Solved HTML/Infected.WebPage.Gen [virus] help!

freakin malware · Feb 10, 2011

Cheers!

I have two major issues that I can't handle myself:
1) (the smaller one) After starting my computer there's this one pop-up error that occurs 'smgr32.exe error- can't find the component- there is a zlib4.dll file missing. Reinstalling the aplication might solve the problem'. It doesn't affect the systems work that much if at all, but it is a nuisance and just looking at it makes me feel sorry for my PC.
2) (the big one) After browsing youtube and a site with mature content and after closing a few adds this popped up: 'HTML/Infected.WebPage.Gen [virus]' in my Avira scan and i got so scared i pressed enter... and the default process was deletion. My Firefox crashed and now I can't log onto any web service (I'm writing this message from my other PC with a Mobile/Dial-up internet connection) nor any of my internet games. Tried rebooting the system, scanned it with Avira again, returning it to it's previous state, uninstalling any programs that I've installed over the past 24h, but still nothing works... I'm completely out of ideas. My modem works, all the lights are on and my cabel tv and stationary phone seem to be unaffected, but I can't log on to ANYTHING. Internet exploarer just gives me a blank page asking me if I'm sure I've written the addres correctly, same for Firefox. I'm just a poor philology student making a living out of tutoring, I don't know zippo about computers. Please, help. I'm providing the full message that popped up after the accidental deletion:

'Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]' detected in file 'C:\Documents and Settings\Owner\Local Settings\Application Data\Firefox\Profiles\omi8g82x default\Cache\_CACHE_001_. Action performed: Delete file.

I would really appreciate a fast response since I have a lot of friends that I can't communicate to from this computer via Skype and would love to have a reasonable download/upload speed again. The second issue is top priority.
Thank you in advance.

Broni · Feb 10, 2011

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

freakin malware · Feb 11, 2011

Okay...

If I've done this correctly (which i hope i did

) then this should be it:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5736

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702

2011-02-11 06:01:36
mbam-log-2011-02-11 (06-01-36).txt

Scan type: Quick scan
Objects scanned: 136929
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=319&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\właściciel\application data\security antivirus (Rogue.SecurityAntivirus) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\właściciel\menu start\Programy\autostart\smgr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\właściciel\application data\security antivirus\cookies.sqlite (Rogue.SecurityAntivirus) -> Quarantined and deleted successfully.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-11 06:11:35
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD502IJ rev.1AA01113
Running: n592zox6.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\uwniyaod.sys

---- System - GMER 1.0.15 ----

SSDT spnv.sys ZwEnumerateKey [0xF7455CA2]
SSDT spnv.sys ZwEnumerateValueKey [0xF7456030]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\a8x1hybq \Device\Scsi\a8x1hybq1 8A7B2500
Device \Driver\a8x1hybq \Device\Scsi\a8x1hybq1Port5Path0Target0Lun0 8A7B2500
Device \Driver\argxpti9 \Device\Scsi\argxpti91 8A7A31F8
Device \Driver\argxpti9 \Device\Scsi\argxpti91Port4Path0Target0Lun0 8A7A31F8
Device \FileSystem\Ntfs \Ntfs 8AB581F8

---- EOF - GMER 1.0.15 ----

freakin malware · Feb 11, 2011

... and the rest

DDS (Ver_10-12-12.02) - NTFSx86
Run by Waciciel at 6:20:59,01 on 2011-02-11
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2545 [GMT 1:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Właściciel\Pulpit\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dict.pl/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S97.tmp" /EF "HKCU"
uRun: [Gadu-Gadu] "d:\program files\gadu-gadu\gg.exe" /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon\daemon tools lite\daemon.exe" -autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AlcoholAutomount] "d:\program files\diablo2\alcohol 120\axcmd.exe" /automount
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Gadu-Gadu 10] "c:\program files\gadu-gadu 10\gg.exe"
uRun: [IPLA!] c:\program files\ipla\ipla.exe /autorun
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe acrobat\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\wacici~1\menust~1\programy\autost~1\hamachi.lnk - d:\program files\hamachi\hamachi.exe
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wacici~1\daneap~1\mozilla\firefox\profiles\omi8g82x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - plugin: c:\documents and settings\all users\dane aplikacji\gadu-gadu 10\_userdata\npgg.4.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: d:\program files\adobe acrobat\reader\browser\nppdf32.dll
FF - plugin: d:\program files\dlm\download manager\npfpdlm.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\opera\program\plugins\npganymedenet.dll
FF - plugin: d:\program files\opera\program\plugins\npwmsdrm.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-29 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-29 56816]
R2 StarWindServiceAE;StarWind AE Service;d:\program files\diablo2\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2011-02-11 04:56:27 -------- d-----w- c:\docume~1\wacici~1\daneap~1\Malwarebytes
2011-02-11 04:56:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 04:56:08 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2011-02-11 04:56:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 03:00:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-11 03:00:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-11 02:59:48 -------- d-----w- c:\program files\Pocket Tanks

==================== Find3M ====================

2011-01-17 21:45:31 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-17 21:45:31 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-17 18:30:03 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-23 01:39:19 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-05 17:19:30 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-05 17:19:30 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-05 17:19:19 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin

============= FINISH: 6:21:05,32 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2002-03-14 06:58:04
System Uptime: 2011-02-11 06:03:19 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7507
Processor: Procesor Intel Pentium III Xeon | CPU 1 | 2520/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 41,895 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 107,612 GiB free.
E: is FIXED (NTFS) - 196 GiB total, 193,253 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_507C1462&REV_02\4&38D2602C&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_507C1462&REV_02\4&38D2602C&0&00E1
Service: RTLE8023xp

==== System Restore Points ===================

RP299: 2010-11-29 11:30:46 - Punkt kontrolny systemu
RP300: 2010-12-05 15:24:21 - Punkt kontrolny systemu
RP301: 2010-12-18 01:11:36 - Punkt kontrolny systemu
RP302: 2010-12-27 14:39:50 - Punkt kontrolny systemu
RP303: 2011-01-16 22:55:24 - Punkt kontrolny systemu
RP304: 2011-01-17 05:45:49 - Operacja przywracania
RP305: 2011-01-17 05:56:18 - Operacja przywracania
RP306: 2011-01-17 10:00:15 - Removed League of Legends
RP307: 2011-01-17 10:53:37 - Installed League of Legends
RP308: 2011-02-10 23:15:40 - Punkt kontrolny systemu
RP309: 2011-02-11 00:56:31 - Operacja przywracania
RP310: 2011-02-11 03:59:12 - Operacja przywracania

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Aktualizacja dla systemu Windows Internet Explorer 8 (KB971930)
Aktualizacja dla systemu Windows Internet Explorer 8 (KB976662)
Aktualizacja dla systemu Windows XP (KB951978)
Aktualizacja dla systemu Windows XP (KB955759)
Aktualizacja dla systemu Windows XP (KB955839)
Aktualizacja dla systemu Windows XP (KB967715)
Aktualizacja dla systemu Windows XP (KB968389)
Aktualizacja dla systemu Windows XP (KB971737)
Aktualizacja dla systemu Windows XP (KB973687)
Aktualizacja dla systemu Windows XP (KB973815)
Aktualizacja krytyczna dla programu Windows Media Player 11 (KB959772)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB969897)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB971961)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB972260)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB978207)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)
Aktualizacja zabezpieczeń dla Windows XP (KB941569)
Aliens versus Predator 2: Primal Hunt
Aliens vs. Predator 2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archiwizator WinRAR
µTorrent
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Baldur's Gate
Bejeweled 2 Deluxe 1.1.3.2523
Bejeweled Deluxe 1.87
Big Fish Games Client
Black & White® 2
Bonjour
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
DAEMON Tools Toolbar
Diablo II
DivX Web Player
DMC 2.1
DMC 2.3b
Dofus 1.26.0
Download Manager 2.3.10
EPSON Printer Software
EPSON Scan
Fraps
Free YouTube Download 2.3
Gadu-Gadu 10
Gadu-Gadu 7.7
GameDesire-Poker
GameSpy Arcade
Global MU Online
Hamachi 1.0.3.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Icewind Dale II
ipla 2.2.1
Java(TM) 6 Update 14
K-Lite Mega Codec Pack 4.1.7
League of Legends
Malwarebytes' Anti-Malware
Massive Assault
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mount&Blade
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Micro 8.3.2.1
NVIDIA Display Control Panel
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA Oprogramowanie systemu PhysX 9.10.0514
NVIDIA PhysX
NVIDIA Sterownik graficzny 260.99
OpenAL
Opera 9.64
Pakiet zgodności dla systemu Office 2007
Pando Media Booster
ParadisePoker
Penumbra - Czarna Plaga + Requiem
Penumbra - Przebudzenie
Plants vs. Zombies
Pocket Tanks v1.3
Poprawka dla programu Windows Media Player 11 (KB939683)
Poprawka dla systemu Windows XP (KB952287)
Poprawka dla systemu Windows XP (KB961118)
Poprawka dla systemu Windows XP (KB970653-v3)
Poprawka dla systemu Windows XP (KB979306)
Project64 1.6
Puzzle Quest
Realtek High Definition Audio Driver
Sąsiedzi z Piekła Rodem 1 i 2
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Skype™ 4.2
Spellforce
Spolszczenie 1.0
Starcraft
SubEdit-Player
TeamSpeak 2 RC2
TeamSpeak 3 Client
The Punisher
Tibia
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Ventrilo
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Tanks closed beta v.0.4.5
World of Warcraft
Xfire (remove only)
ZhyperMU Season 4 AC V4

==== End Of File ===========================

freakin malware · Feb 11, 2011

As I did the scan my internet popped back up :approve: Now the only thing remaining is to finish the rest. The smgr32.exe error didn't pop up at reboots as well... oh, and sorry for the polish language, if you have ANY trouble translating or reading between the lines I can help.

Broni · Feb 11, 2011

and sorry for the polish language, if you have ANY trouble translating or reading between the lines I can help.

Hahaha....Dzień dobry

Z jakiego miasta w Polsce?

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

freakin malware · Feb 11, 2011

Z Tomaszowa Mazowieckiego 50km od Łodzi

So there is good and bad news. Here's the good news:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Dodatek Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75F7000 eoluandc.sys
0xF7436000 spnv.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF741E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7868000 ACPI.sys
0xF740D000 pci.sys
0xF7607000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7617000 MountMgr.sys
0xF7849000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7627000 VolSnap.sys
0xF7831000 atapi.sys
0xF7637000 disk.sys
0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7955000 sr.sys
0xF7657000 PxHelp20.sys
0xF7A38000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A0B000 NDIS.sys
0xF7B38000 Mup.sys
0xF7687000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7485000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7471000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB744C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB740E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8101000 \SystemRoot\system32\DRIVERS\serial.sys
0xB87FC000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB73FA000 \SystemRoot\system32\DRIVERS\parport.sys
0xB80F1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB80E1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB80D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB80C1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB73D7000 \SystemRoot\system32\DRIVERS\ks.sys
0xB72C9000 \SystemRoot\System32\Drivers\a8x1hybq.SYS
0xB7293000 \SystemRoot\System32\Drivers\argxpti9.SYS
0xB733C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB80B1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB87D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB727C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB80A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8091000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB726B000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8081000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB8071000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB71BD000 \SystemRoot\system32\DRIVERS\update.sys
0xB87C8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7697000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4BF6000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4BD2000 \SystemRoot\system32\drivers\portcls.sys
0xF76B7000 \SystemRoot\system32\drivers\drmk.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79BD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB7313000 \SystemRoot\System32\Drivers\Null.SYS
0xF79BF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF781F000 \SystemRoot\System32\drivers\vga.sys
0xF79C1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF774F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7757000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB87F4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4B4F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4AF6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4ACE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4AA8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB4A86000 \SystemRoot\System32\drivers\afd.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF775F000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB4A5B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB49EB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xB49CF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79C7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF75A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB498F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7199000 \SystemRoot\System32\drivers\Dxapi.sys
0xF776F000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8704000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3C59000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3C71000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB39D4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB38F7000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3A71000 \SystemRoot\system32\drivers\sysaudio.sys
0xF798D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB3328000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2C9C000 \SystemRoot\System32\Drivers\HTTP.sys
0xB28B6000 \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\uwniyaod.sys
0xF7787000 \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\mbr.sys
0xB289C000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB2871000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\Diablo2\Alcohol 120\alcoholx.dll

Processes (total 37):
0 System Idle Process
4 System
688 C:\WINDOWS\system32\smss.exe
736 csrss.exe
760 C:\WINDOWS\system32\winlogon.exe
804 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
1008 C:\WINDOWS\system32\nvsvc32.exe
1044 C:\WINDOWS\system32\svchost.exe
1120 svchost.exe
1492 C:\WINDOWS\system32\svchost.exe
1560 svchost.exe
1792 svchost.exe
2004 C:\WINDOWS\system32\spoolsv.exe
136 C:\Program Files\Avira\AntiVir Desktop\sched.exe
224 svchost.exe
496 C:\WINDOWS\explorer.exe
636 C:\WINDOWS\RTHDCPL.exe
612 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
708 C:\Program Files\Java\jre6\bin\jusched.exe
408 C:\WINDOWS\system32\rundll32.exe
1072 C:\WINDOWS\system32\ctfmon.exe
1288 C:\Program Files\Pando Networks\Media Booster\PMB.exe
516 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
556 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1504 C:\Program Files\Bonjour\mDNSResponder.exe
1200 C:\Program Files\Java\jre6\bin\jqs.exe
1572 C:\WINDOWS\system32\PnkBstrA.exe
164 D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe
2052 C:\WINDOWS\system32\svchost.exe
584 C:\WINDOWS\system32\WISPTIS.EXE
2132 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2648 alg.exe
336 C:\WINDOWS\system32\wuauclt.exe
3104 C:\Program Files\Gadu-Gadu 10\gg.exe
2924 C:\Program Files\Mozilla Firefox\firefox.exe
2888 C:\Documents and Settings\W

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`8e2db000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000043`61f8e000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C

Done!

And now the bad news... before I came to this site my friend recommended ComboFix to me... and I ran it and there seemed to be no problems (other than the failing internet connection which at the time I thought was do to the malware/virus) but now that I ran it and made all the neccessary steps it didn't produce a report for me ... just a sort of a short cut folder in My Computer/C:/ComboFix (it looks exactly as the My Computer icon and as I click it it reopens the 'previous page' of My Computer over, and over, and over again). Could it be because of the fact that I don't have an Ad-Aware type of program? And as it was almost done it blue screened on me and rebooted o.O.

On a side note: you think anyone would mind if we speak in polish?

Broni · Feb 11, 2011

I think, it'd be inappropriate to communicate in Polish in the open

Delete your Combofix file, download fresh one and see, if it'll run.
If still a problem, refer to my original instruction, what to do, if Combofix doesn't want to run.

Bed time coming for me, so...
...do zobaczenia jutro

freakin malware · Feb 11, 2011

Done! But um...

A few strange things occured... I hope it's nothing serious:

I downloaded the version from the second link and it updated itself.
It said something about an error about the compatibility with the xp version o.o and it couldn't read certain files... which happened to be my DVD-RW Rom from which I've forgotten to remove a certain game T_T BUT! It did the updates anyway and scanned the system producing a nice log file. Here it is:

ComboFix 11-02-09.05 - Właściciel 2011-02-11 7:33.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2627 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Poprzednie uruchomienie -------
.
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2011-01-11 do 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 06:32 . 2011-02-11 06:32 -------- d-----r- C:\32788R22FWJFW
2011-01-17 09:21 . 2011-01-17 09:21 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-17 21:45 . 2008-12-19 21:09 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-17 21:45 . 2009-02-27 22:12 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-17 21:45 . 2008-12-19 21:09 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-17 18:30 . 2008-12-19 21:09 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-23 01:39 . 2008-12-19 21:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="d:\program files\Daemon\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"AlcoholAutomount"="d:\program files\Diablo2\Alcohol 120\axcmd.exe" [2009-04-02 203928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"IPLA!"="c:\program files\ipla\ipla.exe" [2010-11-22 18630656]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-24 2953112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe Acrobat\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:21 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
c:\program files\Winamp\winampa.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Call of Duty\\CoDMP.exe"=
"d:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Starcraft\\StarCraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Program Files\\DuelMasters 2_4\\DuelMasters.exe"=
"d:\\Program Files\\Activision\\Call of Duty2\\CoD2MP_s.exe"=
"d:\\Program Files\\Spellforce\\SpellForce.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\AVP2 PH\\lithtech.exe"=
"d:\\Program Files\\AVP2\\lithtech.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\World_of_Tanks_closed_Beta\\WOTLauncher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"d:\\LoL\\air\\LolClient.exe"=
"d:\\LoL\\game\\League of Legends.exe"=
"d:\\Program Files\\KF\\Killing Floor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57568:TCP"= 57568:TCP

ando Media Booster
"57568:UDP"= 57568:UDP

ando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6990:TCP"= 6990:TCP:League of Legends Launcher
"6990:UDP"= 6990:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6970:TCP"= 6970:TCP:League of Legends Launcher
"6970:UDP"= 6970:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6995:TCP"= 6995:TCP:League of Legends Launcher
"6995:UDP"= 6995:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6963:TCP"= 6963:TCP:League of Legends Launcher
"6963:UDP"= 6963:UDP:League of Legends Launcher
"6917:TCP"= 6917:TCP:League of Legends Launcher
"6917:UDP"= 6917:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6956:TCP"= 6956:TCP:League of Legends Launcher
"6956:UDP"= 6956:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"6985:TCP"= 6985:TCP:League of Legends Launcher
"6985:UDP"= 6985:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6965:TCP"= 6965:TCP:League of Legends Launcher
"6965:UDP"= 6965:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-02-08 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-29 108289]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'

2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.dict.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\omi8g82x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-11 07:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2011-02-11 07:36:59
ComboFix-quarantined-files.txt 2011-02-11 06:36
ComboFix2.txt 2011-02-11 01:12

Przed: 44*912*443*392 bajtów wolnych
Po: 44*873*445*376 bajtów wolnych

- - End Of File - - 721C101F5CE632D02786733B049777E9

It didn't blue screen or crash on me this time

but now I have an empty ComboFix folder (the one that just looped C:/ComboFix over and over) and a new one called: 32788R22FWJFW. What should I do with it? And is(are) my and my CPU's problem(s) over?

Reply when you find the time and:... karaluchy do poduchy :stickout:

Broni · Feb 11, 2011

Combofix log looks fine now, but we still need to run couple more checks to make sure your computer is totally clean.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

freakin malware · Feb 11, 2011

Sorry

Here's the log:

OTL logfile created on: 2011-02-11 21:56:04 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Właściciel\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 39,90 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 107,66 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive E: | 196,22 Gb Total Space | 193,25 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

Computer Name: DOM-0F8B8E01CF6 | User Name: Właściciel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-02-11 21:53:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
PRC - [2010-09-24 23:46:23 | 002,953,112 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010-06-10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-08-05 10:33:11 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-06-11 17:22:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2002-08-21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE

========== Modules (SafeList) ==========

MOD - [2011-02-11 21:53:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010-06-10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-08-05 10:33:11 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-06-11 17:22:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Diablo2\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - [2010-10-22 07:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-12-07 14:46:36 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-06-11 17:22:06 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-03-08 19:56:01 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-02-08 20:52:19 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-02-14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dict.pl/
IE - HKU\S-1-5-21-842925246-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-04 16:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-11 08:24:56 | 000,000,000 | ---D | M]

[2009-01-03 14:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Extensions
[2011-02-11 08:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\omi8g82x.default\extensions
[2010-04-29 21:52:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\omi8g82x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-02-11 08:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-02-11 07:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-02-11 07:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WĹ‚AĹ›CICIEL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\OMI8G82X.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
[2011-02-11 07:54:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-05-19 16:23:38 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2009-07-24 15:34:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-24 15:34:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-24 15:34:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-24 15:34:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-24 15:34:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-24 15:34:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-02-11 07:06:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [AlcoholAutomount] D:\Program Files\Diablo2\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [DAEMON Tools Lite] D:\Program Files\Daemon\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKU\S-1-5-21-842925246-1606980848-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002-03-14 06:56:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Właściciel\Pulpit\green day - Paranoia
[2011-02-11 21:53:18 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
[2011-02-11 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011-02-11 08:01:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-02-11 07:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2011-02-11 07:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-02-11 07:32:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011-02-11 07:32:25 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011-02-11 07:07:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-02-11 07:03:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-02-11 07:02:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-02-11 07:02:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-02-11 07:02:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-02-11 07:02:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-02-11 05:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes
[2011-02-11 05:56:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-02-11 05:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-02-11 05:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2011-02-11 05:56:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-02-11 05:54:39 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup-1.50.1.1100.exe
[2011-02-11 05:32:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\TFC.exe
[2011-02-11 03:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pocket Tanks
[2011-02-11 03:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Pocket Tanks
[2011-02-11 02:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-02-11 02:04:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-02-10 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Games
[2011-02-10 17:40:24 | 002,795,832 | ---- | C] (Blitwise Productions, LLC ) -- C:\Documents and Settings\Właściciel\Pulpit\ptanks.exe
[2011-01-17 10:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Riot Games
[2011-01-17 10:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\EU.01_10_2011
[2011-01-17 10:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Właściciel\Pulpit\green day - Paranoia
[2011-02-11 21:53:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTL.exe
[2011-02-11 21:49:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-02-11 10:33:48 | 000,020,654 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Chapter 1-....rtf
[2011-02-11 08:25:00 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-11 08:23:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-02-11 08:21:03 | 000,493,844 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-02-11 08:21:03 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-02-11 08:21:03 | 000,085,136 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-02-11 08:21:03 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-02-11 08:01:58 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk
[2011-02-11 07:31:12 | 004,266,254 | R--- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
[2011-02-11 07:06:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-02-11 07:03:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-02-11 06:52:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\MBRCheck.exe
[2011-02-11 06:28:05 | 000,003,149 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Attach.zip
[2011-02-11 06:15:46 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\dds.scr
[2011-02-11 06:07:32 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\n592zox6.exe
[2011-02-11 05:56:09 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-02-11 05:55:01 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Właściciel\Pulpit\mbam-setup-1.50.1.1100.exe
[2011-02-11 05:32:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\TFC.exe
[2011-02-10 20:23:30 | 000,227,435 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\poisonheart_simbanalaf2f.jpg
[2011-02-10 17:40:29 | 002,795,832 | ---- | M] (Blitwise Productions, LLC ) -- C:\Documents and Settings\Właściciel\Pulpit\ptanks.exe
[2011-02-10 14:06:00 | 000,063,076 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0135.jpg
[2011-02-10 14:05:53 | 000,117,104 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0121.jpg
[2011-02-10 14:05:47 | 000,070,921 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0120.jpg
[2011-02-10 12:39:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-09 16:07:27 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-02-08 16:33:06 | 000,053,092 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\house-life-396x500.jpg
[2011-02-08 15:53:34 | 000,088,348 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\gordonfreeman.jpg
[2011-02-08 15:53:16 | 000,056,745 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\98a595b10e0bc8a78498c1a051ad2f33.jpg
[2011-02-07 21:04:31 | 000,183,871 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_conception-of-simba.jpg
[2011-02-05 18:45:40 | 000,337,965 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise.jpg
[2011-02-05 18:45:31 | 000,381,599 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_prelude.jpg
[2011-02-05 18:45:14 | 000,433,686 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise-colored.jpg
[2011-02-05 18:45:06 | 000,228,356 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_heaven-pleasures.jpg
[2011-01-30 02:03:59 | 000,012,113 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Killing_Floor_v1011_Precracked_(NO_STEAM)___Maps.5195623.TPB.torrent
[2011-01-24 13:54:11 | 002,480,203 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends___akali_by_donnis-d323lfs.png
[2011-01-24 13:54:05 | 000,165,064 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\akali___swim_suit___version_by_ganassa-d34scdj.jpg
[2011-01-24 13:53:44 | 000,182,601 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__katarina_by_ganassa-d34k0dl.jpg
[2011-01-24 13:51:03 | 000,237,132 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\miss_fortune_by_marlo87-d2zm8yz.jpg
[2011-01-24 13:49:15 | 000,259,536 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_miss_fortune_by_ganassa-d36jgzk.jpg
[2011-01-24 05:14:03 | 000,296,338 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends__Nidalee_by_fayechan.jpg
[2011-01-24 05:14:00 | 000,631,849 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_8d_by_khalia1114-d34bvqj.jpg
[2011-01-24 05:13:49 | 003,659,588 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_mehmeh_fookintrufflez_by_maplecookies-d36z70g.png
[2011-01-24 05:13:26 | 001,193,652 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_fo_legends_meme_by_greendragongryphon-d3036y5.jpg
[2011-01-24 05:10:37 | 001,533,254 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_magias-d2zoxbv.jpg
[2011-01-24 05:01:50 | 000,349,831 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_noir_by_potem1917-d36soph.jpg
[2011-01-24 05:01:37 | 000,086,192 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends___Envy_by_hiryurhys.jpg
[2011-01-24 05:01:03 | 000,350,180 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_noir_safe_by_potem1917-d36spm8.jpg
[2011-01-24 05:00:06 | 000,431,505 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Womens_Wardrobe__snapshot__by_KaguKin.png
[2011-01-24 04:59:48 | 000,145,550 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\You_cannot_cage_me__Summoner_by_aneliq.jpg
[2011-01-24 04:57:18 | 000,189,069 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee__The_Bestial_Huntress_by_RayX10.jpg
[2011-01-24 04:57:05 | 000,089,523 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__nidalee_by_ganassa-d35x027.jpg
[2011-01-24 04:56:59 | 000,139,388 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee_by_iamtretre.jpg
[2011-01-24 04:52:08 | 001,978,027 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_xd_by_darkint-d2zvpil.jpg
[2011-01-24 04:52:04 | 000,727,190 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_shiptonio-d36dzd4.jpg
[2011-01-24 04:51:58 | 001,426,473 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\mi_meme__s_lol_by_areku234-d36urgv.jpg
[2011-01-24 04:51:54 | 003,057,899 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_le_meme_by_feartm-d36swaj.jpg
[2011-01-24 04:20:04 | 000,940,211 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_blank_meme_by_albaharu-d2zida8.jpg
[2011-01-23 22:07:03 | 000,128,252 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\ad750b6cc8f34cb86ac0f2f9c466d71b.jpg
[2011-01-23 22:06:35 | 000,096,248 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\cd57f4572e1bd71f75ec7572be80ce5c.jpg
[2011-01-23 22:06:27 | 000,137,628 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\2de5cfa80f4197522bb22fe371417c9c.jpg
[2011-01-23 22:06:04 | 000,087,729 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\46bdcb7026dffac596b734df8d0b24d2.jpg
[2011-01-23 22:05:50 | 000,044,245 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\7c183ce9f89f5ac25f8288ed84fd2033.jpg
[2011-01-23 22:01:10 | 000,090,728 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin013.jpg
[2011-01-23 22:00:58 | 000,031,563 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin007.jpg
[2011-01-23 22:00:48 | 000,107,695 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin021.jpg
[2011-01-23 22:00:25 | 000,096,390 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin017.jpg
[2011-01-23 02:26:51 | 000,052,387 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\8c0b25a386c131b70fa28c18bbfac27a.jpg
[2011-01-23 02:26:47 | 000,060,422 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\615aa55df458f18c289e3df4eb10bb5c.jpg
[2011-01-23 02:26:45 | 000,142,404 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\1b362e6392ef0270742a1fd82d16f805.jpg
[2011-01-23 02:26:40 | 000,054,930 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\bb35e25fa0e2cbf38b797505a9617091.jpg
[2011-01-23 02:26:37 | 000,221,688 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\db551cb86cf8580dd27935dce5c4af31.jpg
[2011-01-23 02:26:33 | 000,113,093 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\c296916833e0eb51649e7b4c08ddea3a.jpg
[2011-01-23 02:26:29 | 000,108,192 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\1e3e48136c00d18802d1e275c046187a.jpg
[2011-01-23 02:26:12 | 000,118,312 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\2b8d60418f1b320fbfba730bb46c06ff.jpg
[2011-01-23 02:26:10 | 000,762,413 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\page102.jpg
[2011-01-23 02:26:04 | 000,085,457 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\85ee2026ddb4479e8d775cc0892aab4e.jpg
[2011-01-23 02:26:02 | 000,091,470 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\647954dc610efbd41a479bedd049fea6.jpg
[2011-01-22 16:39:27 | 000,935,462 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\shalinka_the-sisters-.jpg
[2011-01-17 23:03:25 | 038,268,158 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\studniowka2.rar
[2011-01-17 22:45:40 | 000,138,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-01-17 22:45:31 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011-01-17 21:28:39 | 000,017,613 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\odpowiedzi.docx
[2011-01-17 19:30:03 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011-01-17 14:58:33 | 001,229,063 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\CallOfDuty4ModernWarfarev1.7NoDVDFixedexeEng.rar
[2011-01-17 10:56:32 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Play League of Legends.lnk
[2011-01-17 10:22:45 | 002,257,408 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\LeagueofLegends.exe
[2011-01-17 10:14:52 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\LOL.rtf
[2011-01-17 09:45:49 | 000,002,049 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\patcher_lib.zip
[2011-01-17 09:44:15 | 000,024,859 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\League of Legends.zip
[2011-01-17 09:38:59 | 000,009,170 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\eula-de.zip
[2011-01-17 08:47:54 | 000,018,092 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Jokernotamused.jpg

========== Files Created - No Company Name ==========

[2011-02-11 08:01:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
[2011-02-11 08:01:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk
[2011-02-11 07:29:28 | 004,266,254 | R--- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
[2011-02-11 07:03:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-02-11 07:03:25 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2011-02-11 07:02:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-02-11 07:02:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-02-11 07:02:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-02-11 07:02:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-02-11 07:02:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-02-11 06:52:41 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\MBRCheck.exe
[2011-02-11 06:28:05 | 000,003,149 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Attach.zip
[2011-02-11 06:15:43 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\dds.scr
[2011-02-11 06:07:32 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\n592zox6.exe
[2011-02-11 05:56:09 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-02-10 20:23:29 | 000,227,435 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\poisonheart_simbanalaf2f.jpg
[2011-02-10 14:06:00 | 000,063,076 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0135.jpg
[2011-02-10 14:05:52 | 000,117,104 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0121.jpg
[2011-02-10 14:05:46 | 000,070,921 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_0120.jpg
[2011-02-08 16:33:06 | 000,053,092 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\house-life-396x500.jpg
[2011-02-08 15:53:34 | 000,088,348 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\gordonfreeman.jpg
[2011-02-08 15:53:16 | 000,056,745 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\98a595b10e0bc8a78498c1a051ad2f33.jpg
[2011-02-07 21:04:30 | 000,183,871 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_conception-of-simba.jpg
[2011-02-05 18:45:40 | 000,337,965 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise.jpg
[2011-02-05 18:45:30 | 000,381,599 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_prelude.jpg
[2011-02-05 18:45:13 | 000,433,686 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_fluffy-surprise-colored.jpg
[2011-02-05 18:45:05 | 000,228,356 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\beltar_heaven-pleasures.jpg
[2011-01-30 02:03:58 | 000,012,113 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Killing_Floor_v1011_Precracked_(NO_STEAM)___Maps.5195623.TPB.torrent
[2011-01-24 13:54:11 | 002,480,203 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends___akali_by_donnis-d323lfs.png
[2011-01-24 13:54:05 | 000,165,064 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\akali___swim_suit___version_by_ganassa-d34scdj.jpg
[2011-01-24 13:53:44 | 000,182,601 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__katarina_by_ganassa-d34k0dl.jpg
[2011-01-24 13:51:02 | 000,237,132 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\miss_fortune_by_marlo87-d2zm8yz.jpg
[2011-01-24 13:49:12 | 000,259,536 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_miss_fortune_by_ganassa-d36jgzk.jpg
[2011-01-24 05:14:03 | 000,296,338 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends__Nidalee_by_fayechan.jpg
[2011-01-24 05:13:59 | 000,631,849 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_8d_by_khalia1114-d34bvqj.jpg
[2011-01-24 05:13:48 | 003,659,588 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_mehmeh_fookintrufflez_by_maplecookies-d36z70g.png
[2011-01-24 05:13:26 | 001,193,652 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_fo_legends_meme_by_greendragongryphon-d3036y5.jpg
[2011-01-24 05:10:36 | 001,533,254 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_magias-d2zoxbv.jpg
[2011-01-24 05:01:49 | 000,349,831 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_noir_by_potem1917-d36soph.jpg
[2011-01-24 05:01:37 | 000,086,192 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\League_of_Legends___Envy_by_hiryurhys.jpg
[2011-01-24 05:01:03 | 000,350,180 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_noir_safe_by_potem1917-d36spm8.jpg
[2011-01-24 05:00:05 | 000,431,505 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Womens_Wardrobe__snapshot__by_KaguKin.png
[2011-01-24 04:59:48 | 000,145,550 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\You_cannot_cage_me__Summoner_by_aneliq.jpg
[2011-01-24 04:57:18 | 000,189,069 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee__The_Bestial_Huntress_by_RayX10.jpg
[2011-01-24 04:57:04 | 000,089,523 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends__nidalee_by_ganassa-d35x027.jpg
[2011-01-24 04:56:58 | 000,139,388 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Nidalee_by_iamtretre.jpg
[2011-01-24 04:52:07 | 001,978,027 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\lol_meme_xd_by_darkint-d2zvpil.jpg
[2011-01-24 04:52:03 | 000,727,190 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_meme_by_shiptonio-d36dzd4.jpg
[2011-01-24 04:51:58 | 001,426,473 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\mi_meme__s_lol_by_areku234-d36urgv.jpg
[2011-01-24 04:51:53 | 003,057,899 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_le_meme_by_feartm-d36swaj.jpg
[2011-01-24 04:20:03 | 000,940,211 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\league_of_legends_blank_meme_by_albaharu-d2zida8.jpg
[2011-01-23 22:07:03 | 000,128,252 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\ad750b6cc8f34cb86ac0f2f9c466d71b.jpg
[2011-01-23 22:06:34 | 000,096,248 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\cd57f4572e1bd71f75ec7572be80ce5c.jpg
[2011-01-23 22:06:26 | 000,137,628 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\2de5cfa80f4197522bb22fe371417c9c.jpg
[2011-01-23 22:06:04 | 000,087,729 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\46bdcb7026dffac596b734df8d0b24d2.jpg
[2011-01-23 22:05:50 | 000,044,245 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\7c183ce9f89f5ac25f8288ed84fd2033.jpg
[2011-01-23 22:01:09 | 000,090,728 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin013.jpg
[2011-01-23 22:00:58 | 000,031,563 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin007.jpg
[2011-01-23 22:00:47 | 000,107,695 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin021.jpg
[2011-01-23 22:00:25 | 000,096,390 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Mckinleysin017.jpg
[2011-01-23 02:26:50 | 000,052,387 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\8c0b25a386c131b70fa28c18bbfac27a.jpg
[2011-01-23 02:26:46 | 000,060,422 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\615aa55df458f18c289e3df4eb10bb5c.jpg
[2011-01-23 02:26:43 | 000,142,404 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\1b362e6392ef0270742a1fd82d16f805.jpg
[2011-01-23 02:26:39 | 000,054,930 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\bb35e25fa0e2cbf38b797505a9617091.jpg
[2011-01-23 02:26:35 | 000,221,688 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\db551cb86cf8580dd27935dce5c4af31.jpg
[2011-01-23 02:26:31 | 000,113,093 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\c296916833e0eb51649e7b4c08ddea3a.jpg
[2011-01-23 02:26:27 | 000,108,192 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\1e3e48136c00d18802d1e275c046187a.jpg
[2011-01-23 02:26:10 | 000,118,312 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\2b8d60418f1b320fbfba730bb46c06ff.jpg
[2011-01-23 02:26:06 | 000,762,413 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\page102.jpg
[2011-01-23 02:26:03 | 000,085,457 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\85ee2026ddb4479e8d775cc0892aab4e.jpg
[2011-01-23 02:25:59 | 000,091,470 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\647954dc610efbd41a479bedd049fea6.jpg
[2011-01-22 16:39:26 | 000,935,462 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\shalinka_the-sisters-.jpg
[2011-01-17 23:02:20 | 038,268,158 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\studniowka2.rar
[2011-01-17 21:28:38 | 000,017,613 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\odpowiedzi.docx
[2011-01-17 20:43:29 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Właściciel\maestro-server.log
[2011-01-17 14:58:30 | 001,229,063 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\CallOfDuty4ModernWarfarev1.7NoDVDFixedexeEng.rar
[2011-01-17 10:56:32 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Play League of Legends.lnk
[2011-01-17 10:22:45 | 002,257,408 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\LeagueofLegends.exe
[2011-01-17 10:14:52 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\LOL.rtf
[2011-01-17 09:45:49 | 000,002,049 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\patcher_lib.zip
[2011-01-17 09:44:15 | 000,024,859 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\League of Legends.zip
[2011-01-17 09:38:59 | 000,009,170 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\eula-de.zip
[2011-01-17 08:47:54 | 000,018,092 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Jokernotamused.jpg
[2010-07-09 20:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010-01-11 06:03:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2010-01-11 06:00:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-08-02 08:44:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-04-17 22:38:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-04-17 22:38:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-04-17 22:38:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-03-22 01:14:35 | 000,000,286 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-02-28 13:18:07 | 000,000,716 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009-02-08 20:52:19 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-02-03 17:23:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-31 23:59:21 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2009-01-31 23:51:16 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008-12-25 20:51:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-12-20 23:53:37 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-19 22:09:22 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-12-19 22:09:22 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\PnkBstrK.sys
[2008-12-18 20:47:22 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-18 20:38:54 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-12-18 20:38:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-12-18 20:38:53 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-18 20:38:53 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-18 20:38:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-18 20:38:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-08-02 11:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-03-14 07:49:48 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

freakin malware · Feb 11, 2011

========== LOP Check ==========

[2009-07-04 01:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Boss Media
[2009-02-08 20:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2008-12-18 21:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON
[2010-02-20 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-01-17 05:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-07-12 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-01-17 10:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2010-04-06 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
[2009-11-29 01:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-06-25 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-02-26 05:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009-02-08 20:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools
[2009-02-08 21:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools Lite
[2009-04-17 22:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\DAEMON Tools Pro
[2008-12-20 12:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu
[2010-02-20 22:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 10
[2009-07-04 00:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GanymedeNet
[2011-02-11 21:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\ipla
[2010-09-25 01:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\LolClient
[2010-03-13 18:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mount&Blade
[2010-02-21 02:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM
[2009-05-29 13:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Opera
[2010-12-28 15:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\RDRM
[2010-01-11 06:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Samsung
[2009-11-29 01:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\SpinTop
[2009-12-12 06:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia
[2010-09-22 02:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\TS3Client
[2011-01-30 02:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\uTorrent
[2010-09-03 00:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\W
[2010-12-28 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\wargaming.net

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2002-03-14 06:56:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008-12-18 20:51:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-02-11 07:03:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006-03-02 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-03-13 15:14:07 | 000,003,900 | ---- | M] () -- C:\cardmaster.sql
[2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
[2010-01-11 06:04:16 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2011-02-11 07:36:59 | 000,011,043 | ---- | M] () -- C:\ComboFix.txt
[2002-03-14 06:56:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-09-11 17:52:59 | 000,000,546 | ---- | M] () -- C:\deltaStartup.log
[2002-03-14 06:56:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002-03-14 06:56:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-03-02 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-03-21 11:14:43 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2011-02-11 21:49:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2002-03-14 06:56:32 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003-06-19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002-03-14 07:47:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002-03-14 07:47:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002-03-14 07:47:59 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2002-03-14 07:05:19 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002-03-14 07:05:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Pokaż pulpit.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-02-11 21:52:31 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Właściciel\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007-06-27 16:00:02 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 18:20:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004-08-04 00:55:52 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004-08-04 00:55:54 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008-05-02 15:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008-04-13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008-04-14 18:21:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007-04-02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007-04-02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007-04-02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004-08-04 00:55:54 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-08-04 00:55:54 | 000,135,321 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7D6EC5BE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B1FBBD09
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:196FC0A6

< End of report >

freakin malware · Feb 11, 2011

Extras

OTL Extras logfile created on: 2011-02-11 21:56:04 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Właściciel\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 39,90 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 107,66 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive E: | 196,22 Gb Total Space | 193,25 Gb Free Space | 98,49% Space Free | Partition Type: NTFS

Computer Name: DOM-0F8B8E01CF6 | User Name: Właściciel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57568:TCP" = 57568:TCP:*:Enabled

ando Media Booster
"57568:UDP" = 57568:UDP:*:Enabled

ando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet

isabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet

isabled

xpsp2res.dll,-22008
"57568:TCP" = 57568:TCP:*:Enabled

ando Media Booster
"57568:UDP" = 57568:UDP:*:Enabled

ando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6912:TCP" = 6912:TCP:*:Enabled:League of Legends Launcher
"6912:UDP" = 6912:UDP:*:Enabled:League of Legends Launcher
"6990:TCP" = 6990:TCP:*:Enabled:League of Legends Launcher
"6990:UDP" = 6990:UDP:*:Enabled:League of Legends Launcher
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"6970:TCP" = 6970:TCP:*:Enabled:League of Legends Launcher
"6970:UDP" = 6970:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"6995:TCP" = 6995:TCP:*:Enabled:League of Legends Launcher
"6995:UDP" = 6995:UDP:*:Enabled:League of Legends Launcher
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6907:TCP" = 6907:TCP:*:Enabled:League of Legends Launcher
"6907:UDP" = 6907:UDP:*:Enabled:League of Legends Launcher
"6992:TCP" = 6992:TCP:*:Enabled:League of Legends Launcher
"6992:UDP" = 6992:UDP:*:Enabled:League of Legends Launcher
"6986:TCP" = 6986:TCP:*:Enabled:League of Legends Launcher
"6986:UDP" = 6986:UDP:*:Enabled:League of Legends Launcher
"6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher
"6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher
"6917:TCP" = 6917:TCP:*:Enabled:League of Legends Launcher
"6917:UDP" = 6917:UDP:*:Enabled:League of Legends Launcher
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher
"6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher
"6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher
"6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher
"6904:TCP" = 6904:TCP:*:Enabled:League of Legends Launcher
"6904:UDP" = 6904:UDP:*:Enabled:League of Legends Launcher
"6923:TCP" = 6923:TCP:*:Enabled:League of Legends Launcher
"6923:UDP" = 6923:UDP:*:Enabled:League of Legends Launcher
"6972:TCP" = 6972:TCP:*:Enabled:League of Legends Launcher
"6972:UDP" = 6972:UDP:*:Enabled:League of Legends Launcher
"6934:TCP" = 6934:TCP:*:Enabled:League of Legends Launcher
"6934:UDP" = 6934:UDP:*:Enabled:League of Legends Launcher
"6997:TCP" = 6997:TCP:*:Enabled:League of Legends Launcher
"6997:UDP" = 6997:UDP:*:Enabled:League of Legends Launcher
"6956:TCP" = 6956:TCP:*:Enabled:League of Legends Launcher
"6956:UDP" = 6956:UDP:*:Enabled:League of Legends Launcher
"6953:TCP" = 6953:TCP:*:Enabled:League of Legends Launcher
"6953:UDP" = 6953:UDP:*:Enabled:League of Legends Launcher
"6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
"6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher
"6985:TCP" = 6985:TCP:*:Enabled:League of Legends Launcher
"6985:UDP" = 6985:UDP:*:Enabled:League of Legends Launcher
"6942:TCP" = 6942:TCP:*:Enabled:League of Legends Launcher
"6942:UDP" = 6942:UDP:*:Enabled:League of Legends Launcher
"6965:TCP" = 6965:TCP:*:Enabled:League of Legends Launcher
"6965:UDP" = 6965:UDP:*:Enabled:League of Legends Launcher
"6967:TCP" = 6967:TCP:*:Enabled:League of Legends Launcher
"6967:UDP" = 6967:UDP:*:Enabled:League of Legends Launcher
"6939:TCP" = 6939:TCP:*:Enabled:League of Legends Launcher
"6939:UDP" = 6939:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled

ando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Xfire\Xfire.exe" = D:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"D:\Program Files\Gadu-Gadu\gg.exe" = D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"D:\Program Files\Call of Duty\CoDMP.exe" = D:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
"D:\Program Files\Call of Duty\CoDUOMP.exe" = D:\Program Files\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Starcraft\StarCraft.exe" = D:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"D:\Program Files\Hamachi\hamachi.exe" = D:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"D:\Program Files\DuelMasters 2_4\DuelMasters.exe" = D:\Program Files\DuelMasters 2_4\DuelMasters.exe:*:Enabled

uel Masters Civilizations 2.4 -- (DuelZone)
"D:\Program Files\Activision\Call of Duty2\CoD2MP_s.exe" = D:\Program Files\Activision\Call of Duty2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"D:\Program Files\Spellforce\SpellForce.exe" = D:\Program Files\Spellforce\SpellForce.exe:*:Enabled:SpellForce -- ()
"D:\Program Files\AVP2 PH\lithtech.exe" = D:\Program Files\AVP2 PH\lithtech.exe:*

isabled:Client -- ()
"D:\Program Files\AVP2\lithtech.exe" = D:\Program Files\AVP2\lithtech.exe:*

isabled:Client -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\Program Files\World_of_Tanks_closed_Beta\WOTLauncher.exe" = D:\Program Files\World_of_Tanks_closed_Beta\WOTLauncher.exe:*:Enabled:World of Tanks -- (Wargaming.net)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled

ando Media Booster -- ()
"D:\Program Files\World_of_Tanks_closed_Beta\WorldOfTanks.exe" = D:\Program Files\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks -- (Wargaming.net)
"D:\LoL\air\LolClient.exe" = D:\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"D:\LoL\game\League of Legends.exe" = D:\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"D:\Program Files\KF\Killing Floor\System\KillingFloor.exe" = D:\Program Files\KF\Killing Floor\System\KillingFloor.exe:*:Enabled:KillingFloor -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{103B6835-DCA0-413F-A99E-ECAD6622726E}" = Aliens versus Predator 2: Primal Hunt
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks closed beta v.0.4.5
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{329BF75E-4876-4687-9CAD-5AE7DE56EA22}" = The Punisher
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{472C9FFA-422E-465E-8360-D1276B4A4BC0}" = Penumbra - Czarna Plaga + Requiem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F763B06-A014-481B-951A-11AFCD667010}" = Global MU Online
"{656422DA-E1F7-4331-9EBE-BBF6E88580A9}" = Penumbra - Przebudzenie
"{6AAF923E-077E-4543-BA1C-42A75BB03677}" = Sąsiedzi z Piekła Rodem 1 i 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85DAE0C8-B3BB-11D8-88E4-0004769F25D1}" = Spellforce
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A2A94E9-627D-4DCA-A665-8AC08B2A82D6}" = ZhyperMU Season 4 AC V4
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Baldur's Gate" = Baldur's Gate
"Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"BFGC" = Big Fish Games Client
"Call of Duty" = Call of Duty
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DMC 2.1" = DMC 2.1
"DMC_is1" = DMC 2.3b
"Dofus 1.26.0" = Dofus 1.26.0
"Download Manager" = Download Manager 2.3.10
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"GameDesire-Poker" = GameDesire-Poker
"GameSpy Arcade" = GameSpy Arcade
"Hamachi" = Hamachi 1.0.3.0
"Icewind Dale II" = Icewind Dale II
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"ipla" = ipla 2.2.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Massive Assault" = Massive Assault
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero8Lite_is1" = Nero 8 Micro 8.3.2.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"ParadisePoker" = ParadisePoker
"Plants vs. Zombies" = Plants vs. Zombies
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PuzzleQuest_is1" = Puzzle Quest
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spolszczenie" = Spolszczenie 1.0
"Starcraft" = Starcraft
"SubEdit-Player_is1" = SubEdit-Player
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia_is1" = Tibia
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-02-11 03:01:20 | Computer Name = DOM-0F8B8E01CF6 | Source = Service Control Manager | ID = 7023
Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący
błąd: %%126

Error - 2011-02-11 03:25:48 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2011-02-11 03:26:03 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2011-02-11 04:20:35 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2011-02-11 16:50:47 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2011-02-11 16:51:45 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2011-02-11 16:51:58 | Computer Name = DOM-0F8B8E01CF6 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
MDM z argumentami „” w celu uruchomienia serwera: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

< End of report >

Broni · Feb 11, 2011

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7D6EC5BE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B1FBBD09
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:196FC0A6

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

freakin malware · Feb 11, 2011

1 question

My pc seems to have found something:

Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{C763F7F0-5D85-4106-B1B4-E39F11DC460E}\RP310\A0114389.exe.
Action performed: Deny access

Should i be concerned? Sorry for replying so late, my friend was celebrating his b-day today.

Broni · Feb 11, 2011

Should i be concerned?

No. It's located in one of your restore points. We'll reset them at the end of this topic.

Happy Birthday to your friend

freakin malware · Feb 11, 2011

Uuum, I can't seem to find the Run Fix button ... the only ones I've got is: Skanuj, Szybki skan, Wykonaj skrypt, Nic and Sprzątanie. Which one should i click?

Broni · Feb 11, 2011

Wykonaj skrypt.

freakin malware · Feb 11, 2011

Here it is:

All processes killed
========== OTL ==========
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7D6EC5BE deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B1FBBD09 deleted successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:196FC0A6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Właściciel
->Temp folder emptied: 87173553 bytes
->Temporary Internet Files folder emptied: 4753550 bytes
->Java cache emptied: 177764 bytes
->FireFox cache emptied: 52397663 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 946 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 138,00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Właściciel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02112011_233919

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

freakin malware · Feb 11, 2011

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader X
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Broni · Feb 11, 2011

Looks good

I'll wait for Eset log.

freakin malware · Feb 11, 2011

Yay!

ESET said I'm clean and it didn't produce any log. What now, chief?

PS: MY GOD! That scan took it's time... over 2h.

Broni · Feb 11, 2011

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

freakin malware · Feb 12, 2011

Thank you, kind sir

I don't know what I would've done without your time and patient help

Downloaded all the programs you suggested and ran them to check for udpates, etc. The only thing remaining is to read the 'How did I get infected' tips and I'm all set.

As for my PC... it's as if it were a brand new unpacked one that I haven't even put a single program on yet

, well almost

I can honestly say that if compared to the first day I booted it up it's working at 95% rate: the programs work faster, there are no slowdowns and best of all I have a secure working and relaxation place all rolled up into one spot, free of viruses and spywere alike.

THANK YOU

PS: Sorry if I were or caused you any trouble... oh, and my PC rebooted itself once, but it hasn't done that ever since so I guess it was just a one time thing.

PS2: If I have any problems in the future may I come here for assistance again?

Broni · Feb 12, 2011

Absolutely...

For now...

Way to go!!

Good luck and stay safe

Solved HTML/Infected.WebPage.Gen [virus] help!

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Posts: 15 +0

Posts: 56,041 +516

Similar threads