOTR\Local Settings\Application Data\WMTools Downloaded Files <br/>[2010/04/29 10:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\TMPGEnc-2.525.64.184-EN-Free <br/>[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl <br/>[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll <br/>[57 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] <br/>[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] <br/>[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/>[2 C:\Documents and Settings\PIOTR\My Documents\*.tmp files -> C:\Documents and Settings\PIOTR\My Documents\*.tmp -> ] <br/>[1 C:\*.tmp files -> C:\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2010/05/25 10:40:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PIOTR\Desktop\OTL.exe <br/>[2010/05/25 10:15:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job <br/>[2010/05/25 09:42:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL <br/>[2010/05/25 09:41:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job <br/>[2010/05/25 09:41:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT <br/>[2010/05/25 09:41:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT <br/>[2010/05/25 09:41:25 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys <br/>[2010/05/24 10:31:38 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\PIOTR\ntuser.dat <br/>[2010/05/24 10:31:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\PIOTR\NTUSER.INI <br/>[2010/05/24 10:25:47 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk <br/>[2010/05/24 10:25:43 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT <br/>[2010/05/23 22:24:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe <br/>[2010/05/23 22:24:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe <br/>[2010/05/23 22:24:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe <br/>[2010/05/23 22:24:56 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl <br/>[2010/05/23 22:24:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll <br/>[2010/05/23 14:32:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini <br/>[2010/05/23 14:18:33 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI <br/>[2010/05/23 14:05:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts <br/>[2010/05/20 17:39:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/>[2010/05/18 14:23:37 | 000,000,390 | ---- | M] () -- C:\WINDOWS\System32\.crusader <br/>[2010/05/17 13:32:04 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\PIOTR\My Documents\PG cover letter.doc <br/>[2010/05/14 06:45:51 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\PIOTR\My Documents\10 min pilates sclupting.doc <br/>[2010/05/13 18:37:09 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini <br/>[2010/05/13 18:36:47 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk <br/>[2010/05/13 17:00:08 | 000,183,296 | ---- | M] () -- C:\Documents and Settings\PIOTR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini <br/>[2010/05/13 10:50:59 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\PIOTR\My Documents\Piotr Ganatowski resume.doc <br/>[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr <br/>[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe <br/>[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys <br/>[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys <br/>[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys <br/>[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys <br/>[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys <br/>[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys <br/>[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys <br/>[2010/05/05 09:34:59 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\PIOTR\Desktop\DivX Movies.lnk <br/>[2010/05/05 09:34:09 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk <br/>[2010/05/05 09:33:22 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk <br/>[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys <br/>[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys <br/>[2010/04/29 10:24:35 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\PIOTR\Desktop\Shortcut to TMPGEnc.lnk <br/>[2010/04/27 16:55:47 | 000,000,164 | ---- | M] () -- C:\WINDOWS\asfbinapp.INI <br/>[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl <br/>[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe <br/>[57 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] <br/>[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] <br/>[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] <br/>[2 C:\Documents and Settings\PIOTR\My Documents\*.tmp files -> C:\Documents and Settings\PIOTR\My Documents\*.tmp -> ] <br/>[1 C:\*.tmp files -> C:\*.tmp -> ] <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2010/05/24 10:25:47 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk <br/>[2010/05/23 14:18:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak <br/>[2010/05/23 14:18:30 | 000,260,272 | ---- | C] () -- C:\cmldr <br/>[2010/05/23 12:15:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe <br/>[2010/05/23 12:15:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe <br/>[2010/05/23 12:15:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe <br/>[2010/05/23 12:15:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe <br/>[2010/05/23 12:15:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe <br/>[2010/05/18 14:23:37 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\.crusader <br/>[2010/05/17 13:04:56 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\PIOTR\My Documents\PG cover letter.doc <br/>[2010/05/16 20:23:53 | 015,204,352 | ---- | C] () -- C:\Documents and Settings\PIOTR\ntuser.dat <br/>[2010/05/15 15:33:33 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys <br/>[2010/05/12 13:03:53 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\PIOTR\My Documents\Piotr Ganatowski resume.doc <br/>[2010/05/05 09:34:59 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\PIOTR\Desktop\DivX Movies.lnk <br/>[2010/04/29 11:24:47 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk <br/>[2010/04/29 11:23:01 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk <br/>[2010/04/29 10:24:35 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\PIOTR\Desktop\Shortcut to TMPGEnc.lnk <br/>[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll <br/>[2008/07/23 11:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest <br/>[2007/11/02 21:01:36 | 000,001,037 | ---- | C] () -- C:\WINDOWS\wsftppro.INI <br/>[2007/11/02 20:56:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll <br/>[2007/10/08 22:34:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini <br/>[2007/10/08 22:28:32 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv <br/>[2007/10/08 22:28:31 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll <br/>[2007/08/09 12:51:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI <br/>[2006/12/14 23:59:55 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini <br/>[2006/12/07 20:27:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\asfbinapp.INI <br/>[2006/11/26 19:24:09 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll <br/>[2006/11/26 19:24:09 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll <br/>[2006/09/20 20:12:35 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll <br/>[2006/09/20 20:12:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll <br/>[2005/09/30 23:06:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI <br/>[2005/08/31 12:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll <br/>[2005/08/29 23:39:04 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini <br/>[2005/05/12 21:27:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI <br/>[2005/05/01 22:39:05 | 000,000,085 | ---- | C] () -- C:\WINDOWS\D2HNAV16.INI <br/>[2005/05/01 22:28:28 | 000,000,592 | ---- | C] () -- C:\WINDOWS\PCAWin.ini <br/>[2005/04/30 17:58:57 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI <br/>[2005/04/30 17:45:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI <br/>[2005/04/30 17:41:14 | 000,003,099 | ---- | C] () -- C:\WINDOWS\photoimpression.ini <br/>[2005/04/30 17:35:57 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini <br/>[2005/04/30 17:23:09 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini <br/>[2005/04/23 16:41:56 | 000,007,964 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini <br/>[2005/04/18 19:37:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll <br/>[2005/04/18 19:37:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll <br/>[2005/04/18 19:37:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll <br/>[2005/04/18 19:37:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll <br/>[2005/04/18 19:37:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll <br/>[2005/04/18 19:37:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll <br/>[2005/04/08 00:38:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini <br/>[2005/04/08 00:07:10 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI <br/>[2004/10/12 00:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll <br/>[2004/10/12 00:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll <br/>[2004/10/12 00:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll <br/>[2004/10/09 00:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll <br/>[2004/10/05 02:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll <br/>[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll <br/>[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll <br/>[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI <br/>[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI <br/>[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll <br/>[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2010/05/24 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software <br/>[2010/05/20 18:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite <br/>[2005/04/18 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BenQ <br/>[2009/10/08 23:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite <br/>[2010/05/20 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite <br/>[2010/05/22 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro <br/>[2008/12/02 22:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 <br/>[2007/02/12 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox <br/>[2007/05/03 21:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP <br/>[2006/12/24 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom <br/>[2010/01/11 21:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} <br/>[2010/05/16 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Any Video Converter <br/>[2010/05/21 16:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\avidemux <br/>[2005/11/22 23:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\COWON <br/>[2010/05/22 12:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\DAEMON Tools Lite <br/>[2010/03/16 00:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\foobar2000 <br/>[2009/10/08 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Genie-Soft <br/>[2005/04/18 19:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\InterVideo <br/>[2009/12/10 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Leadertech <br/>[2005/08/25 23:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Musicmatch <br/>[2007/10/08 22:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\pdf995 <br/>[2009/09/28 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\RayV <br/>[2009/08/19 00:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Smilebox <br/>[2009/08/19 00:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Vso <br/>[2006/12/24 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Zylom <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>[color=#E56717]========== Custom Scans ==========[/color] <br/> <br/> <br/>[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] <br/>[2009/10/23 11:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe <br/>[2005/09/28 09:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead <br/>[2010/05/24 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software <br/>[2008/02/13 14:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple <br/>[2010/01/11 21:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer <br/>[2010/05/20 18:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite <br/>[2005/04/18 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BenQ <br/>[2009/10/08 23:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite <br/>[2010/05/20 12:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite <br/>[2010/05/05 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX <br/>[2010/02/16 12:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink <br/>[2009/02/12 11:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google <br/>[2009/08/19 00:33:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek <br/>[2010/05/22 12:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro <br/>[2005/04/08 00:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield <br/>[2005/04/08 00:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit <br/>[2008/01/26 13:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak <br/>[2010/05/22 16:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>[2009/07/31 11:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee <br/>[2005/04/20 21:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com <br/>[2009/04/08 19:22:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft <br/>[2009/08/24 10:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS <br/>[2008/12/02 22:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 <br/>[2005/04/30 17:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime <br/>[2010/03/08 02:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real <br/>[2005/04/08 00:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI <br/>[2007/03/03 10:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype <br/>[2007/02/12 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox <br/>[2010/05/23 22:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun <br/>[2006/01/30 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com <br/>[2009/05/26 00:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec <br/>[2007/05/03 21:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP <br/>[2008/09/06 06:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks <br/>[2006/04/26 18:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage <br/>[2006/12/24 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom <br/>[2010/01/11 21:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} <br/> <br/>[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] <br/>[2010/04/29 11:21:54 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe <br/>[2010/05/05 09:33:19 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe <br/>[2010/05/05 09:33:22 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe <br/>[2010/05/05 09:33:25 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe <br/>[2010/04/29 11:23:09 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe <br/>[2010/05/05 09:35:00 | 000,056,766 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe <br/>[2010/04/29 11:23:09 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe <br/>[2010/05/05 09:33:32 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe <br/>[2010/05/05 09:33:34 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe <br/>[2010/04/29 11:23:22 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe <br/>[2010/04/29 11:22:35 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe <br/>[2010/04/29 11:22:32 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe <br/>[2010/05/05 09:34:32 | 000,057,679 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe <br/>[2010/04/29 11:22:14 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe <br/>[2010/04/29 11:20:39 | 001,180,952 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe <br/>[2010/04/29 11:22:57 | 000,054,629 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe <br/>[2010/05/05 09:33:48 | 000,084,040 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe <br/>[2010/05/05 09:34:51 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe <br/>[2010/04/29 11:26:48 | 000,056,978 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe <br/>[2009/08/18 19:25:42 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe <br/> <br/>[color=#A23BEC]< %APPDATA%\*. >[/color] <br/>[2009/08/19 00:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Adobe <br/>[2007/02/22 00:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\AdobeUM <br/>[2005/11/16 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Ahead <br/>[2010/05/16 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Any Video Converter <br/>[2010/01/11 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Apple Computer <br/>[2005/08/07 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\ArcSoft <br/>[2010/05/21 16:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\avidemux <br/>[2005/05/23 22:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Corel <br/>[2005/11/22 23:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\COWON <br/>[2005/04/18 23:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\CyberLink <br/>[2010/05/22 12:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\DAEMON Tools Lite <br/>[2010/04/29 12:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\DivX <br/>[2010/05/04 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\dvdcss <br/>[2010/03/16 00:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\foobar2000 <br/>[2009/10/08 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Genie-Soft <br/>[2006/08/03 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Google <br/>[2009/08/19 00:33:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PIOTR\Application Data\Gtek <br/>[2005/05/01 22:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Help <br/>[2006/12/24 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Identities <br/>[2005/04/18 19:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\InterVideo <br/>[2007/11/02 20:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Ipswitch <br/>[2005/10/08 18:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Jasc Software Inc <br/>[2009/12/10 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Leadertech <br/>[2009/06/10 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Macromedia <br/>[2010/05/22 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Malwarebytes <br/>[2005/04/11 23:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\McAfee.com Personal Firewall <br/>[2008/03/07 21:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Media Player Classic <br/>[2009/08/19 00:32:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\PIOTR\Application Data\Microsoft <br/>[2010/02/09 22:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Move Networks <br/>[2006/10/06 17:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Mozilla <br/>[2005/08/25 23:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Musicmatch <br/>[2007/10/08 22:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\pdf995 <br/>[2009/09/28 17:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\RayV <br/>[2009/10/06 23:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Real <br/>[2010/05/25 10:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Skype <br/>[2009/08/19 00:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Smilebox <br/>[2005/04/08 00:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Sun <br/>[2008/05/22 20:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Symantec <br/>[2008/09/06 06:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\TVU Networks <br/>[2010/05/12 09:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\U3 <br/>[2010/05/22 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\vlc <br/>[2009/08/19 00:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Vso <br/>[2009/01/24 13:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\WinRAR <br/>[2006/12/24 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PIOTR\Application Data\Zylom <br/> <br/>[color=#A23BEC]< %APPDATA%\*.exe /s >[/color] <br/>[2007/04/13 23:32:52 | 001,214,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\PIOTR\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe <br/>[2009/11/15 21:21:24 | 001,794,456 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe <br/>[2009/11/15 21:21:34 | 000,143,976 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Move Networks\uninstall.exe <br/>[2009/10/14 19:50:30 | 000,097,216 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe <br/>[2010/05/23 22:20:44 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Real\Update\setup3.10\setup.exe <br/>[2008/04/20 14:17:47 | 000,353,840 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Real\Update\temp\~Upg0\setup.exe <br/>[2009/07/31 14:10:24 | 001,573,512 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxClient.exe <br/>[2009/07/31 14:17:20 | 000,205,448 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxDvd.exe <br/>[2009/07/31 14:17:20 | 000,373,384 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxStarter.exe <br/>[2009/07/31 14:17:20 | 000,266,888 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxTray.exe <br/>[2009/07/31 13:41:04 | 000,123,528 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\SmileboxUpdater.exe <br/>[2008/09/14 19:24:43 | 000,057,907 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\uninstall.exe <br/>[2008/10/16 08:17:42 | 000,193,160 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\PIOTR\Application Data\Smilebox\VideoWizard.exe <br/>[2009/07/30 11:56:13 | 005,589,408 | ---- | M] (TVU networks) -- C:\Documents and Settings\PIOTR\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe <br/>[2005/06/06 10:29:14 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\PIOTR\Application Data\U3\temp\cleanup.exe <br/> <br/>[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] <br/>[2005/04/21 22:37:31 | 000,192,512 | ---- | M] (TODO: <Company name>) -- C:\register.exe <br/>[2005/04/20 00:22:09 | 001,144,133 | ---- | M] () -- C:\SetupAnyDVD5101.exe <br/>[1 C:\*.tmp files -> C:\*.tmp -> ] <br/> <br/> <br/>[color=#A23BEC]< MD5 for: AGP440.SYS >[/color] <br/>[2004/08/12 09:06:16 | 018,738,937 | ---- | M] () .cab file -- C:\DELL\MEDIAEXE\MEDIA\I386\sp2.cab:AGP440.sys <br/>[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys <br/>[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys <br/>[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys <br/>[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys <br/>[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys <br/>[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys <br/>[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys <br/>[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS <br/>[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys <br/> <br/>[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] <br/>[2004/08/12 09:06:16 | 018,738,937 | ---- | M] () .cab file -- C:\DELL\MEDIAEXE\MEDIA\I386\sp2.cab:atapi.sys <br/>[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys <br/>[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys <br/>[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys <br/>[2008/09/12 08:56:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys <br/>[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys <br/>[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys <br/>[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys <br/>[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys <br/>[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys <br/>[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys <br/>[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys <br/> <br/>[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] <br/>[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll <br/>[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll <br/>[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll <br/>[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL <br/>[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll <br/> <br/>[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] <br/>[2004/08/12 09:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\DELL\MEDIAEXE\MEDIA\I386\iastor.sys <br/> <br/>[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] <br/>[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll <br/>[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll <br/>[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll <br/>[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL <br/>[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll <br/> <br/>[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] <br/>[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL <br/>[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll <br/>[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll <br/>[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll <br/>[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll <br/> <br/>[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] <br/>[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\I386\USERINIT.EXE <br/>[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe <br/>[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe <br/>[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe <br/>[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe <br/> <br/>[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] <br/>[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE <br/>[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe <br/>[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe <br/>[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe <br/>[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe <br/> <br/>[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] <br/>[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV <br/>[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV <br/>[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV <br/> <br/>[color=#A23BEC]< %systemroot%\*. /mp /s >[/color] <br/> <br/>[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] <br/>[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll <br/>[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll <br/>[57 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] <br/> <br/>[color=#E56717]========== Alternate Data Streams ==========[/color] <br/> <br/>@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F <br/>< End of report > <br/> <br/> <br/>Extras.txt: <br/> <br/>OTL Extras logfile created on: 5/25/2010 10:44:35 AM - Run 1 <br/>OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\PIOTR\Desktop <br/>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation <br/>Internet Explorer (Version = 8.0.6001.18702) <br/>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy <br/> <br/>502.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 36.00% Memory free <br/>1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free <br/>Paging file location(s): C:\pagefile.sys 756 1512 [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files <br/>Drive C: | 71.47 Gb Total Space | 16.12 Gb Free Space | 22.55% Space Free | Partition Type: NTFS <br/>D: Drive not present or media not loaded <br/>E: Drive not present or media not loaded <br/>Drive F: | 1.88 Gb Total Space | 0.25 Gb Free Space | 13.17% Space Free | Partition Type: FAT <br/>G: Drive not present or media not loaded <br/>H: Drive not present or media not loaded <br/>I: Drive not present or media not loaded <br/> <br/>Computer Name: DJQ2M771 <br/>Current User Name: PIOTR <br/>Logged in as Administrator. <br/> <br/>Current Boot Mode: Normal <br/>Scan Mode: All users <br/>Company Name Whitelist: Off <br/>Skip Microsoft Files: Off <br/>File Age = 30 Days <br/>Output = Standard <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>exefile [open] -- "%1" %* <br/>htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) <br/>https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise) <br/>Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () <br/>Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) <br/>Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"FirstRunDisabled" = 1 <br/>"UpdatesDisableNotify" = 0 <br/>"AntiVirusOverride" = 0 <br/>"FirewallOverride" = 0 <br/>"AntiVirusDisableNotify" = 0 <br/>"FirewallDisableNotify" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/>"DisableMonitoring" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] <br/>"DisableMonitoring" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] <br/>"DisableMonitoring" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"EnableFirewall" = 1 <br/>"DoNotAllowExceptions" = 0 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] <br/>"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 <br/>"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] <br/>"C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher -- (Support.com, Inc.) <br/>"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV) <br/>"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV) <br/> <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player <br/>"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord <br/>"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306 <br/>"{0B168FED-B9EC-4DA8-AC17-9A41F284640B}" = BenQ QVideo <br/>"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE <br/>"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime <br/>"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections <br/>"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer <br/>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan <br/>"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch <br/>"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer <br/>"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 <br/>"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver <br/>"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1 <br/>"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox <br/>"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 <br/>"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP <br/>"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page <br/>"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager <br/>"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support <br/>"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 <br/>"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2 <br/>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater <br/>"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement <br/>"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC <br/>"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.04 <br/>"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool <br/>"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 <br/>"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 <br/>"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update <br/>"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer <br/>"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable <br/>"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore <br/>"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon <br/>"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate <br/>"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox <br/>"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver <br/>"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task <br/>"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system <br/>"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage <br/>"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS <br/>"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library <br/>"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 <br/>"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support <br/>"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 <br/>"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3 <br/>"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 <br/>"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 <br/>"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX <br/>"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC <br/>"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant <br/>"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 <br/>"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic <br/>"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb <br/>"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX <br/>"Adobe Shockwave Player" = Adobe Shockwave Player 11.5 <br/>"Any Video Converter_is1" = Any Video Converter 2.5.9 <br/>"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0 <br/>"avast5" = avast! Free Antivirus <br/>"Avidemux 2.5" = Avidemux 2.5 <br/>"Carbonite Backup" = Carbonite <br/>"CCleaner" = CCleaner <br/>"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 <br/>"Copy Utility" = Copy Utility <br/>"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver <br/>"DivX Setup.divx.com" = DivX Setup <br/>"Doc Convertor (Beta)_is1" = Doc Convertor 1.0 (Beta) <br/>"DVD Decrypter" = DVD Decrypter (Remove Only) <br/>"DVD Shrink_is1" = DVD Shrink 3.2 <br/>"EskkInternetPlus_is1" = Pakiet Multimedialny ESKK W³oski Demo 3.0 <br/>"foobar2000" = foobar2000 v0.9.6.3 <br/>"Google Chrome" = Google Chrome <br/>"HijackThis" = HijackThis 2.0.2 <br/>"HP Photo & Imaging" = HP Image Zone 4.2 <br/>"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs <br/>"ie7" = Windows Internet Explorer 7 <br/>"ie8" = Windows Internet Explorer 8 <br/>"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1 <br/>"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX <br/>"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX <br/>"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX <br/>"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX <br/>"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX <br/>"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library <br/>"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX <br/>"IsoBuster_is1" = IsoBuster 2.7 <br/>"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware <br/>"MediaMonkey_is1" = MediaMonkey 2.5 <br/>"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 <br/>"mkwACT" = mkw Audio Compression Toolkit <br/>"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP <br/>"NeroMultiInstaller!UninstallKey" = Nero Suite <br/>"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs <br/>"NMIX!UninstallKey" = NeroMIX <br/>"NMPUninstallKey" = Nero Media Player <br/>"OmniFormat" = OmniFormat <br/>"Pdf995" = Pdf995 <br/>"PROSet" = Intel(R) PRO Network Adapters and Drivers <br/>"RayV" = RayV <br/>"RealPlayer 12.0" = RealPlayer <br/>"Skype_is1" = Onet.pl - Skype 3.1 <br/>"SopCast" = SopCast 3.0.3 <br/>"Support.com" = ComcastSUPPORT <br/>"TVAnts 1.0" = TVAnts 1.0 <br/>"TVUPlayer" = TVUPlayer 2.3.7.1 <br/>"Unlocker" = Unlocker 1.8.7 <br/>"VLC media player" = VLC media player 1.0.5 <br/>"VobSub" = VobSub v2.23 (Remove Only) <br/>"Windows Media Format Runtime" = Windows Media Format 11 runtime <br/>"Windows Media Player" = Windows Media Player 11 <br/>"Windows XP Service Pack" = Windows XP Service Pack 3 <br/>"WinRAR archiver" = WinRAR archiver <br/>"WMFDist11" = Windows Media Format 11 runtime <br/>"wmp11" = Windows Media Player 11 <br/>"WS_FTP Pro" = Ipswitch WS_FTP Pro <br/>"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>"XP Codec Pack" = XP Codec Pack <br/>"XviD_is1" = XviD 1.1 final uninstall <br/> <br/>[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] <br/> <br/>[HKEY_USERS\S-1-5-21-443216631-3613593573-2154630143-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"Move Media Player" = Move Media Player <br/>"Smilebox" = Smilebox <br/> <br/>[color=#E56717]========== Last 10 Event Log Errors ==========[/color] <br/> <br/>[ Antivirus Events ] <br/>Error - 9/1/2009 12:58:04 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 9/1/2009 12:59:00 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 9/1/2009 12:59:01 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 9/1/2009 12:59:02 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 9/1/2009 12:59:06 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 9/1/2009 12:59:06 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 9/1/2009 12:59:06 AM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 10/7/2009 8:21:47 PM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 2/2/2010 9:24:09 PM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>Error - 2/2/2010 9:39:12 PM | Computer Name = DJQ2M771 | Source = avast! | ID = 33554522 <br/>Description = <br/> <br/>[ Application Events ] <br/>Error - 5/23/2010 12:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 1:15:06 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 3:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 4:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 5:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 6:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 7:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 8:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 9:15:05 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>Error - 5/23/2010 10:15:14 PM | Computer Name = DJQ2M771 | Source = Google Update | ID = 20 <br/>Description = <br/> <br/>[ System Events ] <br/>Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689 <br/>Description = Time Provider NtpClient: An error occurred during DNS lookup of the <br/> manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup <br/> again in 15 minutes. The error was: A socket operation was attempted to an unreachable <br/> host. (0x80072751) <br/> <br/>Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701 <br/>Description = The time provider NtpClient is configured to acquire time from one <br/> or more time sources, however none of the sources are currently accessible. No attempt <br/> to contact a source will be made for 15 minutes. NtpClient has no source of accurate <br/> time. <br/> <br/>Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689 <br/>Description = Time Provider NtpClient: An error occurred during DNS lookup of the <br/> manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup <br/> again in 15 minutes. The error was: A socket operation was attempted to an unreachable <br/> host. (0x80072751) <br/> <br/>Error - 5/23/2010 11:32:25 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701 <br/>Description = The time provider NtpClient is configured to acquire time from one <br/> or more time sources, however none of the sources are currently accessible. No attempt <br/> to contact a source will be made for 15 minutes. NtpClient has no source of accurate <br/> time. <br/> <br/>Error - 5/23/2010 11:35:27 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689 <br/>Description = Time Provider NtpClient: An error occurred during DNS lookup of the <br/> manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup <br/> again in 15 minutes. The error was: A socket operation was attempted to an unreachable <br/> host. (0x80072751) <br/> <br/>Error - 5/23/2010 11:35:27 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701 <br/>Description = The time provider NtpClient is configured to acquire time from one <br/> or more time sources, however none of the sources are currently accessible. No attempt <br/> to contact a source will be made for 15 minutes. NtpClient has no source of accurate <br/> time. <br/> <br/>Error - 5/23/2010 11:50:04 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452689 <br/>Description = Time Provider NtpClient: An error occurred during DNS lookup of the <br/> manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup <br/> again in 15 minutes. The error was: A socket operation was attempted to an unreachable <br/> host. (0x80072751) <br/> <br/>Error - 5/23/2010 11:50:04 PM | Computer Name = DJQ2M771 | Source = W32Time | ID = 39452701 <br/>Description = The time provider NtpClient is configured to acquire time from one <br/> or more time sources, however none of the sources are currently accessible. No attempt <br/> to contact a source will be made for 15 minutes. NtpClient has no source of accurate <br/> time. <br/> <br/>Error - 5/23/2010 11:50:22 PM | Computer Name = DJQ2M771 | Source = Dhcp | ID = 1002 <br/>Description = The IP address lease 192.168.100.2 for the Network Card with network <br/> address 00132015CF8A has been denied by the DHCP server 192.168.100.1 (The DHCP <br/>Server sent a DHCPNACK message). <br/> <br/>Error - 5/24/2010 9:02:50 PM | Computer Name = DJQ2M771 | Source = System Error | ID = 1003 <br/>Description = Error code 10000050, parameter1 fb41a047, parameter2 00000000, parameter3 <br/> a8e11d3d, parameter4 00000000. <br/> <br/> <br/>< End of report >
Posted 5/25/2010 4:28 PM
#86182
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
i see you have norton instaled. you can remove it if you want. use the removal tool: <br/>http://service1.symantec.com/support/tsgeninfo.nsf/docid/2005033108162039 <br/> <br/>otl script <br/>• Please double-click OTL.exe to run it. (Note: If you are running on Vista, or win 7, right-click on the file and choose Run As Administrator). <br/>• Copy all the lines <br/>below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose <br/>Copy): <br/> <br/>:otl <br/>IE - HKU\S-1-5-21-443216631-3613593573-2154630143-1006\..\URLSearchHook: - Reg Error: Key error. File not found <br/>O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found <br/>O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. <br/>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab <br/>(Windows Genuine Advantage Validation Tool) <br/>O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control) <br/>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) <br/>O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control) <br/>O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control) <br/>O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl <br/>Class) <br/>O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab (NsvPlayX Control) <br/>O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) <br/>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) <br/>O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload) <br/>O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab? (Photo Upload Plugin Class) <br/>O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class) <br/>O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell - "" = AutoRun <br/>O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun - "" = AutoPlay <br/>O33 - MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found <br/>@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F <br/>:commants <br/>[purity] <br/>[EMPTYFLASH] <br/>[emptytemp] <br/>[start explorer] <br/>[Reboot] <br/>• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste. <br/>• Close any browser(s) windows that may be open. <br/>• Using your mouse, click on the red-lettered button Run Fix. <br/>• Once you see a message box "Fix complete! Click OK to open the fix log." <br/>Click the OK button <br/>• The log will open in Notepad (your default text editor). <br/>• Save the log. Post it in your next reply
Posted 5/25/2010 5:26 PM
#86188
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Here is OTL log: <br/> <br/>All processes killed <br/>========== OTL ========== <br/>Registry value HKEY_USERS\S-1-5-21-443216631-3613593573-2154630143-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found. <br/>Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} <br/>C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. <br/>Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700} <br/>C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found. <br/>Starting removal of ActiveX control {38AB0814-B09B-4378-9940-14A19638C3C2} <br/>C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{38AB0814-B09B-4378-9940-14A19638C3C2}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38AB0814-B09B-4378-9940-14A19638C3C2}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{38AB0814-B09B-4378-9940-14A19638C3C2}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38AB0814-B09B-4378-9940-14A19638C3C2}\ not found. <br/>Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. <br/>Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. <br/>Starting removal of ActiveX control {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} <br/>Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\DownloadInformation\\INF . <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}\ not found. <br/>Starting removal of ActiveX control {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} <br/>Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\DownloadInformation\\INF . <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}\ not found. <br/>Starting removal of ActiveX control {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <br/>C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found. <br/>Starting removal of ActiveX control {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} <br/>C:\WINDOWS\Downloaded Program Files\nsvplayx_vp6_mp3.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5E28B9D-0A68-4B50-94E9-E8F6B4697516}\ not found. <br/>Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully. <br/>Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. <br/>Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. <br/>Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000} <br/>C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully. <br/>Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <br/>C:\WINDOWS\Downloaded Program Files\gp.inf not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. <br/>Starting removal of ActiveX control {E87F6C8E-16C0-11D3-BEF7-009027438003} <br/>Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E87F6C8E-16C0-11D3-BEF7-009027438003}\DownloadInformation\\INF . <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87F6C8E-16C0-11D3-BEF7-009027438003}\ not found. <br/>Starting removal of ActiveX control {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} <br/>C:\WINDOWS\Downloaded Program Files\PCAXSetup.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}\ not found. <br/>Starting removal of ActiveX control {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} <br/>C:\WINDOWS\Downloaded Program Files\ampx.inf moved successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}\ not found. <br/>Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\ deleted successfully. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found. <br/>Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found. <br/>Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found. <br/>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{accd39c4-14eb-11db-bd49-00132015cf8a}\ not found. <br/>File F:\LaunchU3.exe not found. <br/>ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F deleted successfully. <br/>Error: Unable to interpret <:commants> in the current context! <br/>Error: Unable to interpret <[purity]> in the current context! <br/>Error: Unable to interpret <[EMPTYFLASH] > in the current context! <br/>Error: Unable to interpret <[emptytemp]> in the current context! <br/>Error: Unable to interpret <[start explorer]> in the current context! <br/>Error: Unable to interpret <[Reboot]> in the current context! <br/> <br/>OTL by OldTimer - Version 3.2.5.0 log created on 05252010_115407 <br/> <br/>Files\Folders moved on Reboot... <br/> <br/>Registry entries deleted on Reboot...
Posted 5/25/2010 5:29 PM
#86189
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
new otl script <br/>:Commands <br/>[purity] <br/>[EMPTYFLASH] <br/>[emptytemp] <br/>[start explorer] <br/>[Reboot] <br/>post the log
Posted 5/25/2010 5:49 PM
#86190
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
ok, here it is: <br/> <br/>All processes killed <br/>========== COMMANDS ========== <br/> <br/>[EMPTYFLASH] <br/> <br/>User: Administrator <br/> <br/>User: All Users <br/> <br/>User: Default User <br/> <br/>User: LocalService <br/>->Flash cache emptied: 5338 bytes <br/> <br/>User: NetworkService <br/>->Flash cache emptied: 13824 bytes <br/> <br/>User: PIOTR <br/>->Flash cache emptied: 1224000 bytes <br/> <br/>Total Flash Files Cleaned = 1.00 mb <br/> <br/> <br/>[EMPTYTEMP] <br/> <br/>User: Administrator <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 32902 bytes <br/> <br/>User: All Users <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 32768 bytes <br/> <br/>User: LocalService <br/>->Temp folder emptied: 66016 bytes <br/>->Temporary Internet Files folder emptied: 426118 bytes <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: NetworkService <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 67 bytes <br/>->Flash cache emptied: 0 bytes <br/> <br/>User: PIOTR <br/>->Temp folder emptied: 25616790 bytes <br/>->Temporary Internet Files folder emptied: 14353125 bytes <br/>->Java cache emptied: 0 bytes <br/>->FireFox cache emptied: 1574447 bytes <br/>->Google Chrome cache emptied: 0 bytes <br/>->Flash cache emptied: 0 bytes <br/> <br/>%systemdrive% .tmp files removed: 6597 bytes <br/>%systemroot% .tmp files removed: 19569 bytes <br/>%systemroot%\System32 .tmp files removed: 48163089 bytes <br/>%systemroot%\System32\dllcache .tmp files removed: 114688 bytes <br/>%systemroot%\System32\drivers .tmp files removed: 0 bytes <br/>Windows Temp folder emptied: 3039568 bytes <br/>%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes <br/>%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes <br/>RecycleBin emptied: 854064 bytes <br/> <br/>Total Files Cleaned = 90.00 mb <br/> <br/> <br/>OTL by OldTimer - Version 3.2.5.0 log created on 05252010_124207 <br/> <br/>Files\Folders moved on Reboot... <br/>File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. <br/>File\Folder C:\WINDOWS\temp\Perflib_Perfdata_9e0.dat not found! <br/> <br/>Registry entries deleted on Reboot...
Posted 5/25/2010 6:02 PM
#86194
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
Prevx safe online. <br/>I use this tool, this protect you against data stealing techniques. <br/>for example, you have an unknown malware and this will send your password to an backdoor server, it can protect you. <br/>this tool is cloud based and net an internet conection to work korekt. <br/>an test for better understanding: <br/>http://info.prevx.com/download.asp?GRAB=IMMUNITY <br/>please install the program: <br/>http://pxnow.prevx.com/zeroL/PREVXFACEBOOK.EXE <br/>it will start an "learn scan" let it run. <br/>open your web browser. you will see the prevx safe online symbol. <br/>klick it, select configure and set all to maximum. <br/>screenshot: <br/>http://www.pic-upload.de/view-5696014/prevx.jpg.html <br/> <br/>select "safe" <br/>have a look if all is working korekt, if not, tell me. <br/>The program can also detect malware, but it can not remove it in this version. Please klick the symbol in the tray, select heuristik, set all to maximum. <br/>klick now the "scan" buton. <br/> <br/>now right klick the prevx symbol in the tray, select tool and safe log. <br/>www.file-upload.net <br/>klick "durchsuchen" search the log. <br/>after this klick "datei hochladen" <br/>post the download link <br/>when you are installing much programms, you must set the age /popularity heuristik from maximum to high. <br/>if you have problems to use prevx in the future, wilders have the prevx suport forum and you can open a thread. <br/>http://www.wilderssecurity.com/
Posted 5/25/2010 6:38 PM
#86195
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Prevx works fine. <br/>Here is the download link: <br/> <br/>http://www.file-upload.net/download-2545445/prevxscan.log.html
Posted 5/25/2010 6:41 PM
#86196
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
is the pc also running fine now or any problems
Posted 5/25/2010 6:46 PM
#86197
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Since the OTL restarts it seems to be working fine, I would say faster than before :)
Posted 5/25/2010 6:49 PM
#86198
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
sounds nice. <br/>you can prevx use on all your pcs when you have more. <br/>ewe have do do something. <br/>1. start run <br/>combofix /uninstall <br/>enter. <br/>2. change all your passwords, yours are stolen. <br/>3. you have security  holes. <br/>go to <br/>windowsupdate.microsoft.com <br/>install all important updates. <br/>4. <br/>download <br/>PSI (personal secunia software inspector) <br/>http://secunia.com/vulnerability_scanning/personal/ <br/>this tool shows you all updates for your software, this is important!! <br/>5. <br/>Download: <br/>http://oldtimer.geekstogo.com/OTM.exe <br/>klick cleanit, this tool removes all used tools and itself. <br/>6. <br/>de- and reactivate system restore: <br/>http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off <br/>7. <br/>For safer surfing try sandboxie: <br/>http://www.sandboxie.com/index.php?GettingStarted <br/>8. <br/>use atf cleaner: <br/>http://majorgeeks.com/ATF_Cleaner_d4949.html <br/>Double-click ATF-Cleaner.exe to run the program. <br/>Under Main choose: Select All <br/>Click the Empty Selected button. <br/>If you use Firefox browser <br/>Click Firefox at the top and choose: Select All <br/>Click the Empty Selected button. <br/>NOTE: If you would like to keep your saved passwords, please click No at the prompt. <br/>If you use Opera browser <br/>Click Opera at the top and choose: Select All <br/>Click the Empty Selected button. <br/>NOTE: If you would like to keep your saved passwords, please click No at the prompt. <br/>Click Exit on the Main menu to close the program. <br/>also sandboxie and secunia is good for all pcs :-)
Posted 5/25/2010 6:51 PM
#86199
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
something... <br/>i think you must open crome and ff, think you are using this and configure the http protection for this browsers (i mean prevx safe online)
Posted 5/25/2010 7:38 PM
#86200
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
I am trying to update programs recommended by Secunia, however during setup there is an error reading from file C\...\Documents and settings\Temporary internet files... <br/> verify that the file exists and you can access it. <br/>I don't see "Temporary internet files" folder at all (I marked "show hidden files" from tools menu in the browser) <br/>Shoul I just create it or is it a different issue?
Posted 5/25/2010 7:40 PM
#86201
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
use at first atf cleaner and try again secunia later
Posted 5/25/2010 7:40 PM
#86202
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
use at first atf cleaner and try again secunia later
Posted 5/25/2010 8:19 PM
#86204
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Ok, I did that. At first, the same message appeared (error reading...), now Windows Data execution prevention shuts down downloads.
Posted 5/25/2010 8:42 PM
#86205
User avatar

piotrg66 Valued member

Date Joined Nov 2016
Total Posts: 21
Also, one of the secunia threats was google chrome. I did not do anything, but it was removed from the list, and then google gears patched. <br/>Was it done automatically?
Posted 5/26/2010 10:24 AM
#86210
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
yes i think so. is secunia done now or any problems, if yes say me the program and we will update it manual
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 7:39 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.