Malware redirecting pages in Google results

Solved
By hasek747
Jun 4, 2011
Topic Status:
Not open for further replies.
  1. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    New aswMBR report...


    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-04 21:01:08
    -----------------------------
    21:01:08.343 OS Version: Windows 5.1.2600 Dodatek Service Pack 3
    21:01:08.343 Number of processors: 2 586 0xF0D
    21:01:08.343 ComputerName: WORKSTATION UserName:
    21:01:08.890 Initialize success
    21:01:10.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
    21:01:10.453 Disk 0 Vendor: SAMSUNG_HD200HJ KF100-06 Size: 190781MB BusType: 3
    21:01:10.453 Disk 0 MBR read error 0
    21:01:10.453 Disk 0 MBR scan
    21:01:10.453 Disk 0 unknown MBR code
    21:01:10.453 MBR BIOS signature not found 0
    21:01:10.453 Disk 0 scanning sectors +390700800
    21:01:10.453 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:01:16.500 Service scanning
    21:01:20.625 Disk 0 trace - called modules:
    21:01:20.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
    21:01:20.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5a14b8]
    21:01:20.640 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a567f18]
    21:01:20.640 5 ACPI.sys[b7e53620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8a563d98]
    21:01:20.640 Scan finished successfully
    21:01:49.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Pulpit\MBR.dat"
    21:01:49.421 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Pulpit\aswMBR.txt"
  2. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Ha, ciekawe :)

    Can you give me fresh GMER log?

    ...and...

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  3. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    New GMER log...


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-04 21:12:54
    Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_HD200HJ rev.KF100-06
    Running: wv2ikvt6.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\kgrorpow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB3279864]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB3279ABA]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [B7DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\adu3m6dw \Device\Scsi\adu3m6dw1Port6Path0Target0Lun0 8A2971F8
    Device \Driver\adu3m6dw \Device\Scsi\adu3m6dw1 8A2971F8
    Device \FileSystem\Ntfs \Ntfs 8A5981F8

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----
  4. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Bootkit log (tried it a few times - same result)...



    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)

    System volume is \\.\C:
    main(): CreateFile() ERROR 5
    ERROR: Can't open volume device \\.\C:

    Done;
    Press any key to quit...
  5. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    atapi.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    I'm on it.
  7. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Around 2 minutes into the scan I got an error message:

    http://imageshack.us/photo/my-images/151/otlerror.jpg/

    After I clicked OK, the OTL status bar now displays "Creating restore point. DO NOT INTERRUPT.."

    It has been like that for 6-7 minutes, nothing seems to be happening. Should I cancel or does it usually take this long?
  8. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Cancel it and try again.

    If stuck again at the very same point, cancel again and remove this line from my script:
    CREATERESTOREPOINT
  9. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    This time everything wen well (without removing that one line.)

    OTL.txt log... (part 1/2)



    OTL logfile created on: 06/04/2011 9:42:43 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Pulpit
    Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.71% Memory free
    1.85 Gb Paging File | 1.08 Gb Available in Paging File | 58.30% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 29.11 Gb Free Space | 15.63% Space Free | Partition Type: NTFS

    Computer Name: WORKSTATION | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/04 21:27:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
    PRC - [2011/06/04 17:14:57 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/06/04 17:14:56 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2011/05/20 07:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2011/04/26 11:21:06 | 000,458,752 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn.exe
    PRC - [2011/04/26 11:21:04 | 000,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
    PRC - [2011/03/10 14:43:52 | 002,005,504 | ---- | M] (Secway) -- C:\Program Files\Secway\SimpLite-Jabber 2.5\SimpLite-Jabber.exe
    PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/04/14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
    PRC - [2005/08/30 20:51:01 | 001,708,032 | ---- | M] (Gadu-Gadu Sp. z oo) -- C:\Program Files\Gadu-Gadu\gg.exe
    PRC - [2002/02/14 18:13:22 | 000,323,584 | ---- | M] () -- C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/04 21:27:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
    MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
    MOD - [2010/11/06 13:12:36 | 000,141,824 | ---- | M] (Secway) -- C:\Program Files\Secway\SimpLite-Jabber 2.5\Plugins\WinsockHookDLL.dll
    MOD - [2010/08/23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2000/07/07 18:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/06/04 17:14:56 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011/04/26 11:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
    SRV - [2009/01/23 19:33:05 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
    SRV - [2008/11/07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/04 17:15:27 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2011/06/04 17:15:09 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2011/05/31 22:02:12 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
    DRV - [2011/05/14 19:04:09 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt)
    DRV - [2011/05/14 19:04:09 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt)
    DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/04/26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2010/10/28 00:02:18 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/09/26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/09/26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2008/09/26 10:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2008/01/25 11:12:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV - [2007/11/21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
    DRV - [2007/10/10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
    DRV - [2007/09/06 15:53:00 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
    DRV - [2007/01/27 20:28:42 | 000,047,855 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FDC1ANT.SYS -- (FDC1ANT)
    DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
    DRV - [2006/06/12 17:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
    DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found


    IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qemit.com
    IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Documents%20and%20Settings/Administrator/Ustawienia%20lokalne/Dane%20aplikacji/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1297545529307

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
    FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
    FF - prefs.js..extensions.enabledItems: scrapbookplus@addons.mozilla.org:1.8.17.30
    FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.0
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.9
    FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.3
    FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.2
    FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c39316f&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=pl&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/10 20:39:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/06/04 20:15:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/04 10:47:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 10:47:45 | 000,000,000 | ---D | M]

    [2008/09/10 11:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
    [2011/05/28 23:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions
    [2009/06/26 11:27:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/12/28 23:54:24 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    [2008/12/27 15:33:52 | 000,000,000 | ---D | M] ("Public Fox") -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}
    [2010/12/18 20:14:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2008/12/27 15:33:54 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
    [2010/12/28 23:54:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\engine@conduit.com
    [2010/12/18 23:15:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2010/12/21 03:20:25 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\firebug@software.joehewitt.com
    [2011/02/12 23:20:11 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\foxyproxy@eric.h.jung
    [2010/08/02 12:04:16 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\LogMeInClient@logmein.com
    [2011/01/14 21:10:14 | 000,000,000 | ---D | M] ("RankChecker") -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\rankchecker@seobook.com
    [2010/07/06 01:20:04 | 000,000,000 | ---D | M] (ScrapBook Plus) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\scrapbookplus@addons.mozilla.org
    [2011/01/14 21:10:14 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\seo4firefox@seobook.com
    [2011/01/14 21:10:14 | 000,000,000 | ---D | M] ("Seo Toolbar") -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ymtr4d1k.default\extensions\seotoolbar@seobook.com
    [2011/06/03 23:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/28 00:06:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/04 20:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
    [2009/07/19 11:25:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/07/26 10:33:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    O1 HOSTS File: ([2010/03/13 13:27:00 | 000,000,719 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
    O3 - HKU\S-1-5-21-448539723-1580436667-839522115-500\..\Toolbar\WebBrowser: (FreeRIP.com Toolbar) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\FreeRIP3\toolband.dll ()
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [oepsrv] c:\WINDOWS\oepext\oepsrv.exe ()
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-448539723-1580436667-839522115-500..\Run: [Simp] C:\Program Files\Secway\SimpLite-Jabber 2.5\SimpLite-Jabber.exe (Secway)
    O4 - HKU\.DEFAULT..\RunOnce: [] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [] File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AutorunsDisabled [2009/07/20 02:23:25 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled [2009/07/20 02:23:28 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKU\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O8 - Extra context menu item: &FreeRIP Search - C:\Program Files\FreeRIP3\toolband.dll ()
    O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
    O15 - HKU\S-1-5-21-448539723-1580436667-839522115-500\..Trusted Domains: mks.com.pl ([]http in Zaufane witryny)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1221038163406 (WUWebControl Class)
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.133.100.100 213.133.98.98 213.133.99.99
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop Components:0 () - C:\Documents and Settings\Administrator\Moje dokumenty\fifths2.gif
    O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/09 21:50:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{09b14c8a-d72a-11de-9e79-00508db38651}\Shell - "" = AutoRun
    O33 - MountPoints2\{09b14c8a-d72a-11de-9e79-00508db38651}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{119fdc08-dc67-11de-9e82-00508db38651}\Shell - "" = AutoRun
    O33 - MountPoints2\{119fdc08-dc67-11de-9e82-00508db38651}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
    O33 - MountPoints2\{4b4d141d-e897-11dd-9dd7-00508db38651}\Shell - "" = AutoRun
    O33 - MountPoints2\{f831d700-f05c-11dd-9de0-00508db38651}\Shell\Auto\command - "" = sal.xls.exe
    O33 - MountPoints2\{f831d700-f05c-11dd-9de0-00508db38651}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
    O33 - MountPoints2\{fb53266c-9192-11df-9eed-00508db38651}\Shell - "" = AutoRun
    O33 - MountPoints2\{fb53266c-9192-11df-9eed-00508db38651}\Shell\AutoRun\command - "" = F:\laucher.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: SSHNAS - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.tscc - C:\WINDOWS\system32\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (55464181163360256)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/04 21:27:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
    [2011/06/04 18:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes
    [2011/06/04 18:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
    [2011/06/04 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/06/04 18:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\HiJackThis
    [2011/06/04 18:14:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
    [2011/06/04 18:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Eraser 6
    [2011/06/04 18:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\COMODO
    [2011/06/04 18:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2011/06/04 18:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Comodo
    [2011/06/04 17:15:45 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2011/06/04 17:15:35 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/06/04 17:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sunbelt Software
    [2011/06/04 17:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Lavasoft
    [2011/06/04 17:09:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/06/04 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
    [2011/06/04 10:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/06/04 10:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Betfair Poker
    [2011/06/04 10:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\eyeQ
    [2011/06/04 10:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Infinite Mind LC
    [2011/06/04 10:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
    [2011/06/04 10:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\FreeRIP3
    [2011/06/04 10:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Logitech
    [2011/06/04 10:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech
    [2011/06/04 10:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight
    [2011/06/04 10:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2011/06/04 10:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox
    [2011/06/04 10:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\RocketReader Version 8.00
    [2011/06/04 10:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MicroSoftOcx
    [2011/06/04 10:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\SnadBoy's Revelation v2
    [2011/06/04 10:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Super Email Spider
    [2011/06/04 10:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Victory Poker
    [2011/06/04 10:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Affilorama
    [2011/06/04 10:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2011/06/04 01:37:22 | 000,000,000 | ---D | C] -- C:\vseqrntn.bin
    [2011/06/03 23:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/06/03 23:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
    [2011/06/03 23:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\CyberDefender
    [2011/06/03 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
    [2011/06/02 21:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2011/06/02 16:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\OpenVPN
    [2011/06/02 16:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
    [2011/06/02 13:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Secway
    [2011/06/02 13:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secway
    [2011/06/02 12:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ICQ7.5
    [2011/06/02 12:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5
    [2011/06/02 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
    [2011/06/02 12:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ICQ
    [2011/06/02 11:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\The Bat! E-Mail
    [2011/06/02 11:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\GSA Email Spider1
    [2011/06/02 11:01:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/06/01 00:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TrueCrypt
    [2011/05/31 22:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\TrueCrypt
    [2011/05/31 22:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TrueCrypt
    [2011/05/31 22:02:12 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
    [2011/05/31 22:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
    [2011/05/30 14:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Kostek
    [2011/05/27 18:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\The Cleveland Show - The Complete Season 2 [HDTV]
    [2011/05/27 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\GSA Email Spiderss
    [2011/05/27 15:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\fec
    [2011/05/27 14:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Mes sessions Email Stacker
    [2011/05/27 14:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Email Stacker
    [2011/05/27 14:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Save Data
    [2011/05/27 13:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit
    [2011/05/27 13:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\northworks.biz
    [2011/05/27 13:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Super Email Harvester
    [2011/05/27 13:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Power Email Harvester
    [2011/05/27 13:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Best Email Extractor
    [2011/05/27 12:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Link Web Extractor
    [2011/05/27 12:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\GSA Email Spider
    [2011/05/26 22:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\the cleveland show season 1
    [2011/05/17 10:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Gadu-Gadu
    [2011/05/15 16:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype Extras
    [2011/05/15 16:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Skype
    [2011/05/15 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2011/05/14 19:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\atari
    [2011/05/07 16:17:56 | 000,097,504 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2008/09/10 12:19:40 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [4 C:\Documents and Settings\Administrator\Pulpit\*.tmp files -> C:\Documents and Settings\Administrator\Pulpit\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/04 21:33:25 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/04 21:30:59 | 000,009,295 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\OTL-error.JPG
    [2011/06/04 21:28:26 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-500UA.job
    [2011/06/04 21:28:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-500Core.job
    [2011/06/04 21:27:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
    [2011/06/04 21:00:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-1006UA.job
    [2011/06/04 20:57:20 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/06/04 20:57:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/04 20:57:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/04 20:56:54 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\Neohnesmrv.job
    [2011/06/04 20:56:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/04 20:33:09 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
    [2011/06/04 17:15:32 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/06/04 17:15:29 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/06/04 17:15:09 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2011/06/04 17:01:25 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\danon
    [2011/06/04 11:03:30 | 000,000,009 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
    [2011/06/04 11:00:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-1006Core.job
    [2011/06/04 10:45:03 | 000,001,843 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2011/06/01 00:06:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2011/05/31 22:02:12 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
    [2011/05/31 20:56:20 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\1306868180.(null)
    [2011/05/31 17:52:46 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/28 12:15:09 | 000,189,962 | ---- | M] () -- C:\Documents and Settings\Administrator\345
    [2011/05/28 04:27:15 | 000,080,851 | ---- | M] () -- C:\WINDOWS\Screenshot.png
    [2011/05/28 04:27:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\LastHTMLPage.html
    [2011/05/27 13:21:46 | 000,000,102 | R--- | M] () -- C:\WINDOWS\amunres.lsl
    [2011/05/27 12:26:21 | 000,121,763 | ---- | M] () -- C:\teste.htm
    [2011/05/14 19:04:09 | 000,162,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
    [2011/05/14 19:04:09 | 000,012,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
    [2011/05/07 17:54:25 | 000,013,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\1.jpg
    [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [4 C:\Documents and Settings\Administrator\Pulpit\*.tmp files -> C:\Documents and Settings\Administrator\Pulpit\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  10. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    OTL.txt log (Part 2/2)



    ========== Files Created - No Company Name ==========

    [2011/06/04 21:30:59 | 000,009,295 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\OTL-error.JPG
    [2011/06/04 18:10:38 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/06/04 17:01:25 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\danon
    [2011/06/04 13:33:42 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\CDBurnerXP.lnk
    [2011/06/04 13:33:41 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2011/06/03 23:14:12 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/06/02 11:49:44 | 000,001,128 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-1006UA.job
    [2011/06/02 11:49:44 | 000,001,076 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-1006Core.job
    [2011/05/31 20:56:20 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\1306868180.(null)
    [2011/05/28 12:15:09 | 000,189,962 | ---- | C] () -- C:\Documents and Settings\Administrator\345
    [2011/05/28 04:27:15 | 000,080,851 | ---- | C] () -- C:\WINDOWS\Screenshot.png
    [2011/05/28 04:27:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LastHTMLPage.html
    [2011/05/27 14:02:22 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\actskn43.ocx
    [2011/05/27 13:21:46 | 000,000,102 | R--- | C] () -- C:\WINDOWS\amunres.lsl
    [2011/05/27 12:26:20 | 000,121,763 | ---- | C] () -- C:\teste.htm
    [2011/05/27 12:25:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
    [2011/05/14 19:04:09 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
    [2011/05/14 19:04:09 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
    [2011/05/07 17:54:25 | 000,013,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\1.jpg
    [2011/02/12 19:43:51 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe BMP Format CS5 Prefs
    [2011/01/27 22:29:03 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
    [2011/01/24 06:22:55 | 000,000,068 | ---- | C] () -- C:\WINDOWS\eyeQ Screen Saver.ini
    [2011/01/24 06:21:29 | 000,079,360 | RHS- | C] () -- C:\WINDOWS\System32\XAPOFX1_1E.dll
    [2011/01/21 01:13:57 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
    [2011/01/21 01:13:46 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2011/01/18 03:58:16 | 000,000,019 | ---- | C] () -- C:\WINDOWS\rrver.ini
    [2011/01/06 22:27:26 | 000,050,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/12/12 23:39:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe PNG Format CS5 Prefs
    [2010/10/09 23:21:17 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/10/09 23:21:15 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/10/09 23:21:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/10/09 23:20:36 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/09/29 00:16:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/09/25 10:28:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
    [2010/09/04 18:54:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
    [2010/07/18 19:00:09 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
    [2010/05/17 19:39:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/05/16 23:48:01 | 000,009,199 | ---- | C] () -- C:\WINDOWS\d.ini
    [2010/04/25 13:04:16 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\TweetAdder
    [2010/03/28 11:33:23 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ss.ini
    [2010/03/20 13:06:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
    [2010/02/23 10:06:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/02/07 23:04:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
    [2010/01/30 01:38:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
    [2009/11/03 03:27:31 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
    [2009/09/23 21:06:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
    [2009/01/23 19:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
    [2008/12/30 20:46:42 | 000,002,479 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/12/30 20:02:39 | 000,000,611 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
    [2008/12/30 20:02:27 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySmp3con.dat
    [2008/12/30 20:02:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2008/12/04 13:27:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2008/12/04 13:27:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2008/12/04 13:27:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2008/12/04 13:27:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
    [2008/11/30 18:57:10 | 000,000,329 | -H-- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\pctlb32
    [2008/09/17 11:48:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/09/13 22:49:50 | 000,000,794 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/09/10 17:14:28 | 000,009,428 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
    [2008/09/10 17:12:03 | 000,003,975 | ---- | C] () -- C:\WINDOWS\wincmd.ini
    [2008/09/10 12:20:41 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
    [2008/09/10 12:20:41 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2008/09/10 12:19:40 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
    [2008/09/10 12:19:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2008/09/10 12:19:40 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
    [2008/09/10 11:44:07 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/09/10 11:14:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/09/10 11:09:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2008/09/09 21:51:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/09/09 21:48:54 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/09/09 19:35:19 | 000,004,825 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/09/09 19:34:33 | 003,565,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/06/28 18:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
    [2007/06/28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/05/15 10:07:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\CSD_IRIVER_GEN.DLL
    [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/04/16 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/04/16 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/04/16 14:00:00 | 000,503,422 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
    [2003/04/16 14:00:00 | 000,444,076 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/04/16 14:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
    [2003/04/16 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/04/16 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/04/16 14:00:00 | 000,090,464 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
    [2003/04/16 14:00:00 | 000,072,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/04/16 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/04/16 14:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
    [2003/04/16 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/04/16 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/04/16 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/04/16 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/02/08 21:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Absolute Poker
    [2011/06/04 10:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Affilorama
    [2010/12/18 03:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AIMP
    [2010/05/17 19:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer
    [2010/10/27 23:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Canneverbe Limited
    [2010/12/13 04:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/07/20 20:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CoreFTP
    [2010/01/05 20:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite
    [2009/01/24 14:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Direct Folders
    [2010/12/13 00:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\EditPlus 3
    [2011/05/27 14:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Email Stacker
    [2011/02/24 12:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Feedreader
    [2011/04/12 16:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FileZilla
    [2009/07/26 10:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit
    [2010/07/21 07:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FTPRush
    [2008/09/10 13:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
    [2011/04/28 12:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10
    [2009/06/22 16:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GARMIN
    [2010/07/09 22:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GlobalSCAPE
    [2010/07/18 18:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Graphisoft
    [2011/05/27 15:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GSA Email Spider
    [2011/06/02 11:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GSA Email Spider1
    [2011/06/02 11:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GSA Email Spiderss
    [2010/09/29 00:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Hide IP NG
    [2010/12/25 03:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\IBP
    [2009/04/11 19:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\IrfanView
    [2010/01/05 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\KS-SW
    [2011/05/31 22:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Lencom
    [2011/01/06 20:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2010/01/26 00:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microgaming
    [2009/04/11 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia
    [2011/05/27 13:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\northworks.biz
    [2011/03/05 00:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++
    [2009/02/12 23:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
    [2011/01/25 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM
    [2010/05/18 00:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
    [2009/02/01 13:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite
    [2009/01/23 19:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PLAux
    [2011/05/27 19:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PriceGong
    [2009/05/12 15:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SimpLogs
    [2010/07/18 21:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SiteDesigner
    [2010/12/13 02:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2009/07/17 20:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer
    [2011/05/31 22:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\TrueCrypt
    [2011/03/27 18:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\TweetAdder3
    [2010/07/20 01:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\UB
    [2011/06/02 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
    [2011/06/04 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AceReader Pro
    [2010/05/11 13:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
    [2010/07/11 09:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar
    [2011/01/30 17:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\avg9
    [2010/07/06 01:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bimesoft
    [2010/10/27 23:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
    [2011/03/15 10:28:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
    [2009/12/23 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
    [2010/03/28 11:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FreeRIP
    [2010/08/12 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
    [2009/06/22 16:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GARMIN
    [2010/07/09 22:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GlobalSCAPE
    [2011/06/02 12:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ICQ
    [2010/06/13 22:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
    [2010/03/28 17:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lencom
    [2011/06/04 11:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LogMeIn
    [2009/02/01 14:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
    [2011/04/13 01:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
    [2008/09/10 13:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
    [2010/12/12 15:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe
    [2011/01/18 03:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RocketReader
    [2011/05/27 14:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Save Data
    [2010/07/18 21:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SiteDesigner
    [2008/11/30 19:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SKL
    [2011/01/21 00:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
    [2011/06/01 00:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrueCrypt
    [2009/07/20 01:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip
    [2010/01/17 09:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\XHEO INC
    [2011/06/04 17:10:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/04/27 16:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/04 13:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Dane aplikacji\Canneverbe Limited
    [2011/06/04 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Dane aplikacji\ICQ
    [2011/06/04 15:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Dane aplikacji\Spyware Terminator
    [2011/06/02 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Dane aplikacji\The Bat!
    [2011/06/04 15:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Test\Dane aplikacji\uTorrent
    [2011/06/04 20:57:20 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/07/20 20:05:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\COREFTP_test.job
    [2011/06/04 20:56:54 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\Neohnesmrv.job
    [2010/07/20 21:26:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\program.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/22 01:27:44 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010/08/29 22:17:42 | 000,001,032 | ---- | M] () -- C:\a.dat
    [2011/06/04 20:56:45 | 000,002,458 | ---- | M] () -- C:\aaw7boot.log
    [2008/09/09 21:50:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/29 22:17:42 | 000,001,032 | ---- | M] () -- C:\b.dat
    [2008/09/10 11:24:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/06/01 00:06:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2003/04/16 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2011/06/04 10:43:52 | 000,011,931 | ---- | M] () -- C:\CDAVFSuser.log
    [2011/06/04 10:35:48 | 000,011,875 | ---- | M] () -- C:\CDAVFSuserBackup.log
    [2004/08/04 00:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
    [2008/12/04 13:30:25 | 000,009,832 | ---- | M] () -- C:\ComboFix.txt
    [2008/09/09 21:50:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/06/03 23:07:38 | 000,337,274 | ---- | M] () -- C:\cybdefauth_i.log
    [2011/06/04 00:29:43 | 000,009,069 | ---- | M] () -- C:\CybDefInstallInfo.log
    [2011/06/03 23:06:24 | 000,000,114 | ---- | M] () -- C:\CybDefWebInstaller.log
    [2010/07/17 15:09:14 | 000,000,008 | -H-- | M] () -- C:\FileMonk.cfg
    [2008/09/09 21:50:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/09/09 21:50:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/09/10 11:21:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/10/27 00:12:23 | 000,251,152 | RHS- | M] () -- C:\ntldr
    [2009/09/23 21:08:33 | 000,000,159 | ---- | M] () -- C:\setup.log
    [1996/09/16 04:00:00 | 000,202,240 | -H-- | M] (DreamWorks Interactive) -- C:\setup95.exe
    [2010/06/02 21:34:30 | 000,019,249 | ---- | M] () -- C:\South.Park.S14E07.Crippled.Summer.HDTV.XviD-FQM.txt
    [2009/01/08 00:19:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/01/22 09:47:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/01/22 14:54:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/01/22 16:28:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/01/08 00:19:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/01/22 09:47:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/01/22 14:54:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/01/22 16:28:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/06/04 19:55:28 | 000,086,886 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_04.06.2011_19.51.06_log.txt
    [2011/05/27 12:26:21 | 000,121,763 | ---- | M] () -- C:\teste.htm

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/09/09 21:50:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/12/04 11:53:54 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp094.dll
    [2003/06/19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >
    [2011/05/28 04:27:15 | 000,080,851 | ---- | M] () -- C:\WINDOWS\Screenshot.png
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*.scr >
    [2002/02/20 15:22:42 | 004,141,056 | ---- | M] () -- C:\WINDOWS\eyeQ Screen Saver.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/09/09 20:33:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/09/09 20:33:40 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/09/09 20:33:40 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/09/10 11:32:51 | 000,000,183 | -HS- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/02/02 21:44:13 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\desktop.ini
    [2011/06/04 21:24:11 | 000,131,072 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 19:21:45 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 19:20:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2003/04/16 14:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/04/11 12:00:30 | 000,001,065 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 16:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 19:21:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2003/04/16 14:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003/04/16 14:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003/04/16 14:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 11:37:22 | 000,135,321 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: ATAPI.SYS >
    [2003/04/16 14:00:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2004/08/04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/10/27 00:09:34 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2004/08/04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/10/27 00:09:34 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B0A96209
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9BC7427F
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C05A8628
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:723BF4A6
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

    < End of report >
  11. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Extras.txt log following....



    OTL Extras logfile created on: 06/04/2011 9:42:43 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Pulpit
    Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.71% Memory free
    1.85 Gb Paging File | 1.08 Gb Available in Paging File | 58.30% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 29.11 Gb Free Space | 15.63% Space Free | Partition Type: NTFS

    Computer Name: WORKSTATION | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Value error.
    http [open] -- "C:\Program Files\Opera\opera.exe" "%1"
    https [open] -- "C:\Program Files\Opera\opera.exe" "%1"
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = 0
    "DisableConfig" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5432:TCP" = 5432:TCP:*:Enabled:postgres

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
    "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
    "C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (Ghisler Software GmbH)
    "C:\WINDOWS\Temp\~os2.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os2.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
    "C:\WINDOWS\Temp\~os4F4.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os4F4.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
    "C:\Ruby\apache\Apache.exe" = C:\Ruby\apache\Apache.exe:*:Enabled:Apache
    "C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
    "C:\WINDOWS\Temp\~os174.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os174.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
    "C:\Program Files\FTPRush\ftprush.exe" = C:\Program Files\FTPRush\ftprush.exe:*:Enabled:FTPRush FTP Client
    "C:\Documents and Settings\Administrator\Pulpit\Outfront_Na_Tylach_Wroga.exe" = C:\Documents and Settings\Administrator\Pulpit\Outfront_Na_Tylach_Wroga.exe:*:Enabled:Outfront_Na_Tylach_Wroga
    "C:\Documents and Settings\Administrator\Pulpit\Wings_of_Prey_Skrzydla_Chwaly.exe" = C:\Documents and Settings\Administrator\Pulpit\Wings_of_Prey_Skrzydla_Chwaly.exe:*:Enabled:Wings_of_Prey_Skrzydla_Chwaly
    "C:\Team17\Worms World Party\wwp.exe" = C:\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party
    "C:\Program Files\Team17\Worms Reloaded\WormsReloaded.exe" = C:\Program Files\Team17\Worms Reloaded\WormsReloaded.exe:*:Enabled:Worms Reloaded
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "D:\EasySetupAssistant\EasySetupAssistant.exe" = D:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
    "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (Gadu-Gadu Sp. z oo)
    "C:\Program Files\fec\Super Email Spider\XSearcher.exe" = C:\Program Files\fec\Super Email Spider\XSearcher.exe:*:Enabled:XSearcher -- ()
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
    "C:\Program Files\ICQ7.5\ICQ.exe" = C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
    "C:\Program Files\Secway\SimpLite-ICQ-AIM 2.5\SimpLite-ICQAIM.exe" = C:\Program Files\Secway\SimpLite-ICQ-AIM 2.5\SimpLite-ICQAIM.exe:*:Enabled:Simp -- (Secway)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0E855D0D-430E-49A2-976E-853BDDBD1348}" = SimpLite-Jabber 2.5
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
    "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
    "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
    "{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
    "{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D5219EC-BFF8-4B7F-AB92-6D827BB37CB0}" = Windows Live Messenger
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{89A590A7-9DCD-4F85-B6E4-ABBB642230C8}" = Tweet Adder 3
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
    "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
    "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
    "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
    "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
    "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
    "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
    "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
    "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
    "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
    "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
    "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
    "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B33CD700-6738-11D4-87FE-0080C6F974A2}" = eyeQ
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5096D00-8B9C-41DB-8472-9D721E982DF0}" = Podstawowe programy Windows Live
    "{C78205AF-82F7-4EAF-A6C9-E1B90B8BB833}" = PCWin Speaker Recorder
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDC0F201-C7E9-4C64-9824-431131F44B51}" = TheBat! Home v5.0.12
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E884A78E-7491-4663-8B99-041D1FBD8B1F}" = SimpLite-ICQ-AIM 2.5
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
    "{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
    "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ASIO4ALL" = ASIO4ALL
    "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)
    "Betfair Poker_is1" = Betfair Poker
    "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pakiet sterowników systemu Windows - Nokia Modem (03/05/2008 3.7)
    "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)
    "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pakiet sterowników systemu Windows - Nokia Modem (03/13/2008 6.86.0.1)
    "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 4.1)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.3)
    "FeedReader_is1" = FeedReader
    "FileZilla Client" = FileZilla Client 3.3.5.1
    "Foxit Reader" = Foxit Reader
    "Gadu-Gadu" = Gadu-Gadu 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "IrfanView" = IrfanView (remove only)
    "iriver plus 3" = iriver plus 3 (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "Ms3DMovie" = Microsoft 3D Movie Maker 1.0
    "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia PC Suite" = Nokia PC Suite
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "OpenVPN" = OpenVPN 2.2.0
    "SQLite ODBC Driver" = SQLite ODBC Driver (remove only)
    "Steam App 500" = Left 4 Dead
    "Super Email Spider_is1" = Super Email Spider
    "Totalcmd" = Total Commander (Remove or Repair)
    "TrueCrypt" = TrueCrypt
    "uTorrent" = µTorrent
    "VLC media player" = VideoLAN VLC media player 0.8.6h
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Podstawowe programy Windows Live
    "WinRAR archiver" = Archiwizator WinRAR
    "Xenu_is1" = Xenu's Link Sleuth
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Eraser" = Eraser
    "Flux" = F.lux
    "Google Chrome" = Google Chrome
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 06/04/2011 11:42:59 AM | Computer Name = WORKSTATION | Source = Application Error | ID = 1000
    Description = Aplikacja powodująca błąd AAWService.exe, wersja 9.0.0.0, moduł powodujący
    błąd MSONSEXT.DLL, wersja 12.0.6415.1000, adres błędu 0x00062566.

    Error - 06/04/2011 12:14:31 PM | Computer Name = WORKSTATION | Source = Application Error | ID = 1000
    Description = Aplikacja powodująca błąd oepsrv.exe, wersja 0.0.0.0, moduł powodujący
    błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

    Error - 06/04/2011 12:22:32 PM | Computer Name = WORKSTATION | Source = ESENT | ID = 490
    Description = svchost (1408) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
    w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
    (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
    przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032
    (0xfffffbf8).

    Error - 06/04/2011 12:22:32 PM | Computer Name = WORKSTATION | Source = ESENT | ID = 470
    Description = Catalog Database (1408) Baza danych C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    jest częściowo dołączona. Etap dołączania: 3. Błąd: -1032.

    Error - 06/04/2011 1:12:20 PM | Computer Name = WORKSTATION | Source = Application Error | ID = 1000
    Description = Aplikacja powodująca błąd oepsrv.exe, wersja 0.0.0.0, moduł powodujący
    błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

    Error - 06/04/2011 1:43:31 PM | Computer Name = WORKSTATION | Source = ESENT | ID = 490
    Description = svchost (1404) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
    w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32
    (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany
    przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032
    (0xfffffbf8).

    Error - 06/04/2011 1:43:31 PM | Computer Name = WORKSTATION | Source = ESENT | ID = 439
    Description = Catalog Database (1404) Nie można dokonać zapisu lustrzanego nagłówka
    pliku C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.
    Błąd -1032.

    Error - 06/04/2011 1:43:31 PM | Computer Name = WORKSTATION | Source = ESENT | ID = 470
    Description = Catalog Database (1404) Baza danych C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    jest częściowo dołączona. Etap dołączania: 1. Błąd: -1032.

    Error - 06/04/2011 2:16:00 PM | Computer Name = WORKSTATION | Source = Application Error | ID = 1000
    Description = Aplikacja powodująca błąd oepsrv.exe, wersja 0.0.0.0, moduł powodujący
    błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

    Error - 06/04/2011 2:57:03 PM | Computer Name = WORKSTATION | Source = Application Error | ID = 1000
    Description = Aplikacja powodująca błąd oepsrv.exe, wersja 0.0.0.0, moduł powodujący
    błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

    [ OSession Events ]
    Error - 07/04/2009 5:58:04 AM | Computer Name = WORKSTATION | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6212.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/29/2010 9:31:01 PM | Computer Name = WORKSTATION | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 02/24/2011 6:34:53 PM | Computer Name = WORKSTATION | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 06/04/2011 2:10:20 PM | Computer Name = WORKSTATION | Source = PlugPlayManager | ID = 11
    Description = Urządzenie Root\LEGACY_AVGTDIX\0000 zniknęło z systemu bez uprzedniego
    przygotowania go do usunięcia.

    Error - 06/04/2011 2:16:30 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7009
    Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
    z usługą LMIGuardianSvc.

    Error - 06/04/2011 2:16:30 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi LMIGuardianSvc z powodu następującego błędu:
    %%1053

    Error - 06/04/2011 2:16:30 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi USBest Service Zero z powodu następującego
    błędu: %%193

    Error - 06/04/2011 2:16:30 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7026
    Description = Nie można załadować następujących sterowników startu rozruchowego
    lub systemowego: NetWorkX

    Error - 06/04/2011 2:57:19 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7009
    Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
    z usługą LMIGuardianSvc.

    Error - 06/04/2011 2:57:19 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi LMIGuardianSvc z powodu następującego błędu:
    %%1053

    Error - 06/04/2011 2:57:19 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7000
    Description = Nie można uruchomić usługi USBest Service Zero z powodu następującego
    błędu: %%193

    Error - 06/04/2011 2:57:19 PM | Computer Name = WORKSTATION | Source = Service Control Manager | ID = 7026
    Description = Nie można załadować następujących sterowników startu rozruchowego
    lub systemowego: NetWorkX

    Error - 06/04/2011 3:22:56 PM | Computer Name = WORKSTATION | Source = Dhcp | ID = 1002
    Description = Adres IP połączenia 10.8.0.38 dla karty sieciowej o adresie 00FFD830D6ED
    został zabroniony przez serwer DHCP 10.8.0.37 (Serwer DHCP wysłał komunikat DHCPNACK).


    < End of report >
     
  12. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Nie martw się o moje IP - jesten na open VPN :)
  13. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
      IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
      IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
      IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-448539723-1580436667-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Documents%20and%20Settings/Administrator/Ustawienia%20lokalne/Dane%20aplikacji/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1297545529307
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKU\.DEFAULT..\RunOnce: [] File not found
      O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] File not found
      O4 - HKU\S-1-5-18..\RunOnce: [] File not found
      O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] File not found
      O4 - HKU\S-1-5-19..\RunOnce: [] File not found
      O4 - HKU\S-1-5-20..\RunOnce: [] File not found
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
      O15 - HKU\S-1-5-21-448539723-1580436667-839522115-500\..Trusted Domains: mks.com.pl ([]http in Zaufane witryny)
      O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
      O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...1F/wmvadvd.cab (Reg Error: Key error.)
      O33 - MountPoints2\{09b14c8a-d72a-11de-9e79-00508db38651}\Shell - "" = AutoRun
      O33 - MountPoints2\{09b14c8a-d72a-11de-9e79-00508db38651}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
      O33 - MountPoints2\{119fdc08-dc67-11de-9e82-00508db38651}\Shell - "" = AutoRun
      O33 - MountPoints2\{119fdc08-dc67-11de-9e82-00508db38651}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
      O33 - MountPoints2\{4b4d141d-e897-11dd-9dd7-00508db38651}\Shell - "" = AutoRun
      O33 - MountPoints2\{f831d700-f05c-11dd-9de0-00508db38651}\Shell\Auto\command - "" = sal.xls.exe
      O33 - MountPoints2\{f831d700-f05c-11dd-9de0-00508db38651}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
      O33 - MountPoints2\{fb53266c-9192-11df-9eed-00508db38651}\Shell - "" = AutoRun
      O33 - MountPoints2\{fb53266c-9192-11df-9eed-00508db38651}\Shell\AutoRun\command - "" = F:\laucher.exe
      O33 - MountPoints2\E\Shell - "" = AutoRun
      O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
      [4 C:\Documents and Settings\Administrator\Pulpit\*.tmp files -> C:\Documents and Settings\Administrator\Pulpit\*.tmp -> ]
      [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2011/06/04 20:56:54 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\Neohnesmrv.job
      [2011/05/31 20:56:20 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\1306868180.(null)
      [2011/01/24 06:21:29 | 000,079,360 | RHS- | C] () -- C:\WINDOWS\System32\XAPOFX1_1E.dll
      @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B0A96209
      @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9BC7427F
      @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C05A8628
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:723BF4A6
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  14. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    I couldn't find the custom scans/fixes field. It simply removed the remaining files of the older versions of Java, there were no options for me to choose from.

    JavaRa log follows...



    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Jun 04 22:14:43 2011

    Found and removed: C:\Documents and Settings\Administrator\Dane aplikacji\Sun\Java\jre1.6.0_14

    Found and removed: C:\Documents and Settings\Administrator\Dane aplikacji\Sun\Java\jre1.6.0_24

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    ------------------------------------

    Finished reporting.



    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Jun 04 22:15:02 2011

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    ------------------------------------

    Finished reporting.
  15. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    That's for step 2 -OTL fix.
  16. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Ahhh, I mis-read your last post; sorry. Will post the OTL report asap.
  17. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Here are the OTL Fix results...



    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-448539723-1580436667-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.
    Registry value HKEY_USERS\S-1-5-21-448539723-1580436667-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KeyScrambler deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KeyScrambler not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_USERS\S-1-5-21-448539723-1580436667-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mks.com.pl\ deleted successfully.
    Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09b14c8a-d72a-11de-9e79-00508db38651}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09b14c8a-d72a-11de-9e79-00508db38651}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09b14c8a-d72a-11de-9e79-00508db38651}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09b14c8a-d72a-11de-9e79-00508db38651}\ not found.
    File E:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{119fdc08-dc67-11de-9e82-00508db38651}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{119fdc08-dc67-11de-9e82-00508db38651}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{119fdc08-dc67-11de-9e82-00508db38651}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{119fdc08-dc67-11de-9e82-00508db38651}\ not found.
    File F:\USBAutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b4d141d-e897-11dd-9dd7-00508db38651}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b4d141d-e897-11dd-9dd7-00508db38651}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f831d700-f05c-11dd-9de0-00508db38651}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f831d700-f05c-11dd-9de0-00508db38651}\ not found.
    File sal.xls.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f831d700-f05c-11dd-9de0-00508db38651}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f831d700-f05c-11dd-9de0-00508db38651}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb53266c-9192-11df-9eed-00508db38651}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb53266c-9192-11df-9eed-00508db38651}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb53266c-9192-11df-9eed-00508db38651}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb53266c-9192-11df-9eed-00508db38651}\ not found.
    File F:\laucher.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
    File E:\USBAutoRun.exe not found.
    C:\Documents and Settings\Administrator\Pulpit\~WRL3129.tmp deleted successfully.
    C:\Documents and Settings\Administrator\Pulpit\~WRL3616.tmp deleted successfully.
    C:\Documents and Settings\Administrator\Pulpit\~WRL3845.tmp deleted successfully.
    C:\Documents and Settings\Administrator\Pulpit\~WRL3879.tmp deleted successfully.
    C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\tasks\Neohnesmrv.job moved successfully.
    C:\WINDOWS\system32\1306868180.(null) moved successfully.
    C:\WINDOWS\system32\XAPOFX1_1E.dll moved successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B0A96209 deleted successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9BC7427F deleted successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C05A8628 deleted successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:723BF4A6 deleted successfully.
    ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 171082812 bytes
    ->Temporary Internet Files folder emptied: 57264663 bytes
    ->Java cache emptied: 66100115 bytes
    ->FireFox cache emptied: 111657403 bytes
    ->Google Chrome cache emptied: 276462628 bytes
    ->Apple Safari cache emptied: 22936576 bytes
    ->Opera cache emptied: 15403042 bytes
    ->Flash cache emptied: 2181749 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 38784 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 119962 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Test
    ->Temp folder emptied: 69847527 bytes
    ->Temporary Internet Files folder emptied: 181589097 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 4490121 bytes
    ->Google Chrome cache emptied: 6099312 bytes
    ->Flash cache emptied: 58829 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 23259324 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 962.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: LogMeInRemoteUser

    User: NetworkService

    User: postgres

    User: Test
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 06042011_223738

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\hsperfdata_SYSTEM\1968 not found!

    Registry entries deleted on Reboot...
  18. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Hmm, not sure if this is permanent, but it seems that the problem has disappeared temporarily - I haven't experienced the redirect for the past 15 minutes, even though I've opened A LOT of pages for testing purposes :) either way, if there is anything I should do next, let me know.

    I'll post an update soon of how things are going in any case!
  19. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Damn, it really seems the problem is gone! :)

    What exactly was the issue, do you reckon?

    Thanks a ton for your time and help man!
  20. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Good news :)

    Well, each tool we ran so far removed some issues, so without knowing at what stage of our cleaning process redirection stopped, it's hard to say what was the main issue.
    I'm glad, we fixed it :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    I'm 95% certain the issue wasn't fixed until the last step - applying fixes in OTL :)

    I'll post the other logs asap (working on it.)
  22. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    OK :).......
  23. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Security Check log follows. A few explanations:

    1. Windows firewall is disabled because I'm running Comodo
    2. I installed Avira, as I didn't feel comfortable without an anti-virus anymore, hope that's not a problem and doesn't affect anything.
    3. I don't use Internet Explorer at all, so it being outdated shouldn't be a problem, right?
    4. Not sure why it says Java is out of date, we just fixed that.



    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Avira AntiVir Personal - Free Antivirus
    Antivirus out of date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    MVPS Hosts File
    SpywareBlaster 4.4
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ``````````End of Log````````````
  24. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    1. Fine
    2. Fine
    3. No, IE is a part of Windows and even, if you don't use it, it's still there, thus must be kept up to date.
    4. Your Java is fine.

    All I need is Eset scan...
  25. hasek747

    hasek747 Newcomer, in training Topic Starter Posts: 46

    Temp files removed. Now the virus scan.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.