TechSpot

HTML/Infected.WebPage.Gen [virus] help!

By freakin malware
Feb 10, 2011
  1. Cheers!

    I have two major issues that I can't handle myself:
    1) (the smaller one) After starting my computer there's this one pop-up error that occurs 'smgr32.exe error- can't find the component- there is a zlib4.dll file missing. Reinstalling the aplication might solve the problem'. It doesn't affect the systems work that much if at all, but it is a nuisance and just looking at it makes me feel sorry for my PC.
    2) (the big one) After browsing youtube and a site with mature content and after closing a few adds this popped up: 'HTML/Infected.WebPage.Gen [virus]' in my Avira scan and i got so scared i pressed enter... and the default process was deletion. My Firefox crashed and now I can't log onto any web service (I'm writing this message from my other PC with a Mobile/Dial-up internet connection) nor any of my internet games. Tried rebooting the system, scanned it with Avira again, returning it to it's previous state, uninstalling any programs that I've installed over the past 24h, but still nothing works... I'm completely out of ideas. My modem works, all the lights are on and my cabel tv and stationary phone seem to be unaffected, but I can't log on to ANYTHING. Internet exploarer just gives me a blank page asking me if I'm sure I've written the addres correctly, same for Firefox. I'm just a poor philology student making a living out of tutoring, I don't know zippo about computers. Please, help. I'm providing the full message that popped up after the accidental deletion:

    'Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]' detected in file 'C:\Documents and Settings\Owner\Local Settings\Application Data\Firefox\Profiles\omi8g82x default\Cache\_CACHE_001_. Action performed: Delete file.

    I would really appreciate a fast response since I have a lot of friends that I can't communicate to from this computer via Skype and would love to have a reasonable download/upload speed again. The second issue is top priority.
    Thank you in advance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. freakin malware

    freakin malware TS Rookie Topic Starter

    Okay...

    If I've done this correctly (which i hope i did:confused:) then this should be it:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5736

    Windows 5.1.2600 Dodatek Service Pack 3
    Internet Explorer 8.0.6001.18702

    2011-02-11 06:01:36
    mbam-log-2011-02-11 (06-01-36).txt

    Scan type: Quick scan
    Objects scanned: 136929
    Time elapsed: 2 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=319&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\właściciel\application data\security antivirus (Rogue.SecurityAntivirus) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\właściciel\menu start\Programy\autostart\smgr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\właściciel\application data\security antivirus\cookies.sqlite (Rogue.SecurityAntivirus) -> Quarantined and deleted successfully.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-11 06:11:35
    Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD502IJ rev.1AA01113
    Running: n592zox6.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\uwniyaod.sys


    ---- System - GMER 1.0.15 ----

    SSDT spnv.sys ZwEnumerateKey [0xF7455CA2]
    SSDT spnv.sys ZwEnumerateValueKey [0xF7456030]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\a8x1hybq \Device\Scsi\a8x1hybq1 8A7B2500
    Device \Driver\a8x1hybq \Device\Scsi\a8x1hybq1Port5Path0Target0Lun0 8A7B2500
    Device \Driver\argxpti9 \Device\Scsi\argxpti91 8A7A31F8
    Device \Driver\argxpti9 \Device\Scsi\argxpti91Port4Path0Target0Lun0 8A7A31F8
    Device \FileSystem\Ntfs \Ntfs 8AB581F8

    ---- EOF - GMER 1.0.15 ----
     
  4. freakin malware

    freakin malware TS Rookie Topic Starter

    ... and the rest


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Wˆa˜ciciel at 6:20:59,01 on 2011-02-11
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2545 [GMT 1:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Właściciel\Pulpit\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.dict.pl/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S97.tmp" /EF "HKCU"
    uRun: [Gadu-Gadu] "d:\program files\gadu-gadu\gg.exe" /tray
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DAEMON Tools Lite] "d:\program files\daemon\daemon tools lite\daemon.exe" -autorun
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [AlcoholAutomount] "d:\program files\diablo2\alcohol 120\axcmd.exe" /automount
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Gadu-Gadu 10] "c:\program files\gadu-gadu 10\gg.exe"
    uRun: [IPLA!] c:\program files\ipla\ipla.exe /autorun
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe acrobat\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\wacici~1\menust~1\programy\autost~1\hamachi.lnk - d:\program files\hamachi\hamachi.exe
    IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\wacici~1\daneap~1\mozilla\firefox\profiles\omi8g82x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
    FF - plugin: c:\documents and settings\all users\dane aplikacji\gadu-gadu 10\_userdata\npgg.4.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: d:\program files\adobe acrobat\reader\browser\nppdf32.dll
    FF - plugin: d:\program files\dlm\download manager\npfpdlm.dll
    FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
    FF - plugin: d:\program files\opera\program\plugins\npdsplay.dll
    FF - plugin: d:\program files\opera\program\plugins\npganymedenet.dll
    FF - plugin: d:\program files\opera\program\plugins\npwmsdrm.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-29 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-29 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-29 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-29 56816]
    R2 StarWindServiceAE;StarWind AE Service;d:\program files\diablo2\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

    =============== Created Last 30 ================

    2011-02-11 04:56:27 -------- d-----w- c:\docume~1\wacici~1\daneap~1\Malwarebytes
    2011-02-11 04:56:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-11 04:56:08 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Malwarebytes
    2011-02-11 04:56:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-11 03:00:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-02-11 03:00:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-02-11 02:59:48 -------- d-----w- c:\program files\Pocket Tanks

    ==================== Find3M ====================

    2011-01-17 21:45:31 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-01-17 21:45:31 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-01-17 18:30:03 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2010-12-23 01:39:19 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-12-05 17:19:30 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-05 17:19:30 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-05 17:19:19 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin

    ============= FINISH: 6:21:05,32 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2002-03-14 06:58:04
    System Uptime: 2011-02-11 06:03:19 (0 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7507
    Processor: Procesor Intel Pentium III Xeon | CPU 1 | 2520/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 41,895 GiB free.
    D: is FIXED (NTFS) - 195 GiB total, 107,612 GiB free.
    E: is FIXED (NTFS) - 196 GiB total, 193,253 GiB free.
    F: is CDROM (CDFS)
    G: is CDROM ()
    H: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_507C1462&REV_02\4&38D2602C&0&00E1
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_507C1462&REV_02\4&38D2602C&0&00E1
    Service: RTLE8023xp

    ==== System Restore Points ===================

    RP299: 2010-11-29 11:30:46 - Punkt kontrolny systemu
    RP300: 2010-12-05 15:24:21 - Punkt kontrolny systemu
    RP301: 2010-12-18 01:11:36 - Punkt kontrolny systemu
    RP302: 2010-12-27 14:39:50 - Punkt kontrolny systemu
    RP303: 2011-01-16 22:55:24 - Punkt kontrolny systemu
    RP304: 2011-01-17 05:45:49 - Operacja przywracania
    RP305: 2011-01-17 05:56:18 - Operacja przywracania
    RP306: 2011-01-17 10:00:15 - Removed League of Legends
    RP307: 2011-01-17 10:53:37 - Installed League of Legends
    RP308: 2011-02-10 23:15:40 - Punkt kontrolny systemu
    RP309: 2011-02-11 00:56:31 - Operacja przywracania
    RP310: 2011-02-11 03:59:12 - Operacja przywracania

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Adobe Shockwave Player 11.5
    Aktualizacja dla systemu Windows Internet Explorer 8 (KB971930)
    Aktualizacja dla systemu Windows Internet Explorer 8 (KB976662)
    Aktualizacja dla systemu Windows XP (KB951978)
    Aktualizacja dla systemu Windows XP (KB955759)
    Aktualizacja dla systemu Windows XP (KB955839)
    Aktualizacja dla systemu Windows XP (KB967715)
    Aktualizacja dla systemu Windows XP (KB968389)
    Aktualizacja dla systemu Windows XP (KB971737)
    Aktualizacja dla systemu Windows XP (KB973687)
    Aktualizacja dla systemu Windows XP (KB973815)
    Aktualizacja krytyczna dla programu Windows Media Player 11 (KB959772)
    Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
    Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)
    Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816)
    Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)
    Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)
    Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB969897)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB971961)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB972260)
    Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB978207)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)
    Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)
    Aktualizacja zabezpieczeń dla Windows XP (KB941569)
    Aliens versus Predator 2: Primal Hunt
    Aliens vs. Predator 2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Archiwizator WinRAR
    µTorrent
    Audacity 1.2.6
    Avira AntiVir Personal - Free Antivirus
    Baldur's Gate
    Bejeweled 2 Deluxe 1.1.3.2523
    Bejeweled Deluxe 1.87
    Big Fish Games Client
    Black & White® 2
    Bonjour
    Call of Duty
    Call of Duty - United Offensive
    Call of Duty(R) 2
    Call of Duty(R) 2 Patch 1.3
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    DAEMON Tools Toolbar
    Diablo II
    DivX Web Player
    DMC 2.1
    DMC 2.3b
    Dofus 1.26.0
    Download Manager 2.3.10
    EPSON Printer Software
    EPSON Scan
    Fraps
    Free YouTube Download 2.3
    Gadu-Gadu 10
    Gadu-Gadu 7.7
    GameDesire-Poker
    GameSpy Arcade
    Global MU Online
    Hamachi 1.0.3.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Icewind Dale II
    ipla 2.2.1
    Java(TM) 6 Update 14
    K-Lite Mega Codec Pack 4.1.7
    League of Legends
    Malwarebytes' Anti-Malware
    Massive Assault
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mount&Blade
    Mozilla Firefox (3.0.19)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Micro 8.3.2.1
    NVIDIA Display Control Panel
    NVIDIA Install Application
    NVIDIA nView 135.36
    NVIDIA nView Desktop Manager
    NVIDIA Oprogramowanie systemu PhysX 9.10.0514
    NVIDIA PhysX
    NVIDIA Sterownik graficzny 260.99
    OpenAL
    Opera 9.64
    Pakiet zgodności dla systemu Office 2007
    Pando Media Booster
    ParadisePoker
    Penumbra - Czarna Plaga + Requiem
    Penumbra - Przebudzenie
    Plants vs. Zombies
    Pocket Tanks v1.3
    Poprawka dla programu Windows Media Player 11 (KB939683)
    Poprawka dla systemu Windows XP (KB952287)
    Poprawka dla systemu Windows XP (KB961118)
    Poprawka dla systemu Windows XP (KB970653-v3)
    Poprawka dla systemu Windows XP (KB979306)
    Project64 1.6
    Puzzle Quest
    Realtek High Definition Audio Driver
    Sąsiedzi z Piekła Rodem 1 i 2
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Skype™ 4.2
    Spellforce
    Spolszczenie 1.0
    Starcraft
    SubEdit-Player
    TeamSpeak 2 RC2
    TeamSpeak 3 Client
    The Punisher
    Tibia
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.762
    Ventrilo
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    World of Tanks closed beta v.0.4.5
    World of Warcraft
    Xfire (remove only)
    ZhyperMU Season 4 AC V4

    ==== End Of File ===========================
     
  5. freakin malware

    freakin malware TS Rookie Topic Starter

    As I did the scan my internet popped back up :approve: Now the only thing remaining is to finish the rest. The smgr32.exe error didn't pop up at reboots as well... oh, and sorry for the polish language, if you have ANY trouble translating or reading between the lines I can help.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Hahaha....Dzień dobry :)
    Z jakiego miasta w Polsce?

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. freakin malware

    freakin malware TS Rookie Topic Starter

    Z Tomaszowa Mazowieckiego 50km od Łodzi :)

    So there is good and bad news. Here's the good news:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Dodatek Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000000fc

    Kernel Drivers (total 115):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75F7000 eoluandc.sys
    0xF7436000 spnv.sys
    0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF741E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF7868000 ACPI.sys
    0xF740D000 pci.sys
    0xF7607000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7617000 MountMgr.sys
    0xF7849000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7627000 VolSnap.sys
    0xF7831000 atapi.sys
    0xF7637000 disk.sys
    0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7967000 fltmgr.sys
    0xF7955000 sr.sys
    0xF7657000 PxHelp20.sys
    0xF7A38000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7A0B000 NDIS.sys
    0xF7B38000 Mup.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB7485000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB7471000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB744C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF77B7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB740E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8101000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB87FC000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB73FA000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB80F1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF77CF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB80E1000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB80D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB80C1000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB73D7000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB72C9000 \SystemRoot\System32\Drivers\a8x1hybq.SYS
    0xB7293000 \SystemRoot\System32\Drivers\argxpti9.SYS
    0xB733C000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB80B1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB87D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB727C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB80A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8091000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB726B000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8081000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77DF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\hamachi.sys
    0xB8071000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79AF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB71BD000 \SystemRoot\system32\DRIVERS\update.sys
    0xB87C8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7697000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB4BF6000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB4BD2000 \SystemRoot\system32\drivers\portcls.sys
    0xF76B7000 \SystemRoot\system32\drivers\drmk.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79BD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB7313000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79BF000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF781F000 \SystemRoot\System32\drivers\vga.sys
    0xF79C1000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79C3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF774F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7757000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB87F4000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB4B4F000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB4AF6000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB4ACE000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB4AA8000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB4A86000 \SystemRoot\System32\drivers\afd.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF775F000 \SystemRoot\System32\Drivers\StarOpen.SYS
    0xF7767000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xB4A5B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB49EB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF76F7000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB49CF000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF79C7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF75A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB498F000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79C9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB7199000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF776F000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB8704000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB3C59000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xB3C71000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB39D4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB38F7000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB3A71000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF798D000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB3328000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB2C9C000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB28B6000 \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\uwniyaod.sys
    0xF7787000 \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\mbr.sys
    0xB289C000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xB2871000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    0x10000000 \Program Files\Diablo2\Alcohol 120\alcoholx.dll

    Processes (total 37):
    0 System Idle Process
    4 System
    688 C:\WINDOWS\system32\smss.exe
    736 csrss.exe
    760 C:\WINDOWS\system32\winlogon.exe
    804 C:\WINDOWS\system32\services.exe
    816 C:\WINDOWS\system32\lsass.exe
    1008 C:\WINDOWS\system32\nvsvc32.exe
    1044 C:\WINDOWS\system32\svchost.exe
    1120 svchost.exe
    1492 C:\WINDOWS\system32\svchost.exe
    1560 svchost.exe
    1792 svchost.exe
    2004 C:\WINDOWS\system32\spoolsv.exe
    136 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    224 svchost.exe
    496 C:\WINDOWS\explorer.exe
    636 C:\WINDOWS\RTHDCPL.exe
    612 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    708 C:\Program Files\Java\jre6\bin\jusched.exe
    408 C:\WINDOWS\system32\rundll32.exe
    1072 C:\WINDOWS\system32\ctfmon.exe
    1288 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    516 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    556 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1504 C:\Program Files\Bonjour\mDNSResponder.exe
    1200 C:\Program Files\Java\jre6\bin\jqs.exe
    1572 C:\WINDOWS\system32\PnkBstrA.exe
    164 D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe
    2052 C:\WINDOWS\system32\svchost.exe
    584 C:\WINDOWS\system32\WISPTIS.EXE
    2132 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    2648 alg.exe
    336 C:\WINDOWS\system32\wuauclt.exe
    3104 C:\Program Files\Gadu-Gadu 10\gg.exe
    2924 C:\Program Files\Mozilla Firefox\firefox.exe
    2888 C:\Documents and Settings\W

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`8e2db000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000043`61f8e000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C


    Done!

    And now the bad news... before I came to this site my friend recommended ComboFix to me... and I ran it and there seemed to be no problems (other than the failing internet connection which at the time I thought was do to the malware/virus) but now that I ran it and made all the neccessary steps it didn't produce a report for me ... just a sort of a short cut folder in My Computer/C:/ComboFix (it looks exactly as the My Computer icon and as I click it it reopens the 'previous page' of My Computer over, and over, and over again). Could it be because of the fact that I don't have an Ad-Aware type of program? And as it was almost done it blue screened on me and rebooted o.O.

    On a side note: you think anyone would mind if we speak in polish?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I think, it'd be inappropriate to communicate in Polish in the open :)

    Delete your Combofix file, download fresh one and see, if it'll run.
    If still a problem, refer to my original instruction, what to do, if Combofix doesn't want to run.

    Bed time coming for me, so...
    ...do zobaczenia jutro :)
     
  9. freakin malware

    freakin malware TS Rookie Topic Starter

    Done! But um...

    A few strange things occured... I hope it's nothing serious:

    I downloaded the version from the second link and it updated itself.
    It said something about an error about the compatibility with the xp version o.o and it couldn't read certain files... which happened to be my DVD-RW Rom from which I've forgotten to remove a certain game T_T BUT! It did the updates anyway and scanned the system producing a nice log file. Here it is:

    ComboFix 11-02-09.05 - Właściciel 2011-02-11 7:33.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2627 [GMT 1:00]
    Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Poprzednie uruchomienie -------
    .
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((( Pliki utworzone od 2011-01-11 do 2011-02-11 )))))))))))))))))))))))))))))))
    .

    2011-02-11 06:32 . 2011-02-11 06:32 -------- d-----r- C:\32788R22FWJFW
    2011-01-17 09:21 . 2011-01-17 09:21 -------- d-----w- c:\program files\Common Files\Adobe AIR

    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-17 21:45 . 2008-12-19 21:09 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-01-17 21:45 . 2009-02-27 22:12 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-01-17 21:45 . 2008-12-19 21:09 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-01-17 18:30 . 2008-12-19 21:09 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2010-12-23 01:39 . 2008-12-19 21:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
    "DAEMON Tools Lite"="d:\program files\Daemon\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
    "AlcoholAutomount"="d:\program files\Diablo2\Alcohol 120\axcmd.exe" [2009-04-02 203928]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
    "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
    "IPLA!"="c:\program files\ipla\ipla.exe" [2010-11-22 18630656]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-24 2953112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]
    "Adobe Reader Speed Launcher"="d:\program files\Adobe Acrobat\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 17:21 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    c:\program files\Winamp\winampa.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MDM"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\Xfire\\Xfire.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "d:\\Program Files\\Gadu-Gadu\\gg.exe"=
    "d:\\Program Files\\Call of Duty\\CoDMP.exe"=
    "d:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
    "d:\\Program Files\\uTorrent\\uTorrent.exe"=
    "d:\\Program Files\\Starcraft\\StarCraft.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Hamachi\\hamachi.exe"=
    "d:\\Program Files\\DuelMasters 2_4\\DuelMasters.exe"=
    "d:\\Program Files\\Activision\\Call of Duty2\\CoD2MP_s.exe"=
    "d:\\Program Files\\Spellforce\\SpellForce.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "d:\\Program Files\\AVP2 PH\\lithtech.exe"=
    "d:\\Program Files\\AVP2\\lithtech.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "d:\\Program Files\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
    "d:\\LoL\\air\\LolClient.exe"=
    "d:\\LoL\\game\\League of Legends.exe"=
    "d:\\Program Files\\KF\\Killing Floor\\System\\KillingFloor.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57568:TCP"= 57568:TCP:pando Media Booster
    "57568:UDP"= 57568:UDP:pando Media Booster
    "8394:TCP"= 8394:TCP:League of Legends Launcher
    "8394:UDP"= 8394:UDP:League of Legends Launcher
    "6912:TCP"= 6912:TCP:League of Legends Launcher
    "6912:UDP"= 6912:UDP:League of Legends Launcher
    "6990:TCP"= 6990:TCP:League of Legends Launcher
    "6990:UDP"= 6990:UDP:League of Legends Launcher
    "8395:TCP"= 8395:TCP:League of Legends Launcher
    "8395:UDP"= 8395:UDP:League of Legends Launcher
    "6970:TCP"= 6970:TCP:League of Legends Launcher
    "6970:UDP"= 6970:UDP:League of Legends Launcher
    "8380:TCP"= 8380:TCP:League of Legends Launcher
    "8380:UDP"= 8380:UDP:League of Legends Launcher
    "6995:TCP"= 6995:TCP:League of Legends Launcher
    "6995:UDP"= 6995:UDP:League of Legends Launcher
    "8396:TCP"= 8396:TCP:League of Legends Launcher
    "8396:UDP"= 8396:UDP:League of Legends Launcher
    "6907:TCP"= 6907:TCP:League of Legends Launcher
    "6907:UDP"= 6907:UDP:League of Legends Launcher
    "6992:TCP"= 6992:TCP:League of Legends Launcher
    "6992:UDP"= 6992:UDP:League of Legends Launcher
    "6986:TCP"= 6986:TCP:League of Legends Launcher
    "6986:UDP"= 6986:UDP:League of Legends Launcher
    "6963:TCP"= 6963:TCP:League of Legends Launcher
    "6963:UDP"= 6963:UDP:League of Legends Launcher
    "6917:TCP"= 6917:TCP:League of Legends Launcher
    "6917:UDP"= 6917:UDP:League of Legends Launcher
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "6926:TCP"= 6926:TCP:League of Legends Launcher
    "6926:UDP"= 6926:UDP:League of Legends Launcher
    "6894:TCP"= 6894:TCP:League of Legends Launcher
    "6894:UDP"= 6894:UDP:League of Legends Launcher
    "6976:TCP"= 6976:TCP:League of Legends Launcher
    "6976:UDP"= 6976:UDP:League of Legends Launcher
    "6904:TCP"= 6904:TCP:League of Legends Launcher
    "6904:UDP"= 6904:UDP:League of Legends Launcher
    "6923:TCP"= 6923:TCP:League of Legends Launcher
    "6923:UDP"= 6923:UDP:League of Legends Launcher
    "6972:TCP"= 6972:TCP:League of Legends Launcher
    "6972:UDP"= 6972:UDP:League of Legends Launcher
    "6934:TCP"= 6934:TCP:League of Legends Launcher
    "6934:UDP"= 6934:UDP:League of Legends Launcher
    "6997:TCP"= 6997:TCP:League of Legends Launcher
    "6997:UDP"= 6997:UDP:League of Legends Launcher
    "6956:TCP"= 6956:TCP:League of Legends Launcher
    "6956:UDP"= 6956:UDP:League of Legends Launcher
    "6953:TCP"= 6953:TCP:League of Legends Launcher
    "6953:UDP"= 6953:UDP:League of Legends Launcher
    "6883:TCP"= 6883:TCP:League of Legends Launcher
    "6883:UDP"= 6883:UDP:League of Legends Launcher
    "6985:TCP"= 6985:TCP:League of Legends Launcher
    "6985:UDP"= 6985:UDP:League of Legends Launcher
    "6942:TCP"= 6942:TCP:League of Legends Launcher
    "6942:UDP"= 6942:UDP:League of Legends Launcher
    "6965:TCP"= 6965:TCP:League of Legends Launcher
    "6965:UDP"= 6965:UDP:League of Legends Launcher
    "6967:TCP"= 6967:TCP:League of Legends Launcher
    "6967:UDP"= 6967:UDP:League of Legends Launcher
    "6939:TCP"= 6939:TCP:League of Legends Launcher
    "6939:UDP"= 6939:UDP:League of Legends Launcher

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-02-08 717296]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-29 108289]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
    .
    Zawartość folderu 'Zaplanowane zadania'

    2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Skan uzupełniający -------
    .
    uStart Page = hxxp://www.dict.pl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\omi8g82x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-11 07:36
    Windows 5.1.2600 Dodatek Service Pack 3 NTFS

    skanowanie ukrytych procesów ...

    skanowanie ukrytych wpisów autostartu ...

    skanowanie ukrytych plików ...

    skanowanie pomyślnie ukończone
    ukryte pliki: 0

    **************************************************************************
    .
    --------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

    - - - - - - - > 'explorer.exe'(3808)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Czas ukończenia: 2011-02-11 07:36:59
    ComboFix-quarantined-files.txt 2011-02-11 06:36
    ComboFix2.txt 2011-02-11 01:12

    Przed: 44*912*443*392 bajtów wolnych
    Po: 44*873*445*376 bajtów wolnych

    - - End Of File - - 721C101F5CE632D02786733B049777E9

    It didn't blue screen or crash on me this time :D but now I have an empty ComboFix folder (the one that just looped C:/ComboFix over and over) and a new one called: 32788R22FWJFW. What should I do with it? And is(are) my and my CPU's problem(s) over?

    Reply when you find the time and:... karaluchy do poduchy :stickout:
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Combofix log looks fine now, but we still need to run couple more checks to make sure your computer is totally clean.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. freakin malware

    freakin malware TS Rookie Topic Starter

    Sorry

    Here's the log:

    OTL logfile created on: 2011-02-11 21:56:04 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Właściciel\Pulpit
    Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
    5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74,22 Gb Total Space | 39,90 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
    Drive D: | 195,31 Gb Total Space | 107,66 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
    Drive E: | 196,22 Gb Total Space | 193,25 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

    Computer Name: DOM-0F8B8E01CF6 | User Name: Właściciel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-02-11 21:53:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
    PRC - [2010-09-24 23:46:23 | 002,953,112 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
    PRC - [2010-06-10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009-08-05 10:33:11 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2009-06-11 17:22:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2002-08-21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011-02-11 21:53:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
    MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2010-06-10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009-08-05 10:33:11 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009-06-11 17:22:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


    ========== Driver Services (SafeList) ==========

    DRV - [2010-10-22 07:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009-12-07 14:46:36 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009-06-11 17:22:06 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009-03-08 19:56:01 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009-02-08 20:52:19 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008-02-14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dict.pl/
    IE - HKU\S-1-5-21-842925246-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-842925246-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-04 16:08:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-11 08:24:56 | 000,000,000 | ---D | M]

    [2009-01-03 14:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Extensions
    [2011-02-11 08:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\omi8g82x.default\extensions
    [2010-04-29 21:52:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\omi8g82x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011-02-11 08:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011-02-11 07:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011-02-11 07:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WłAśCICIEL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\OMI8G82X.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
    [2011-02-11 07:54:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009-05-19 16:23:38 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
    [2009-07-24 15:34:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
    [2009-07-24 15:34:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
    [2009-07-24 15:34:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
    [2009-07-24 15:34:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
    [2009-07-24 15:34:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
    [2009-07-24 15:34:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

    O1 HOSTS File: ([2011-02-11 07:06:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [AlcoholAutomount] D:\Program Files\Diablo2\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [DAEMON Tools Lite] D:\Program Files\Daemon\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
    O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
    O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
    O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002-03-14 06:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56308606093492224)

    ========== Files/Folders - Created Within 30 Days ==========

    File not found -- C:\Documents and Settings\Właściciel\Pulpit\green day - Paranoia
    [2011-02-11 21:53:18 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
    [2011-02-11 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011-02-11 08:01:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011-02-11 07:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
    [2011-02-11 07:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011-02-11 07:32:42 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011-02-11 07:32:25 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011-02-11 07:07:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2011-02-11 07:03:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011-02-11 07:02:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011-02-11 07:02:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011-02-11 07:02:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011-02-11 07:02:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011-02-11 05:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes
    [2011-02-11 05:56:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011-02-11 05:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
    [2011-02-11 05:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
    [2011-02-11 05:56:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011-02-11 05:54:39 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup-1.50.1.1100.exe
    [2011-02-11 05:32:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\TFC.exe
    [2011-02-11 03:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pocket Tanks
    [2011-02-11 03:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Pocket Tanks
    [2011-02-11 02:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011-02-11 02:04:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-02-10 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Games
    [2011-02-10 17:40:24 | 002,795,832 | ---- | C] (Blitwise Productions, LLC ) -- C:\Documents and Settings\Właściciel\Pulpit\ptanks.exe
    [2011-01-17 10:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Riot Games
    [2011-01-17 10:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\EU.01_10_2011
    [2011-01-17 10:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Documents and Settings\Właściciel\Pulpit\green day - Paranoia
    [2011-02-11 21:53:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
    [2011-02-11 21:49:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011-02-11 10:33:48 | 000,020,654 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Chapter 1-....rtf
    [2011-02-11 08:25:00 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011-02-11 08:23:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011-02-11 08:21:03 | 000,493,844 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
    [2011-02-11 08:21:03 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011-02-11 08:21:03 | 000,085,136 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
    [2011-02-11 08:21:03 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011-02-11 08:01:58 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk
    [2011-02-11 07:31:12 | 004,266,254 | R--- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
    [2011-02-11 07:06:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011-02-11 07:03:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011-02-11 06:52:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\MBRCheck.exe
    [2011-02-11 06:28:05 | 000,003,149 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Attach.zip
    [2011-02-11 06:15:46 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\dds.scr
    [2011-02-11 06:07:32 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\n592zox6.exe
    [2011-02-11 05:56:09 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
    [2011-02-11 05:55:01 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup-1.50.1.1100.exe
    [2011-02-11 05:32:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\TFC.exe
    [2011-02-10 20:23:30 | 000,227,435 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\poisonheart_simbanalaf2f.jpg
    [2011-02-10 17:40:29 | 002,795,832 | ---- | M] (Blitwise Productions, LLC ) -- C:\Documents and Settings\Właściciel\Pulpit\ptanks.exe
    [2011-02-10 14:06:00 | 000,063,076 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0135.jpg
    [2011-02-10 14:05:53 | 000,117,104 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0121.jpg
    [2011-02-10 14:05:47 | 000,070,921 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0120.jpg
    [2011-02-10 12:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011-02-09 16:07:27 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011-02-08 16:33:06 | 000,053,092 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\house-life-396x500.jpg
    [2011-02-08 15:53:34 | 000,088,348 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\gordonfreeman.jpg
    [2011-02-08 15:53:16 | 000,056,745 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\98a595b10e0bc8a78498c1a051ad2f33.jpg
    [2011-02-07 21:04:31 | 000,183,871 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_conception-of-simba.jpg
    [2011-02-05 18:45:40 | 000,337,965 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise.jpg
    [2011-02-05 18:45:31 | 000,381,599 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_prelude.jpg
    [2011-02-05 18:45:14 | 000,433,686 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise-colored.jpg
    [2011-02-05 18:45:06 | 000,228,356 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_heaven-pleasures.jpg
    [2011-01-30 02:03:59 | 000,012,113 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Killing_Floor_v1011_Precracked_(NO_STEAM)___Maps.5195623.TPB.torrent
    [2011-01-24 13:54:11 | 002,480,203 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends___akali_by_donnis-d323lfs.png
    [2011-01-24 13:54:05 | 000,165,064 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\akali___swim_suit___version_by_ganassa-d34scdj.jpg
    [2011-01-24 13:53:44 | 000,182,601 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__katarina_by_ganassa-d34k0dl.jpg
    [2011-01-24 13:51:03 | 000,237,132 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\miss_fortune_by_marlo87-d2zm8yz.jpg
    [2011-01-24 13:49:15 | 000,259,536 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_miss_fortune_by_ganassa-d36jgzk.jpg
    [2011-01-24 05:14:03 | 000,296,338 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends__Nidalee_by_fayechan.jpg
    [2011-01-24 05:14:00 | 000,631,849 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_8d_by_khalia1114-d34bvqj.jpg
    [2011-01-24 05:13:49 | 003,659,588 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_mehmeh_fookintrufflez_by_maplecookies-d36z70g.png
    [2011-01-24 05:13:26 | 001,193,652 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_fo_legends_meme_by_greendragongryphon-d3036y5.jpg
    [2011-01-24 05:10:37 | 001,533,254 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_magias-d2zoxbv.jpg
    [2011-01-24 05:01:50 | 000,349,831 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_noir_by_potem1917-d36soph.jpg
    [2011-01-24 05:01:37 | 000,086,192 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends___Envy_by_hiryurhys.jpg
    [2011-01-24 05:01:03 | 000,350,180 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_noir_safe_by_potem1917-d36spm8.jpg
    [2011-01-24 05:00:06 | 000,431,505 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Womens_Wardrobe__snapshot__by_KaguKin.png
    [2011-01-24 04:59:48 | 000,145,550 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\You_cannot_cage_me__Summoner_by_aneliq.jpg
    [2011-01-24 04:57:18 | 000,189,069 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee__The_Bestial_Huntress_by_RayX10.jpg
    [2011-01-24 04:57:05 | 000,089,523 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__nidalee_by_ganassa-d35x027.jpg
    [2011-01-24 04:56:59 | 000,139,388 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee_by_iamtretre.jpg
    [2011-01-24 04:52:08 | 001,978,027 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_xd_by_darkint-d2zvpil.jpg
    [2011-01-24 04:52:04 | 000,727,190 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_shiptonio-d36dzd4.jpg
    [2011-01-24 04:51:58 | 001,426,473 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\mi_meme__s_lol_by_areku234-d36urgv.jpg
    [2011-01-24 04:51:54 | 003,057,899 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_le_meme_by_feartm-d36swaj.jpg
    [2011-01-24 04:20:04 | 000,940,211 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_blank_meme_by_albaharu-d2zida8.jpg
    [2011-01-23 22:07:03 | 000,128,252 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\ad750b6cc8f34cb86ac0f2f9c466d71b.jpg
    [2011-01-23 22:06:35 | 000,096,248 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\cd57f4572e1bd71f75ec7572be80ce5c.jpg
    [2011-01-23 22:06:27 | 000,137,628 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\2de5cfa80f4197522bb22fe371417c9c.jpg
    [2011-01-23 22:06:04 | 000,087,729 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\46bdcb7026dffac596b734df8d0b24d2.jpg
    [2011-01-23 22:05:50 | 000,044,245 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\7c183ce9f89f5ac25f8288ed84fd2033.jpg
    [2011-01-23 22:01:10 | 000,090,728 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin013.jpg
    [2011-01-23 22:00:58 | 000,031,563 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin007.jpg
    [2011-01-23 22:00:48 | 000,107,695 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin021.jpg
    [2011-01-23 22:00:25 | 000,096,390 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin017.jpg
    [2011-01-23 02:26:51 | 000,052,387 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\8c0b25a386c131b70fa28c18bbfac27a.jpg
    [2011-01-23 02:26:47 | 000,060,422 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\615aa55df458f18c289e3df4eb10bb5c.jpg
    [2011-01-23 02:26:45 | 000,142,404 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\1b362e6392ef0270742a1fd82d16f805.jpg
    [2011-01-23 02:26:40 | 000,054,930 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\bb35e25fa0e2cbf38b797505a9617091.jpg
    [2011-01-23 02:26:37 | 000,221,688 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\db551cb86cf8580dd27935dce5c4af31.jpg
    [2011-01-23 02:26:33 | 000,113,093 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\c296916833e0eb51649e7b4c08ddea3a.jpg
    [2011-01-23 02:26:29 | 000,108,192 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\1e3e48136c00d18802d1e275c046187a.jpg
    [2011-01-23 02:26:12 | 000,118,312 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\2b8d60418f1b320fbfba730bb46c06ff.jpg
    [2011-01-23 02:26:10 | 000,762,413 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\page102.jpg
    [2011-01-23 02:26:04 | 000,085,457 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\85ee2026ddb4479e8d775cc0892aab4e.jpg
    [2011-01-23 02:26:02 | 000,091,470 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\647954dc610efbd41a479bedd049fea6.jpg
    [2011-01-22 16:39:27 | 000,935,462 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\shalinka_the-sisters-.jpg
    [2011-01-17 23:03:25 | 038,268,158 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\studniowka2.rar
    [2011-01-17 22:45:40 | 000,138,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011-01-17 22:45:31 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2011-01-17 21:28:39 | 000,017,613 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\odpowiedzi.docx
    [2011-01-17 19:30:03 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
    [2011-01-17 14:58:33 | 001,229,063 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\CallOfDuty4ModernWarfarev1.7NoDVDFixedexeEng.rar
    [2011-01-17 10:56:32 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Play League of Legends.lnk
    [2011-01-17 10:22:45 | 002,257,408 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\LeagueofLegends.exe
    [2011-01-17 10:14:52 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\LOL.rtf
    [2011-01-17 09:45:49 | 000,002,049 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\patcher_lib.zip
    [2011-01-17 09:44:15 | 000,024,859 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\League of Legends.zip
    [2011-01-17 09:38:59 | 000,009,170 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\eula-de.zip
    [2011-01-17 08:47:54 | 000,018,092 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Jokernotamused.jpg

    ========== Files Created - No Company Name ==========

    [2011-02-11 08:01:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
    [2011-02-11 08:01:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk
    [2011-02-11 07:29:28 | 004,266,254 | R--- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
    [2011-02-11 07:03:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011-02-11 07:03:25 | 000,262,400 | RHS- | C] () -- C:\cmldr
    [2011-02-11 07:02:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011-02-11 07:02:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011-02-11 07:02:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011-02-11 07:02:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011-02-11 07:02:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011-02-11 06:52:41 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\MBRCheck.exe
    [2011-02-11 06:28:05 | 000,003,149 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Attach.zip
    [2011-02-11 06:15:43 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\dds.scr
    [2011-02-11 06:07:32 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\n592zox6.exe
    [2011-02-11 05:56:09 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
    [2011-02-10 20:23:29 | 000,227,435 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\poisonheart_simbanalaf2f.jpg
    [2011-02-10 14:06:00 | 000,063,076 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0135.jpg
    [2011-02-10 14:05:52 | 000,117,104 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0121.jpg
    [2011-02-10 14:05:46 | 000,070,921 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0120.jpg
    [2011-02-08 16:33:06 | 000,053,092 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\house-life-396x500.jpg
    [2011-02-08 15:53:34 | 000,088,348 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\gordonfreeman.jpg
    [2011-02-08 15:53:16 | 000,056,745 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\98a595b10e0bc8a78498c1a051ad2f33.jpg
    [2011-02-07 21:04:30 | 000,183,871 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_conception-of-simba.jpg
    [2011-02-05 18:45:40 | 000,337,965 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise.jpg
    [2011-02-05 18:45:30 | 000,381,599 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_prelude.jpg
    [2011-02-05 18:45:13 | 000,433,686 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise-colored.jpg
    [2011-02-05 18:45:05 | 000,228,356 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_heaven-pleasures.jpg
    [2011-01-30 02:03:58 | 000,012,113 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Killing_Floor_v1011_Precracked_(NO_STEAM)___Maps.5195623.TPB.torrent
    [2011-01-24 13:54:11 | 002,480,203 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends___akali_by_donnis-d323lfs.png
    [2011-01-24 13:54:05 | 000,165,064 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\akali___swim_suit___version_by_ganassa-d34scdj.jpg
    [2011-01-24 13:53:44 | 000,182,601 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__katarina_by_ganassa-d34k0dl.jpg
    [2011-01-24 13:51:02 | 000,237,132 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\miss_fortune_by_marlo87-d2zm8yz.jpg
    [2011-01-24 13:49:12 | 000,259,536 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_miss_fortune_by_ganassa-d36jgzk.jpg
    [2011-01-24 05:14:03 | 000,296,338 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends__Nidalee_by_fayechan.jpg
    [2011-01-24 05:13:59 | 000,631,849 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_8d_by_khalia1114-d34bvqj.jpg
    [2011-01-24 05:13:48 | 003,659,588 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_mehmeh_fookintrufflez_by_maplecookies-d36z70g.png
    [2011-01-24 05:13:26 | 001,193,652 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_fo_legends_meme_by_greendragongryphon-d3036y5.jpg
    [2011-01-24 05:10:36 | 001,533,254 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_magias-d2zoxbv.jpg
    [2011-01-24 05:01:49 | 000,349,831 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_noir_by_potem1917-d36soph.jpg
    [2011-01-24 05:01:37 | 000,086,192 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends___Envy_by_hiryurhys.jpg
    [2011-01-24 05:01:03 | 000,350,180 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_noir_safe_by_potem1917-d36spm8.jpg
    [2011-01-24 05:00:05 | 000,431,505 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Womens_Wardrobe__snapshot__by_KaguKin.png
    [2011-01-24 04:59:48 | 000,145,550 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\You_cannot_cage_me__Summoner_by_aneliq.jpg
    [2011-01-24 04:57:18 | 000,189,069 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee__The_Bestial_Huntress_by_RayX10.jpg
    [2011-01-24 04:57:04 | 000,089,523 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__nidalee_by_ganassa-d35x027.jpg
    [2011-01-24 04:56:58 | 000,139,388 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee_by_iamtretre.jpg
    [2011-01-24 04:52:07 | 001,978,027 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_xd_by_darkint-d2zvpil.jpg
    [2011-01-24 04:52:03 | 000,727,190 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_shiptonio-d36dzd4.jpg
    [2011-01-24 04:51:58 | 001,426,473 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\mi_meme__s_lol_by_areku234-d36urgv.jpg
    [2011-01-24 04:51:53 | 003,057,899 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_le_meme_by_feartm-d36swaj.jpg
    [2011-01-24 04:20:03 | 000,940,211 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_blank_meme_by_albaharu-d2zida8.jpg
    [2011-01-23 22:07:03 | 000,128,252 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\ad750b6cc8f34cb86ac0f2f9c466d71b.jpg
    [2011-01-23 22:06:34 | 000,096,248 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\cd57f4572e1bd71f75ec7572be80ce5c.jpg
    [2011-01-23 22:06:26 | 000,137,628 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\2de5cfa80f4197522bb22fe371417c9c.jpg
    [2011-01-23 22:06:04 | 000,087,729 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\46bdcb7026dffac596b734df8d0b24d2.jpg
    [2011-01-23 22:05:50 | 000,044,245 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\7c183ce9f89f5ac25f8288ed84fd2033.jpg
    [2011-01-23 22:01:09 | 000,090,728 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin013.jpg
    [2011-01-23 22:00:58 | 000,031,563 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin007.jpg
    [2011-01-23 22:00:47 | 000,107,695 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin021.jpg
    [2011-01-23 22:00:25 | 000,096,390 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin017.jpg
    [2011-01-23 02:26:50 | 000,052,387 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\8c0b25a386c131b70fa28c18bbfac27a.jpg
    [2011-01-23 02:26:46 | 000,060,422 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\615aa55df458f18c289e3df4eb10bb5c.jpg
    [2011-01-23 02:26:43 | 000,142,404 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\1b362e6392ef0270742a1fd82d16f805.jpg
    [2011-01-23 02:26:39 | 000,054,930 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\bb35e25fa0e2cbf38b797505a9617091.jpg
    [2011-01-23 02:26:35 | 000,221,688 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\db551cb86cf8580dd27935dce5c4af31.jpg
    [2011-01-23 02:26:31 | 000,113,093 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\c296916833e0eb51649e7b4c08ddea3a.jpg
    [2011-01-23 02:26:27 | 000,108,192 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\1e3e48136c00d18802d1e275c046187a.jpg
    [2011-01-23 02:26:10 | 000,118,312 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\2b8d60418f1b320fbfba730bb46c06ff.jpg
    [2011-01-23 02:26:06 | 000,762,413 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\page102.jpg
    [2011-01-23 02:26:03 | 000,085,457 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\85ee2026ddb4479e8d775cc0892aab4e.jpg
    [2011-01-23 02:25:59 | 000,091,470 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\647954dc610efbd41a479bedd049fea6.jpg
    [2011-01-22 16:39:26 | 000,935,462 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\shalinka_the-sisters-.jpg
    [2011-01-17 23:02:20 | 038,268,158 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\studniowka2.rar
    [2011-01-17 21:28:38 | 000,017,613 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\odpowiedzi.docx
    [2011-01-17 20:43:29 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Właściciel\maestro-server.log
    [2011-01-17 14:58:30 | 001,229,063 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\CallOfDuty4ModernWarfarev1.7NoDVDFixedexeEng.rar
    [2011-01-17 10:56:32 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Play League of Legends.lnk
    [2011-01-17 10:22:45 | 002,257,408 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\LeagueofLegends.exe
    [2011-01-17 10:14:52 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\LOL.rtf
    [2011-01-17 09:45:49 | 000,002,049 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\patcher_lib.zip
    [2011-01-17 09:44:15 | 000,024,859 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\League of Legends.zip
    [2011-01-17 09:38:59 | 000,009,170 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\eula-de.zip
    [2011-01-17 08:47:54 | 000,018,092 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Jokernotamused.jpg
    [2010-07-09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010-01-11 06:03:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
    [2010-01-11 06:00:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2009-08-02 08:44:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2009-04-17 22:38:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2009-04-17 22:38:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2009-04-17 22:38:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2009-03-22 01:14:35 | 000,000,286 | ---- | C] () -- C:\WINDOWS\game.ini
    [2009-02-28 13:18:07 | 000,000,716 | ---- | C] () -- C:\WINDOWS\kaillera.ini
    [2009-02-08 20:52:19 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2009-02-03 17:23:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009-01-31 23:59:21 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
    [2009-01-31 23:51:16 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
    [2008-12-25 20:51:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008-12-20 23:53:37 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008-12-19 22:09:22 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008-12-19 22:09:22 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\PnkBstrK.sys
    [2008-12-18 20:47:22 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008-12-18 20:38:54 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2008-12-18 20:38:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2008-12-18 20:38:53 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008-12-18 20:38:53 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008-12-18 20:38:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008-12-18 20:38:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008-08-02 11:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002-03-14 07:49:48 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========
     
  12. freakin malware

    freakin malware TS Rookie Topic Starter

    ========== LOP Check ==========

    [2009-07-04 01:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Boss Media
    [2009-02-08 20:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
    [2008-12-18 21:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON
    [2010-02-20 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
    [2011-01-17 05:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
    [2010-07-12 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
    [2011-01-17 10:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
    [2010-04-06 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
    [2009-11-29 01:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
    [2010-06-25 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-02-26 05:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2009-02-08 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools
    [2009-02-08 21:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools Lite
    [2009-04-17 22:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools Pro
    [2008-12-20 12:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu
    [2010-02-20 22:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 10
    [2009-07-04 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GanymedeNet
    [2011-02-11 21:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\ipla
    [2010-09-25 01:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\LolClient
    [2010-03-13 18:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mount&Blade
    [2010-02-21 02:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM
    [2009-05-29 13:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Opera
    [2010-12-28 15:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\RDRM
    [2010-01-11 06:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Samsung
    [2009-11-29 01:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\SpinTop
    [2009-12-12 06:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia
    [2010-09-22 02:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\TS3Client
    [2011-01-30 02:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\uTorrent
    [2010-09-03 00:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\W
    [2010-12-28 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\wargaming.net

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2002-03-14 06:56:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008-12-18 20:51:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011-02-11 07:03:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2006-03-02 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2009-03-13 15:14:07 | 000,003,900 | ---- | M] () -- C:\cardmaster.sql
    [2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
    [2010-01-11 06:04:16 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
    [2011-02-11 07:36:59 | 000,011,043 | ---- | M] () -- C:\ComboFix.txt
    [2002-03-14 06:56:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010-09-11 17:52:59 | 000,000,546 | ---- | M] () -- C:\deltaStartup.log
    [2002-03-14 06:56:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2002-03-14 06:56:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006-03-02 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009-03-21 11:14:43 | 000,251,152 | RHS- | M] () -- C:\ntldr
    [2011-02-11 21:49:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2002-03-14 06:56:32 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2003-06-19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2002-03-14 07:47:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2002-03-14 07:47:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2002-03-14 07:47:59 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2002-03-14 07:05:19 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2002-03-14 07:05:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Pokaż pulpit.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011-02-11 21:52:31 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Właściciel\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007-06-27 16:00:02 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-14 18:20:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004-08-04 00:55:52 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004-08-04 00:55:54 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008-05-02 15:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-14 18:21:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007-04-02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007-04-02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007-04-02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004-08-04 00:55:54 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-08-04 00:55:54 | 000,135,321 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7D6EC5BE
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B1FBBD09
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:196FC0A6

    < End of report >
     
  13. freakin malware

    freakin malware TS Rookie Topic Starter

    Extras

    OTL Extras logfile created on: 2011-02-11 21:56:04 - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Właściciel\Pulpit
    Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
    5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74,22 Gb Total Space | 39,90 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
    Drive D: | 195,31 Gb Total Space | 107,66 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
    Drive E: | 196,22 Gb Total Space | 193,25 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

    Computer Name: DOM-0F8B8E01CF6 | User Name: Właściciel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "57568:TCP" = 57568:TCP:*:Enabled:pando Media Booster
    "57568:UDP" = 57568:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "57568:TCP" = 57568:TCP:*:Enabled:pando Media Booster
    "57568:UDP" = 57568:UDP:*:Enabled:pando Media Booster
    "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
    "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
    "6912:TCP" = 6912:TCP:*:Enabled:League of Legends Launcher
    "6912:UDP" = 6912:UDP:*:Enabled:League of Legends Launcher
    "6990:TCP" = 6990:TCP:*:Enabled:League of Legends Launcher
    "6990:UDP" = 6990:UDP:*:Enabled:League of Legends Launcher
    "8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
    "8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
    "6970:TCP" = 6970:TCP:*:Enabled:League of Legends Launcher
    "6970:UDP" = 6970:UDP:*:Enabled:League of Legends Launcher
    "8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
    "8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
    "6995:TCP" = 6995:TCP:*:Enabled:League of Legends Launcher
    "6995:UDP" = 6995:UDP:*:Enabled:League of Legends Launcher
    "8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
    "8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
    "6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
    "6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
    "6992:TCP" = 6992:TCP:*:Enabled:League of Legends Launcher
    "6992:UDP" = 6992:UDP:*:Enabled:League of Legends Launcher
    "6986:TCP" = 6986:TCP:*:Enabled:League of Legends Launcher
    "6986:UDP" = 6986:UDP:*:Enabled:League of Legends Launcher
    "6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher
    "6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher
    "6917:TCP" = 6917:TCP:*:Enabled:League of Legends Launcher
    "6917:UDP" = 6917:UDP:*:Enabled:League of Legends Launcher
    "8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
    "8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
    "6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher
    "6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher
    "6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher
    "6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher
    "6904:TCP" = 6904:TCP:*:Enabled:League of Legends Launcher
    "6904:UDP" = 6904:UDP:*:Enabled:League of Legends Launcher
    "6923:TCP" = 6923:TCP:*:Enabled:League of Legends Launcher
    "6923:UDP" = 6923:UDP:*:Enabled:League of Legends Launcher
    "6972:TCP" = 6972:TCP:*:Enabled:League of Legends Launcher
    "6972:UDP" = 6972:UDP:*:Enabled:League of Legends Launcher
    "6934:TCP" = 6934:TCP:*:Enabled:League of Legends Launcher
    "6934:UDP" = 6934:UDP:*:Enabled:League of Legends Launcher
    "6997:TCP" = 6997:TCP:*:Enabled:League of Legends Launcher
    "6997:UDP" = 6997:UDP:*:Enabled:League of Legends Launcher
    "6956:TCP" = 6956:TCP:*:Enabled:League of Legends Launcher
    "6956:UDP" = 6956:UDP:*:Enabled:League of Legends Launcher
    "6953:TCP" = 6953:TCP:*:Enabled:League of Legends Launcher
    "6953:UDP" = 6953:UDP:*:Enabled:League of Legends Launcher
    "6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
    "6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher
    "6985:TCP" = 6985:TCP:*:Enabled:League of Legends Launcher
    "6985:UDP" = 6985:UDP:*:Enabled:League of Legends Launcher
    "6942:TCP" = 6942:TCP:*:Enabled:League of Legends Launcher
    "6942:UDP" = 6942:UDP:*:Enabled:League of Legends Launcher
    "6965:TCP" = 6965:TCP:*:Enabled:League of Legends Launcher
    "6965:UDP" = 6965:UDP:*:Enabled:League of Legends Launcher
    "6967:TCP" = 6967:TCP:*:Enabled:League of Legends Launcher
    "6967:UDP" = 6967:UDP:*:Enabled:League of Legends Launcher
    "6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher
    "6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\Program Files\Xfire\Xfire.exe" = D:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
    "D:\Program Files\Gadu-Gadu\gg.exe" = D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
    "D:\Program Files\Call of Duty\CoDMP.exe" = D:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
    "D:\Program Files\Call of Duty\CoDUOMP.exe" = D:\Program Files\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
    "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "D:\Program Files\Starcraft\StarCraft.exe" = D:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
    "D:\Program Files\Hamachi\hamachi.exe" = D:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
    "D:\Program Files\DuelMasters 2_4\DuelMasters.exe" = D:\Program Files\DuelMasters 2_4\DuelMasters.exe:*:Enabled:Duel Masters Civilizations 2.4 -- (DuelZone)
    "D:\Program Files\Activision\Call of Duty2\CoD2MP_s.exe" = D:\Program Files\Activision\Call of Duty2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
    "D:\Program Files\Spellforce\SpellForce.exe" = D:\Program Files\Spellforce\SpellForce.exe:*:Enabled:SpellForce -- ()
    "D:\Program Files\AVP2 PH\lithtech.exe" = D:\Program Files\AVP2 PH\lithtech.exe:*:Disabled:Client -- ()
    "D:\Program Files\AVP2\lithtech.exe" = D:\Program Files\AVP2\lithtech.exe:*:Disabled:Client -- ()
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
    "D:\Program Files\World_of_Tanks_closed_Beta\WOTLauncher.exe" = D:\Program Files\World_of_Tanks_closed_Beta\WOTLauncher.exe:*:Enabled:World of Tanks -- (Wargaming.net)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "D:\Program Files\World_of_Tanks_closed_Beta\WorldOfTanks.exe" = D:\Program Files\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks -- (Wargaming.net)
    "D:\LoL\air\LolClient.exe" = D:\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
    "D:\LoL\game\League of Legends.exe" = D:\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
    "D:\Program Files\KF\Killing Floor\System\KillingFloor.exe" = D:\Program Files\KF\Killing Floor\System\KillingFloor.exe:*:Enabled:KillingFloor -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{103B6835-DCA0-413F-A99E-ECAD6622726E}" = Aliens versus Predator 2: Primal Hunt
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks closed beta v.0.4.5
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
    "{329BF75E-4876-4687-9CAD-5AE7DE56EA22}" = The Punisher
    "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{472C9FFA-422E-465E-8360-D1276B4A4BC0}" = Penumbra - Czarna Plaga + Requiem
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F763B06-A014-481B-951A-11AFCD667010}" = Global MU Online
    "{656422DA-E1F7-4331-9EBE-BBF6E88580A9}" = Penumbra - Przebudzenie
    "{6AAF923E-077E-4543-BA1C-42A75BB03677}" = Sąsiedzi z Piekła Rodem 1 i 2
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
    "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{85DAE0C8-B3BB-11D8-88E4-0004769F25D1}" = Spellforce
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8A2A94E9-627D-4DCA-A665-8AC08B2A82D6}" = ZhyperMU Season 4 AC V4
    "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
    "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
    "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Audacity_is1" = Audacity 1.2.6
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Baldur's Gate" = Baldur's Gate
    "Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
    "Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
    "BFGC" = Big Fish Games Client
    "Call of Duty" = Call of Duty
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "Diablo II" = Diablo II
    "DMC 2.1" = DMC 2.1
    "DMC_is1" = DMC 2.3b
    "Dofus 1.26.0" = Dofus 1.26.0
    "Download Manager" = Download Manager 2.3.10
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "Fraps" = Fraps
    "Free YouTube Download_is1" = Free YouTube Download 2.3
    "Gadu-Gadu" = Gadu-Gadu 7.7
    "Gadu-Gadu 10" = Gadu-Gadu 10
    "GameDesire-Poker" = GameDesire-Poker
    "GameSpy Arcade" = GameSpy Arcade
    "Hamachi" = Hamachi 1.0.3.0
    "Icewind Dale II" = Icewind Dale II
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
    "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "ipla" = ipla 2.2.1
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Massive Assault" = Massive Assault
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mount&Blade" = Mount&Blade
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero8Lite_is1" = Nero 8 Micro 8.3.2.1
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "OpenAL" = OpenAL
    "ParadisePoker" = ParadisePoker
    "Plants vs. Zombies" = Plants vs. Zombies
    "Pocket Tanks_is1" = Pocket Tanks v1.3
    "PuzzleQuest_is1" = Puzzle Quest
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Spolszczenie" = Spolszczenie 1.0
    "Starcraft" = Starcraft
    "SubEdit-Player_is1" = SubEdit-Player
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Tibia_is1" = Tibia
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = Archiwizator WinRAR
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "World of Warcraft" = World of Warcraft
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xfire" = Xfire (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ System Events ]
    Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
    Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
    błąd: %%126

    Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
    Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
    błąd: %%126

    Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
    Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
    błąd: %%126

    Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
    Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
    błąd: %%126

    Error - 2011-02-11 03:25:48 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
    Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
    MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 2011-02-11 03:26:03 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
    Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
    MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 2011-02-11 04:20:35 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
    Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
    MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 2011-02-11 16:50:47 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
    Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
    MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 2011-02-11 16:51:45 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
    Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
    MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 2011-02-11 16:51:58 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
    Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
    MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7D6EC5BE
      @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B1FBBD09
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:196FC0A6
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. freakin malware

    freakin malware TS Rookie Topic Starter

    1 question

    My pc seems to have found something:

    Virus or unwanted program 'TR/Trash.Gen [trojan]'
    detected in file 'C:\System Volume Information\_restore{C763F7F0-5D85-4106-B1B4-E39F11DC460E}\RP310\A0114389.exe.
    Action performed: Deny access

    Should i be concerned? Sorry for replying so late, my friend was celebrating his b-day today.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    No. It's located in one of your restore points. We'll reset them at the end of this topic.

    Happy Birthday to your friend :)
     
  17. freakin malware

    freakin malware TS Rookie Topic Starter

    Uuum, I can't seem to find the Run Fix button ... the only ones I've got is: Skanuj, Szybki skan, Wykonaj skrypt, Nic and Sprzątanie. Which one should i click?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Wykonaj skrypt.
     
  19. freakin malware

    freakin malware TS Rookie Topic Starter

    Here it is:

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7D6EC5BE deleted successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B1FBBD09 deleted successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:196FC0A6 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Właściciel
    ->Temp folder emptied: 87173553 bytes
    ->Temporary Internet Files folder emptied: 4753550 bytes
    ->Java cache emptied: 177764 bytes
    ->FireFox cache emptied: 52397663 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 946 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 138,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Właściciel
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02112011_233919

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  20. freakin malware

    freakin malware TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Avira AntiVir Personal - Free Antivirus
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader X
    Mozilla Firefox (3.0.19) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    I'll wait for Eset log.
     
  22. freakin malware

    freakin malware TS Rookie Topic Starter

    Yay!

    ESET said I'm clean and it didn't produce any log. What now, chief? :)

    PS: MY GOD! That scan took it's time... over 2h.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  24. freakin malware

    freakin malware TS Rookie Topic Starter

    Thank you, kind sir :) I don't know what I would've done without your time and patient help :) Downloaded all the programs you suggested and ran them to check for udpates, etc. The only thing remaining is to read the 'How did I get infected' tips and I'm all set.

    As for my PC... it's as if it were a brand new unpacked one that I haven't even put a single program on yet :), well almost :p I can honestly say that if compared to the first day I booted it up it's working at 95% rate: the programs work faster, there are no slowdowns and best of all I have a secure working and relaxation place all rolled up into one spot, free of viruses and spywere alike.

    THANK YOU :D

    PS: Sorry if I were or caused you any trouble... oh, and my PC rebooted itself once, but it hasn't done that ever since so I guess it was just a one time thing.

    PS2: If I have any problems in the future may I come here for assistance again?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Absolutely...

    For now...

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...