Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

globalroot\Device\_max++


  • This topic is locked This topic is locked
34 replies to this topic

#1 RobertAd

RobertAd

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 30 August 2009 - 08:00 PM

Hi,
I was instructed by "DaChew" to post this log here. I can't run DDS or RootRepeal. This is a link to my original post:
[topic="link"]http://www.bleepingcomputer.com/forums/index.php?showtopic=253674&st=0&gopid=1406376&#entry1406376[/topic]



Log file is located at: C:\Documents and Settings\Robert\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Found mount point : C:\windows\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^

Cannot access: C:\windows\system32\dumprep.exe

[1] 2004-08-04 03:56:48 10752 C:\windows\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\windows\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\windows\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\windows\system32\dumprep.exe ()

[2] 2008-04-13 20:12:18 10752 C:\System Volume Information\_restore{F6164422-88E5-4985-B637-78451FC1E9B9}\RP766\A0159550.exe (Microsoft Corporation)



Cannot access: C:\windows\system32\scecli.dll

[1] 2004-08-04 03:56:44 180224 C:\windows\$NtServicePackUninstall$\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 181248 C:\windows\ServicePackFiles\i386\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 181248 C:\windows\system32\dllcache\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 60928 C:\windows\system32\scecli.dll ()

[2] 2008-04-13 20:12:05 181248 C:\windows\system32\sceclt.dll (Microsoft Corporation)

[2] 2008-04-13 20:12:05 181248 C:\System Volume Information\_restore{F6164422-88E5-4985-B637-78451FC1E9B9}\RP766\A0160970.dll (Microsoft Corporation)

[2] 2008-04-13 20:12:05 181248 C:\System Volume Information\_restore{F6164422-88E5-4985-B637-78451FC1E9B9}\RP766\A0162509.dll (Microsoft Corporation)



Cannot access: C:\windows\system32\wbem\wmiprvse.exe

[1] 2007-03-19 22:30:57 218112 C:\windows\$NtServicePackUninstall$\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\windows\ServicePackFiles\i386\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\windows\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\windows\system32\wbem\wmiprvse.exe ()

[2] 2008-04-13 20:12:40 218112 C:\System Volume Information\_restore{F6164422-88E5-4985-B637-78451FC1E9B9}\RP766\A0161620.exe (Microsoft Corporation)





Finished!
Thank you in advance!

Edited by RobertAd, 31 August 2009 - 06:34 AM.


BC AdBot (Login to Remove)

 


#2 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 31 August 2009 - 11:15 AM

Anyone?
Thanks

Hello RobertAd,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 31 August 2009 - 11:53 AM.


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 31 August 2009 - 07:04 PM

Hello my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.


Your log will be analyzed and you will be instructed on what to do next as soon as possible.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 31 August 2009 - 09:17 PM

Thank you, I will be waiting for your instructions.
Robert

Edited by RobertAd, 31 August 2009 - 09:23 PM.


#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 02 September 2009 - 03:57 AM

Hello Robert,

Sorry for the delay, forum have been really busy.


1. Please save this FILE to your desktop. Click on Start > Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r



2. Please do the following:

1. Click on the Start button, then click on Run...
2. In the empty "Open:" box provided, type cmd and press Enter

This will launch a Command Prompt window (looks like DOS).

3. Copy the entire Bold text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\ServicePackFiles\i386\scecli.dll C:\ /y

4. In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
5. Press Enter.

When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy
was not successful.

6. Exit the Command Prompt window.



3. Download The Avenger2 by SwanDog46.
  • Unzip avenger.exe to your desktop.
  • Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    C:\scecli.dll | C:\WINDOWS\system32\scecli.dll
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.


4. We Need to check for Rootkits with RootRepeal[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply.
[/list]
Please post the following when you reply:
  • RootRepeal.txt
  • Win32kDiag.txt
  • Avenger.txt

~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 02 September 2009 - 10:42 PM

Hi,
Here is the log from Win32kDiag:



Log file is located at: C:\Documents and Settings\Tomek\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Found mount point : C:\windows\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Cannot access: C:\windows\system32\dumprep.exe

Attempting to restore permissions of : C:\windows\system32\dumprep.exe

[1] 2004-08-04 03:56:48 10752 C:\windows\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\windows\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\windows\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 C:\windows\system32\dumprep.exe (Microsoft Corporation)



Cannot access: C:\windows\system32\scecli.dll

Attempting to restore permissions of : C:\windows\system32\scecli.dll

[1] 2004-08-04 03:56:44 180224 C:\windows\$NtServicePackUninstall$\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 181248 C:\windows\ServicePackFiles\i386\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 181248 C:\windows\system32\dllcache\scecli.dll (Microsoft Corporation)

[1] 2008-04-13 20:12:05 60928 C:\windows\system32\scecli.dll ()

[2] 2008-04-13 20:12:05 181248 C:\windows\system32\sceclt.dll (Microsoft Corporation)



Cannot access: C:\windows\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\windows\system32\wbem\wmiprvse.exe

[1] 2007-03-19 22:30:57 218112 C:\windows\$NtServicePackUninstall$\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\windows\ServicePackFiles\i386\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\windows\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:40 218112 C:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)





Finished!


Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\scecli.dll|C:\WINDOWS\system32\scecli.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


I can't get anything from RootRepeal... it's initializing for hours and nothing happens.

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 03 September 2009 - 09:42 AM

Hi,

1. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.




2. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

3. Let's try Rootrepeal this time. Please do a scan and post the log for me. Thanks.


~Semp :(

Edited by sempai, 03 September 2009 - 09:44 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 September 2009 - 04:38 PM

Hi,
1. ComboFix scan:

ComboFix 09-09-03.02 - Tomek 11/05/03 23:31.1.1 - NTFSx86
Running from: c:\documents and settings\Tomek\Desktop\lato.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\ACT! 2006
c:\documents and settings\All Users\Start Menu\Programs\ACT! 2006 \ACT! 2006 .lnk
c:\documents and settings\All Users\Start Menu\Programs\ACT! 2006 \Read Me.lnk
c:\documents and settings\All Users\Start Menu\Programs\ACT! 2006 \Uninstall.lnk
c:\documents and settings\All Users\Start Menu\Programs\ACT! 2006 \User Guide.lnk
c:\windows\Fonts\adgo.ttf
c:\windows\Fonts\amel.ttf
c:\windows\Fonts\aure.ttf
c:\windows\Fonts\Belf.ttf
c:\windows\Fonts\Belfh.ttf
c:\windows\Fonts\caadb.ttf
c:\windows\Fonts\Heli.ttf
c:\windows\Fonts\pino.ttf
c:\windows\Fonts\plk4i.ttf
c:\windows\Fonts\quar.ttf
c:\windows\Fonts\tolei.ttf
c:\windows\Installer\18322d.msi
c:\windows\Installer\32bb33e4.msp
c:\windows\Installer\WinRMSrv.msi
c:\windows\patch.exe
c:\windows\qmdispatch.dll
c:\windows\system\phobill.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\Data
c:\windows\system32\Drivers\luwxttbc.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\fgxp9.dll
c:\windows\system32\hydfytew.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2003-10-06 to 2003-11-06 )))))))))))))))))))))))))))))))
.

2009-08-30 13:15 . 2009-08-30 13:15 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\Serif
2009-08-28 03:49 . 2009-09-02 04:24 -------- d-----w- C:\OutputFolder
2009-08-18 00:57 . 2009-08-18 01:02 -------- d-----w- C:\CPM
2009-08-17 16:17 . 2009-08-17 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Quadroland
2009-08-17 16:16 . 2009-08-17 16:19 -------- d-----w- c:\program files\Q-ImageUploader Pro v1
2009-08-17 14:01 . 2009-08-17 14:02 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-08-11 15:58 . 2009-08-11 15:58 -------- d-----w- c:\program files\SWFObject 2 generator v1.2 AIR
2009-08-09 18:59 . 2009-08-09 19:00 -------- d-----w- C:\MGTools
2009-08-08 04:13 . 2009-08-09 14:33 -------- d-----w- C:\SmitfraudFix
2009-08-07 12:06 . 2001-08-18 02:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2009-08-07 12:01 . 2001-08-18 12:00 42573 -c--a-w- c:\windows\system32\dllcache\hrtzzm.exe
2009-08-07 11:55 . 2001-08-18 12:00 42577 -c--a-w- c:\windows\system32\dllcache\bckgzm.exe
2009-08-07 11:42 . 2001-08-18 12:00 132608 -c--a-w- c:\windows\system32\dllcache\rsvp.exe
2009-08-07 11:42 . 2001-08-18 12:00 132608 ----a-w- c:\windows\system32\rsvp.exe
2009-08-07 04:48 . 2009-08-09 16:19 -------- d-----w- C:\hajdzak
2009-07-21 07:05 . 2009-08-09 14:15 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-20 15:06 . 2009-07-20 15:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 15:06 . 2009-07-20 15:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-20 15:05 . 2009-07-20 15:05 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 15:05 . 2009-07-20 15:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 15:05 . 2009-08-08 12:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-20 15:04 . 2009-08-08 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-20 14:58 . 2009-07-20 14:58 -------- d-----w- c:\documents and settings\Tomek\Application Data\AVG8
2009-07-08 05:31 . 2009-07-08 05:31 -------- d-----w- c:\program files\MSECache
2009-06-27 14:30 . 2009-06-27 14:31 -------- d-----w- c:\program files\Workspace Macro Pro 6.5
2009-06-27 12:10 . 2007-04-22 20:04 36864 ----a-w- c:\windows\system32\azpkerg.dll
2009-06-27 12:09 . 2009-08-07 11:38 -------- d-----w- c:\program files\QMacro
2009-06-27 05:37 . 2009-06-29 23:55 -------- d-----w- c:\program files\Automize8
2009-06-27 04:51 . 2009-06-27 04:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-27 04:07 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-06-27 04:07 . 2009-06-27 04:07 -------- d-----w- c:\program files\MagicDisc
2009-06-27 00:10 . 2009-06-27 05:29 -------- d-----w- c:\program files\Automation Anywhere 4.0
2009-06-07 01:48 . 2009-06-07 03:37 -------- d-----w- c:\documents and settings\Tomek\Application Data\Nowe Gadu-Gadu
2009-06-07 01:48 . 2009-07-31 17:15 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-06-02 02:18 . 2008-04-14 00:11 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2009-06-02 02:18 . 2008-04-14 00:11 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-05-26 16:22 . 2009-05-26 16:26 1140 ----a-w- C:\drmHeader.bin
2009-05-11 17:17 . 2009-05-11 17:17 -------- d-----w- c:\program files\Google
2009-05-05 14:28 . 2009-05-05 14:28 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\JoomlaPack Remote
2009-04-20 00:27 . 2009-04-22 21:24 -------- d-----w- c:\program files\Amara - Flash Intro and Banner Builder
2009-04-18 19:00 . 2009-05-02 13:00 -------- d-----w- C:\my flashes
2009-04-18 18:54 . 2009-04-18 18:54 25 ----a-w- c:\windows\system32\sysfsaver.dat
2009-04-18 18:53 . 2009-04-18 18:53 -------- d-----w- c:\program files\Flash saver
2009-04-04 00:24 . 2009-04-04 00:24 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-04-02 14:05 . 2009-04-02 14:05 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\MicroVision Applications
2009-04-02 13:54 . 2009-04-02 13:55 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2009-04-02 13:54 . 2009-04-02 13:54 -------- d-----w- c:\windows\MVUNINST
2009-03-24 19:00 . 2009-03-24 19:00 -------- d-----w- c:\program files\Webteh
2009-03-07 17:25 . 2006-07-12 02:50 11776 ----a-w- c:\windows\system32\drivers\grmn1200.sys
2009-03-07 17:25 . 2006-04-12 02:51 16512 ----a-w- c:\windows\system32\drivers\grmn0400.sys
2009-03-07 17:25 . 2006-02-21 01:25 17536 ----a-w- c:\windows\system32\drivers\grmn0200.sys
2009-03-07 17:25 . 2003-09-23 21:42 7296 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2009-03-07 17:25 . 2003-09-23 21:42 17024 ----a-w- c:\windows\system32\drivers\grmngen.sys
2009-03-04 23:13 . 2009-03-04 23:13 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\Citrix
2009-02-26 00:00 . 2009-02-26 00:00 -------- d-----w- c:\documents and settings\Tomek\Application Data\DisplayTune
2009-02-25 23:48 . 2008-07-31 16:13 17064 ----a-w- c:\windows\system32\drivers\PdiPorts.sys
2009-02-20 12:02 . 2009-02-20 12:02 124168 ----a-w- c:\windows\system32\PPPFilt.dll
2009-02-10 05:33 . 2009-01-11 05:33 59 ----a-w- c:\documents and settings\Tomek\Local Settings\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2009-02-04 23:08 . 2009-02-04 23:08 -------- d-----w- c:\documents and settings\Tomek\Library
2009-02-04 23:08 . 2009-02-04 23:08 -------- d-----w- c:\documents and settings\Tomek\Application Data\com.adobe.ExMan
2009-02-03 06:17 . 2006-10-24 19:16 242176 ----a-w- c:\windows\system32\fixflash.exe
2009-02-03 06:17 . 2009-02-03 06:18 -------- d-----w- c:\program files\Allok Video to FLV Converter
2009-02-03 05:56 . 2009-02-03 05:57 -------- d-----w- c:\program files\Allok Video Converter
2009-02-03 05:52 . 2007-04-12 19:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-02-03 05:52 . 2006-09-26 18:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-02-03 05:52 . 2009-02-03 05:52 -------- d-----w- c:\program files\Allok Video to MP4 Converter
2009-02-03 05:14 . 2006-09-17 00:44 314368 ----a-w- c:\windows\system32\avisynth.dll
2009-02-03 05:14 . 2004-05-27 02:37 719872 ----a-w- c:\windows\system32\devil.dll
2009-02-03 05:14 . 2009-02-03 05:15 -------- d-----w- c:\program files\Video Convert Master
2009-02-03 05:10 . 2009-02-03 05:10 -------- d-----w- c:\program files\Media Convert Master
2009-02-03 01:54 . 2009-02-03 01:54 -------- d-----w- c:\documents and settings\Tomek\Application Data\XeMoviePlayer.A1ACC815BFD9399B3F8CE896621A0C9027CA5EE5.1
2009-02-03 01:53 . 2009-02-03 01:53 -------- d-----w- c:\program files\XeMoviePlayer
2009-02-03 01:53 . 2009-08-11 03:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-01-26 04:57 . 2009-01-26 04:57 -------- d-----w- c:\program files\Firegraphic
2009-01-25 22:32 . 2009-01-25 22:32 -------- d--h--w- c:\documents and settings\Tomek\Application Data\FVSTemp
2009-01-25 21:43 . 2009-02-01 17:01 -------- d-----w- c:\program files\Flash Music Studio 1.0
2009-01-25 21:41 . 2009-01-25 21:41 -------- d-----w- c:\documents and settings\Tomek\Application Data\PixelMetrics
2009-01-25 21:39 . 2009-01-25 21:40 -------- d-----w- c:\program files\CaptureWiz
2009-01-25 16:13 . 2009-06-27 05:36 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\Downloaded Installations
2009-01-25 15:55 . 2009-01-25 15:55 -------- d-----w- c:\program files\MOJOSOFT
2009-01-25 15:55 . 2009-01-25 15:55 -------- d-----w- c:\documents and settings\Tomek\Application Data\mojosoft
2009-01-24 00:37 . 2009-01-24 00:44 -------- d-----w- c:\program files\The Logo Creator v5
2009-01-24 00:08 . 2009-01-24 00:33 -------- d-----w- c:\program files\The Logo Creator v4
2009-01-23 00:54 . 2009-08-17 15:59 -------- d-----w- c:\program files\Flash Menu Labs Pro v2
2009-01-20 23:50 . 2009-01-20 23:51 -------- d-----w- c:\documents and settings\Tomek\Application Data\LogoMaker
2009-01-20 23:47 . 2009-01-20 23:47 -------- d-----w- c:\program files\Studio V5
2009-01-19 15:39 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-01-19 15:39 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-01-19 15:20 . 2009-01-19 15:20 -------- d-----w- c:\program files\Adobe Media Player
2009-01-12 04:18 . 2009-06-23 05:04 -------- d-----w- C:\Downloads
2009-01-11 17:10 . 2009-01-25 05:23 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\True BoxShot
2009-01-11 17:10 . 2009-01-24 22:48 -------- d-----w- c:\program files\True BoxShot
2009-01-07 22:20 . 2009-01-07 22:20 265720 ----a-w- c:\windows\system32\msdbg2.dll
2009-01-06 06:29 . 2009-01-06 06:29 -------- d-----w- c:\program files\Mix-FX
2009-01-05 18:27 . 2009-01-05 18:27 -------- d-----w- c:\program files\Safari
2009-01-05 18:25 . 2009-01-05 18:25 -------- d-----w- c:\program files\Common Files\Apple
2009-01-05 18:23 . 2009-01-05 18:23 -------- d-----w- c:\program files\Apple Software Update
2009-01-05 18:23 . 2009-01-05 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-01-05 18:18 . 2009-01-05 18:18 -------- d-----w- c:\documents and settings\Tomek\Local Settings\Application Data\Opera
2009-01-05 18:18 . 2009-03-05 04:59 -------- d-----w- c:\program files\Opera
2009-01-05 16:34 . 2009-01-05 16:46 -------- d-----w- c:\program files\SpywareBlaster
2009-01-05 16:34 . 2009-08-07 11:45 -------- d-----w- c:\program files\SpywareGuard
2009-01-05 16:33 . 2009-01-05 16:33 -------- d-----w- c:\documents and settings\Tomek\Application Data\WinPatrol
2008-12-23 04:46 . 2003-11-06 04:28 -------- d-----w- C:\ComboFix
2008-12-22 14:39 . 2008-12-22 14:39 -------- d-----w- c:\program files\CCleaner
2008-12-22 05:25 . 2001-08-18 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2008-12-22 03:57 . 2009-08-07 10:04 -------- d-----w- c:\program files\a-squared Free
2008-12-19 23:59 . 2004-03-29 22:23 90112 ----a-w- c:\windows\unvise32.exe
2008-12-17 05:23 . 2008-12-17 05:23 -------- d-----w- c:\program files\Theorica Divx ;-) Codecs
2008-12-17 00:33 . 2008-12-17 01:08 -------- d-----w- c:\documents and settings\Tomek\Application Data\Twain
2008-12-15 14:08 . 2008-12-15 14:08 -------- d-----w- c:\program files\MediaInfo
2008-12-06 08:55 . 2008-12-06 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2008-12-06 05:00 . 2008-12-06 05:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2008-12-06 05:00 . 2009-02-03 05:15 -------- d-----w- c:\documents and settings\Tomek\Application Data\Vso
2008-12-06 04:59 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2008-12-06 04:59 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2008-12-06 04:59 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2008-12-06 04:59 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2008-12-06 04:59 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2008-12-06 04:59 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2008-12-06 04:59 . 2004-05-04 16:53 1645320 ----a-w- c:\windows\gdiplus.dll
2008-12-06 04:59 . 2008-12-06 04:59 -------- d-----w- c:\program files\VSO
2008-12-01 23:32 . 2008-12-01 23:32 -------- d-----w- c:\program files\ImTOO
2008-12-01 23:09 . 2008-12-01 23:33 -------- d-----w- c:\documents and settings\Tomek\Application Data\ImTOO Software Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 11:38 . 2007-06-30 14:11 -------- d-----w- c:\program files\Agogo AVI MPEG WMV RM MOV Converter
2009-03-08 18:22 . 2009-03-08 18:22 1241088 ----a-w- c:\windows\system32\SET75.tmp
2009-03-08 18:21 . 2009-03-08 18:21 10240 ----a-w- c:\windows\system32\SET64.tmp
2009-03-08 18:09 . 2009-03-08 18:09 391536 ----a-w- c:\windows\system32\SET72.tmp
2009-03-08 08:41 . 2009-03-08 08:41 5937152 ----a-w- c:\windows\system32\SET87.tmp
2009-03-08 08:39 . 2009-03-08 08:39 11063808 ----a-w- c:\windows\system32\SET74.tmp
2009-03-08 08:35 . 2009-03-08 08:35 385024 ----a-w- c:\windows\system32\SET68.tmp
2009-03-08 08:34 . 2009-03-08 08:34 914944 ------w- c:\windows\system32\SET97.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1206784 ----a-w- c:\windows\system32\SET93.tmp
2009-03-08 08:34 . 2009-03-08 08:34 1469440 ----a-w- c:\windows\system32\SET7D.tmp
2009-03-08 08:34 . 2009-03-08 08:34 236544 ----a-w- c:\windows\system32\SET95.tmp
2009-03-08 08:34 . 2009-03-08 08:34 208384 ----a-w- c:\windows\system32\SET96.tmp
2009-03-08 08:34 . 2009-03-08 08:34 43008 ----a-w- c:\windows\system32\SET81.tmp
2009-03-08 08:34 . 2009-03-08 08:34 105984 ----a-w- c:\windows\system32\SET92.tmp
2009-03-08 08:34 . 2009-03-08 08:34 193536 ----a-w- c:\windows\system32\SET8C.tmp
2009-03-08 08:34 . 2009-03-08 08:34 109568 ----a-w- c:\windows\system32\SET8F.tmp
2009-03-08 08:33 . 2009-03-08 08:33 18944 ----a-w- c:\windows\system32\SET65.tmp
2009-03-08 08:33 . 2009-03-08 08:33 25600 ----a-w- c:\windows\system32\SET80.tmp
2009-03-08 08:33 . 2009-03-08 08:33 726528 ----a-w- c:\windows\system32\SET7F.tmp
2009-03-08 08:33 . 2009-03-08 08:33 229376 ----a-w- c:\windows\system32\SET6E.tmp
2009-03-08 08:33 . 2009-03-08 08:33 420352 ----a-w- c:\windows\system32\SET94.tmp
2009-03-08 08:33 . 2009-03-08 08:33 125952 ----a-w- c:\windows\system32\SET6D.tmp
2009-03-08 08:32 . 2009-03-08 08:32 72704 ----a-w- c:\windows\system32\SET62.tmp
2009-03-08 08:32 . 2009-03-08 08:32 173056 ----a-w- c:\windows\system32\SET6A.tmp
2009-03-08 08:32 . 2009-03-08 08:32 163840 ----a-w- c:\windows\system32\SET6F.tmp
2009-03-08 08:32 . 2009-03-08 08:32 71680 ----a-w- c:\windows\system32\SET79.tmp
2009-03-08 08:32 . 2009-03-08 08:32 55808 ----a-w- c:\windows\system32\SET77.tmp
2009-03-08 08:32 . 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\SET63.tmp
2009-03-08 08:32 . 2009-03-08 08:32 94720 ----a-w- c:\windows\system32\SET7E.tmp
2009-03-08 08:32 . 2009-03-08 08:32 594432 ----a-w- c:\windows\system32\SET82.tmp
2009-03-08 08:32 . 2009-03-08 08:32 1985024 ----a-w- c:\windows\system32\SET78.tmp
2009-03-08 08:32 . 2009-03-08 08:32 611840 ----a-w- c:\windows\system32\SET8E.tmp
2009-03-08 08:31 . 2009-03-08 08:31 183808 ----a-w- c:\windows\system32\SET76.tmp
2009-03-08 08:31 . 2009-03-08 08:31 13312 ----a-w- c:\windows\system32\SET84.tmp
2009-03-08 08:31 . 2009-03-08 08:31 59904 ----a-w- c:\windows\system32\SET69.tmp
2009-03-08 08:31 . 2009-03-08 08:31 55296 ----a-w- c:\windows\system32\SET83.tmp
2009-03-08 08:31 . 2009-03-08 08:31 348160 ----a-w- c:\windows\system32\SET66.tmp
2009-03-08 08:31 . 2009-03-08 08:31 34816 ----a-w- c:\windows\system32\SET7C.tmp
2009-03-08 08:31 . 2009-03-08 08:31 216064 ----a-w- c:\windows\system32\SET67.tmp
2009-03-08 08:31 . 2009-03-08 08:31 46592 ----a-w- c:\windows\system32\SET90.tmp
2009-03-08 08:31 . 2009-03-08 08:31 66560 ----a-w- c:\windows\system32\SET89.tmp
2009-03-08 08:31 . 2009-03-08 08:31 48128 ----a-w- c:\windows\system32\SET8A.tmp
2009-03-08 08:31 . 2009-03-08 08:31 45568 ----a-w- c:\windows\system32\SET85.tmp
2009-03-08 08:31 . 2009-03-08 08:31 1638912 ----a-w- c:\windows\system32\SET88.tmp
2009-03-08 08:30 . 2009-03-08 08:30 66560 ----a-w- c:\windows\system32\SET91.tmp
2009-03-08 08:22 . 2009-03-08 08:22 164352 ----a-w- c:\windows\system32\SET7A.tmp
2009-03-08 08:22 . 2009-03-08 08:22 156160 ----a-w- c:\windows\system32\SET8B.tmp
2009-03-08 08:15 . 2009-03-08 08:15 57667 ----a-w- c:\windows\system32\SET7B.tmp
2009-03-08 08:11 . 2009-03-08 08:11 445952 ----a-w- c:\windows\system32\SET71.tmp
2009-02-25 23:47 . 2009-02-25 23:47 -------- d-----w- c:\program files\Common Files\Portrait Displays
2009-02-07 01:07 . 2009-02-07 01:07 3698584 ----a-w- c:\windows\system32\SET70.tmp
2009-02-03 05:14 . 2009-02-03 05:10 81920 ----a-w- c:\documents and settings\Tomek\Application Data\ezpinst.exe
2009-02-03 05:14 . 2008-12-06 05:00 47360 ----a-w- c:\documents and settings\Tomek\Application Data\pcouffin.sys
2008-12-26 21:40 . 2009-01-25 21:40 82 ----a-w- c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2008-10-24 11:21 . 2003-07-16 20:34 455296 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2003-07-16 20:28 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-10-16 20:38 . 2004-08-24 00:32 826368 ----a-w- c:\windows\system32\wininet.dll
2008-10-16 19:13 . 2005-06-24 23:33 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2005-06-24 23:33 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2005-06-24 23:33 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2005-06-24 23:33 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:09 . 2005-06-24 23:33 51224 ----a-w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2005-06-24 23:33 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2005-06-24 23:33 34328 ----a-w- c:\windows\system32\wups.dll
2008-10-03 10:02 . 2003-07-16 20:46 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-09-15 12:12 . 2003-07-16 20:51 1846400 ----a-w- c:\windows\system32\win32k.sys
2008-09-10 01:14 . 2008-08-29 17:34 1307648 ----a-w- c:\windows\system32\msxml6.dll
2008-09-08 10:41 . 2003-07-16 20:46 333824 ----a-w- c:\windows\system32\drivers\srv.sys
2008-09-04 17:15 . 2003-07-16 20:37 1106944 ----a-w- c:\windows\system32\msxml3.dll
2008-08-14 10:11 . 2003-07-16 20:39 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-08-14 10:04 . 2003-07-16 20:23 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-08-14 09:33 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-07-07 20:26 . 2005-01-04 16:30 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 16:43 . 2003-07-16 20:35 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2003-07-16 20:37 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2003-07-16 20:47 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2003-07-16 20:47 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2005-01-04 15:41 938496 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2005-01-04 15:41 100864 ----a-w- c:\windows\system32\logagent.exe
2008-06-13 11:05 . 2004-08-04 06:10 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2008-05-09 10:53 . 2003-07-16 20:53 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53 . 2003-07-16 20:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-05-09 10:53 . 2003-07-16 20:44 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53 . 2003-07-16 20:44 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02 . 2003-07-16 20:43 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24 . 2003-07-16 20:53 155648 ----a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07 . 2003-07-16 20:26 135168 ----a-w- c:\windows\system32\cscript.exe
2008-05-07 05:12 . 2003-07-16 20:42 1288192 ----a-w- c:\windows\system32\quartz.dll
2008-04-14 09:42 . 2003-07-16 20:44 985088 ----a-w- c:\windows\system32\setupapi.dll
2008-04-14 09:41 . 2003-07-16 20:32 423936 ----a-w- c:\windows\system32\licdll.dll
2008-04-14 00:25 . 2003-07-16 20:26 1804 ----a-w- c:\windows\system32\dcache.bin
2008-04-14 00:16 . 2003-07-16 20:38 329728 ----a-w- c:\windows\system32\netsetup.exe
2008-04-14 00:13 . 2005-01-04 04:58 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-04-14 00:13 . 2005-01-04 04:58 87176 ----a-w- c:\windows\system32\rdpwsx.dll
2008-04-14 00:13 . 2003-07-16 20:42 92424 ----a-w- c:\windows\system32\rdpdd.dll
2008-04-14 00:13 . 2005-01-04 04:58 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2008-04-14 00:13 . 2003-07-16 20:48 12168 ----a-w- c:\windows\system32\tsddd.dll
2008-04-14 00:13 . 2005-01-04 04:58 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2008-04-14 00:13 . 2005-01-04 04:58 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 00:11 . 2005-01-04 16:30 427008 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-11 17:18 . 2009-05-11 17:18 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2001-08-18 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 140288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter-]
2009-07-20 15:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk]
backup=c:\windows\pss\QuickBooks Web Connector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\Tomek\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Start Menu^Programs^Startup^Deewoo.lnk]
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Start Menu^Programs^Startup^DW_Start.lnk]
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
backup=c:\windows\pss\NaturalColorLoad.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Start Menu^Programs^Startup^Stardock Keyboard Launchpad.lnk]
backup=c:\windows\pss\Stardock Keyboard Launchpad.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98b4334f

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"TPSrv"=2 (0x2)
"PSIMSVC"=2 (0x2)
"PSHost"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"Panda Software Controller"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"1A:Stardock TrayMonitor"="c:\program files\Common Files\Stardock\TrayServer.exe"
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe /auto

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Mailing List Deluxe\\fastlist.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 9.0\\QBDBMgrN.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\HarvEX\\HarvEX.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 BootScreen;BootScreen;c:\windows\\SystemRoot\System32\drivers\vidstub.sys [x]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
R3 epppdt;EPSON 1394.3 Class;c:\windows\system32\DRIVERS\epppdt.sys [2004-08-31 31269]
R3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows\system32\DRIVERS\epppdtpr.sys [2004-08-31 14457]
R3 jbridgep;jbridgep;c:\docume~1\Tomek\LOCALS~1\Temp\jbridgep.sys [x]
R3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [2006-02-24 8576]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2004-03-03 14095]
R3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
R3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
R4 Automation Anywhere Service 4.0;Automation Anywhere Service 4.0;c:\program files\Automation Anywhere 4.0\Automation Anywhere Service.exe [2007-09-21 20480]
S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 6097]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-20 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-20 108552]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2005-03-13 53760]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-07-31 98304]

.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: godaddy.com\mya
Trusted Zone: godaddy.com\www
Trusted Zone: turbotax.com
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/makler/components/SignActivX.cab
FF - ProfilePath - c:\documents and settings\Tomek\Application Data\Mozilla\Firefox\Profiles\6981ya98.Tomasz\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Tomek\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\Tomek\Application Data\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np32dsw.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdivx32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npNOL3_ns8_mozilla.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\MOZILL~1\plugins\npOGAPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPSignPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npViewpoint.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2003-11-05 23:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-299502267-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&1506bb2e&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4012)
c:\program files\Common Files\stardock\MCPCore.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\COMMON~1\stardock\SDMCP.exe
c:\windows\system32\wscntfy.exe
c:\program files\Software by Design\ToolBar.exe
.
**************************************************************************
.
Completion time: 2003-11-06 0:12 - machine was rebooted
ComboFix-quarantined-files.txt 2003-11-06 05:11

Pre-Run: 70,851,407,872 bytes free
Post-Run: 70,803,730,432 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,4,5
501 --- E O F --- 2008-12-18 22:40

#9 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 September 2009 - 05:45 PM

2. Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:29:05, on 11/07/03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Software by Design\ToolBar.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\windows\notepad.exe
C:\windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Application Data\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKUS\S-1-5-21-1292428093-299502267-725345543-1004\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s (User '?')
O4 - S-1-5-21-1292428093-299502267-725345543-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-1292428093-299502267-725345543-1004 Startup: ToolBar.lnk = C:\Program Files\Software by Design\ToolBar.exe (User '?')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-18 Startup: ToolBar.lnk = C:\Program Files\Software by Design\ToolBar.exe (User '?')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - .DEFAULT Startup: ToolBar.lnk = C:\Program Files\Software by Design\ToolBar.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ToolBar.lnk = C:\Program Files\Software by Design\ToolBar.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229620332694
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123213607453
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/makler/components/SignActivX.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter- - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 9492 bytes

#10 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 September 2009 - 06:01 PM

3. OTL report PART#1
OTL logfile created on: 11/06/03 00:16:10 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Tomek\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.00 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 674.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 51.96 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 395.32 Gb Free Space | 42.44% Space Free | Partition Type: NTFS
Drive L: | 465.65 Gb Total Space | 221.34 Gb Free Space | 47.53% Space Free | Partition Type: FAT32
Drive M: | 246.50 Mb Total Space | 176.66 Mb Free Space | 71.66% Space Free | Partition Type: FAT32

Computer Name: TOMEK-STARY
Current User Name: Tomek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2003/08/29 12:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE
PRC - [2003/08/29 12:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXPPS.EXE
PRC - [2008/09/04 16:58:12 | 00,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [1999/12/13 04:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\CTsvcCDA.exe
PRC - [2008/09/04 16:55:36 | 00,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2003/11/12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2008/07/31 11:13:06 | 00,098,304 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/09/10 22:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/21 10:21:59 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
PRC - [2000/06/26 10:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsPMSPSv.exe
PRC - [2005/01/31 14:14:52 | 00,253,952 | ---- | M] (Stardock) -- C:\Program Files\Common Files\stardock\SDMCP.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wscntfy.exe
PRC - [2005/01/19 16:44:22 | 00,140,288 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [1999/02/09 00:00:00 | 00,243,712 | ---- | M] (Software Design) -- C:\Program Files\Software by Design\ToolBar.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe
PRC - [2009/09/03 15:15:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/06 22:26:12 | 00,719,392 | ---- | M] () -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Stopped])
SRV - [2006/10/16 20:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Disabled | Stopped])
SRV - [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [Disabled | Stopped])
SRV - [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/09/04 16:58:12 | 00,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon [Auto | Running])
SRV - [2000/05/24 14:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
SRV - [2007/09/21 14:33:14 | 00,020,480 | ---- | M] () -- C:\Program Files\Automation Anywhere 4.0\Automation Anywhere Service.exe -- (Automation Anywhere Service 4.0 [Disabled | Stopped])
SRV - File not found -- -- (avg8wd [Auto | Stopped])
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 04:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/09/04 16:55:36 | 00,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC [Auto | Running])
SRV - [2003/12/05 16:21:48 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Disabled | Stopped])
SRV - [2003/11/12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2009/01/19 10:04:00 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/05/11 12:18:16 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/08/29 12:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2005/04/22 17:13:55 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2003/05/31 17:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -- (MSSQL$ACT7 [Auto | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Vegas\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/31 11:13:06 | 00,098,304 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService [Auto | Running])
SRV - [2008/09/10 22:37:36 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2007/05/24 06:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2007/09/21 10:21:59 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe -- (ScsiAccess [Auto | Running])
SRV - [2005/04/05 10:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2002/12/17 15:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -- (SQLAgent$ACT7 [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Vegas\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2008/01/18 00:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
SRV - [2008/04/17 18:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])
SRV - [2000/06/26 10:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\windows\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\windows\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2004/08/04 00:59:42 | 00,095,360 | ---- | M] () -- C:\windows\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/07/20 10:05:56 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/20 10:05:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/20 10:06:03 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2003/08/29 05:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2004/03/05 16:09:00 | 00,003,744 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO [Auto | Running])
DRV - [2006/01/19 16:37:04 | 00,163,712 | ---- | M] () -- C:\windows\System32\drivers\vidstub.sys -- (BootScreen [Boot | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2003/09/22 07:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\windows\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/08/31 01:02:00 | 00,031,269 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\windows\System32\DRIVERS\epppdt.sys -- (epppdt [On_Demand | Stopped])
DRV - [2004/08/31 01:02:00 | 00,014,457 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\windows\System32\DRIVERS\epppdtpr.sys -- (epppdtpr [On_Demand | Stopped])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/03/10 13:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Stopped])
DRV - [2006/02/23 22:03:40 | 00,008,576 | ---- | M] () -- C:\windows\System32\drivers\KProcWatch.sys -- (KProcWatch [On_Demand | Stopped])
DRV - [2005/05/20 15:00:36 | 00,013,056 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2005/05/20 15:00:48 | 00,054,528 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2004/03/03 09:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\Drivers\LCcFltr.Sys -- (LCcfltr [On_Demand | Stopped])
DRV - [2005/05/20 15:01:32 | 00,025,600 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2004/03/03 09:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\Drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Stopped])
DRV - [2005/05/20 15:01:26 | 00,068,352 | ---- | M] (Logitech, Inc.) -- C:\windows\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2004/03/05 16:09:02 | 00,003,904 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM [Auto | Running])
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\windows\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2001/08/17 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/22 11:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2003/09/22 07:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\windows\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/09/22 11:43:06 | 01,330,048 | ---- | M] (Creative Technology Ltd.) -- C:\windows\System32\drivers\P16X.sys -- (P16X [On_Demand | Running])
DRV - [2005/06/29 15:24:42 | 00,068,960 | ---- | M] (VSO Software) -- C:\windows\System32\DRIVERS\Pcatip.sys -- (Pcatip [On_Demand | Running])
DRV - [2008/12/06 00:00:17 | 00,047,360 | ---- | M] (VSO Software) -- C:\windows\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2008/07/31 11:13:20 | 00,017,064 | ---- | M] (Portrait Displays, Inc.) -- C:\windows\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2004/04/01 16:30:46 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\windows\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [1999/12/17 04:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\windows\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2007/02/09 12:17:18 | 00,017,465 | ---- | M] (Portrait Displays, Inc.) -- C:\windows\System32\drivers\pivot.sys -- (Pivot [System | Running])
DRV - [2007/02/09 12:17:16 | 00,011,323 | ---- | M] (Portrait Displays, Inc.) -- C:\windows\System32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2003/07/16 15:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/16 02:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/07/16 15:43:20 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2007/10/24 23:23:44 | 00,114,048 | ---- | M] (Acronis) -- C:\windows\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV - [2001/11/05 09:23:14 | 00,006,097 | ---- | M] (Sony Corporation) -- C:\windows\system32\DRIVERS\sonyhcb.sys -- (sonyhcb [Boot | Running])
DRV - [2001/11/05 09:23:52 | 00,299,923 | ---- | M] (Sony Corporation) -- C:\windows\System32\DRIVERS\sonyhcs.sys -- (sonyhcs [On_Demand | Stopped])
DRV - [2005/03/13 13:19:23 | 00,053,760 | ---- | M] () -- C:\windows\System32\drivers\SSHDRV76.sys -- (SSHDRV76 [System | Running])
DRV - [2005/04/05 10:16:52 | 00,011,512 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])
DRV - [2005/05/13 18:50:10 | 00,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/04/05 10:16:54 | 00,173,208 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2005/04/05 10:16:58 | 00,036,984 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])
DRV - [2005/04/05 10:16:56 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped])
DRV - [2005/04/05 10:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2005/04/05 10:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2007/10/24 23:24:17 | 00,039,264 | ---- | M] (Acronis) -- C:\windows\System32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2007/10/24 23:24:16 | 00,395,744 | ---- | M] (Acronis) -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 13:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2006/10/29 11:28:48 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1292428093-299502267-725345543-1004\S-1-5-21-1292428093-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/11 12:18:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/11 19:42:44 | 00,000,000 | ---D | M]

[2008/11/01 14:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Extensions
[2008/11/01 14:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 00:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions
[2009/06/18 10:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/06/18 10:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/06/12 10:48:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/01/09 18:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/24 22:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2007/10/22 07:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\dlembed@aeruder.net
[2009/08/29 00:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Application Data\mozilla\Firefox\Profiles\6981ya98.Tomasz\extensions\firebug@software.joehewitt.com
[2008/11/01 14:06:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/11 19:42:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/11 19:42:34 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/11 19:42:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/11 12:18:16 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2004/09/08 23:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/05/22 17:19:36 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/02 16:45:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/08/14 15:22:28 | 00,081,920 | ---- | M] (COMARCH S.A.) -- C:\Program Files\mozilla firefox\plugins\npNOL3_ns8_mozilla.dll
[2009/02/11 19:42:37 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/03/05 12:59:06 | 00,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/05 13:26:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/02/23 16:36:00 | 00,638,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSignPlugin.dll
[2004/01/13 21:09:25 | 00,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Application Data\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1292428093-299502267-725345543-1004..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - Startup: C:\Documents and Settings\Tomek\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe File not found
O4 - Startup: C:\Documents and Settings\Tomek\Start Menu\Programs\Startup\ToolBar.lnk = C:\Program Files\Software by Design\ToolBar.exe (Software Design)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1292428093-299502267-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash saver\save.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..Trusted Domains: godaddy.com ([mya] https in Trusted sites)
O15 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..Trusted Domains: godaddy.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1292428093-299502267-725345543-1004\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1104853815468 (MSSecurityAdvisor Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1229620332694 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1123213607453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/makler/components/SignActivX.cab (SignActivX Control)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB (GDIChk Object)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfix.com/netcheck/51/install/gtdownls.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.172.3.8 207.172.3.9
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter-: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\stardock\MCPStub.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/10 16:44:25 | 10,214,986 | R--- | M] () - D:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2005/09/26 01:27:06 | 01,183,232 | R--- | M] (Linasoft) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/10 16:44:25 | 00,019,790 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/05/10 16:44:25 | 00,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/04/01 04:00:40 | 01,101,824 | R--- | M] (Indigo Rose Corporation) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/09/13 22:27:30 | 00,004,688 | R--- | M] () - E:\AutoRun.apm -- [ CDFS ]
O32 - AutoRun File - [2003/04/01 04:00:40 | 01,101,824 | R--- | M] (Indigo Rose Corporation) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/09/13 11:23:54 | 00,000,766 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2003/09/13 22:27:30 | 00,000,047 | R--- | M] () - E:\AutoRun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/06/23 02:57:12 | 00,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[46 C:\windows\System32\dllcache\*.tmp files]
[56 C:\windows\System32\*.tmp files]
[7 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Tomek\My Documents\*.tmp files]
[2009/09/02 22:16:29 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Tomek\Desktop\RootRepeal.exe
[2009/09/02 20:00:39 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Win32kDiag.exe
[2009/09/01 10:26:02 | 00,000,124 | ---- | C] () -- C:\windows\System32\test.aok
[2009/08/30 08:15:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Local Settings\Application Data\Serif
[2009/08/30 08:15:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\MoviePlus
[2009/08/29 11:57:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\ACID Pro 5.0 Projects
[2009/08/29 10:49:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\NeroVision
[2009/08/27 22:49:13 | 00,000,000 | ---D | C] -- C:\OutputFolder
[2009/08/27 08:09:18 | 14,729,311 | ---- | C] () -- C:\Documents and Settings\Tomek\My Documents\361110594.zip
[2009/08/26 16:41:14 | 75,878,596 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\bleepismine.zip
[2009/08/25 20:09:18 | 22,457,1614 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Tippin_Tha_Scales_Scene_1_b.wmv
[2009/08/25 20:05:05 | 10,125,832 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\candids - busty hot blonde.zip
[2009/08/25 20:04:12 | 10,790,602 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\candids - hot busty blonde tit jiggle 08.avi
[2009/08/25 19:41:17 | 46,437,786 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Anorei 40LL CamGirl - Cam4_com - part1.avi
[2009/08/25 15:07:38 | 12,587,262 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\tt.wmv
[2009/08/25 10:08:55 | 11,700,7986 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\ttoffice.avi
[2009/08/25 08:15:00 | 29,180,4160 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\WP-TT9a.avi
[2009/08/25 07:28:09 | 37,160,700 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\mm1.wmv
[2009/08/24 23:42:19 | 45,274,435 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\WP-TT9.avi
[2009/08/24 21:08:35 | 27,391,0272 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\WP-TT1.avi
[2009/08/20 18:05:21 | 57,015,460 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\worldsbiggestcumshot large.wmv
[2009/08/20 16:31:09 | 20,995,8739 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\nikki_v003_640x480.mov
[2009/08/17 19:57:05 | 00,000,000 | ---D | C] -- C:\CPM
[2009/08/17 11:17:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Quadroland
[2009/08/17 11:16:46 | 00,000,000 | ---D | C] -- C:\Program Files\Q-ImageUploader Pro v1
[2009/08/17 09:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\Flash Slideshow Maker Professional
[2009/08/17 09:01:26 | 00,000,000 | ---D | C] -- C:\Program Files\Flash Slideshow Maker Professional
[2009/08/17 08:44:30 | 11,480,808 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\setup_fssmpro.exe
[2009/08/16 12:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Desktop\copywipe
[2009/08/15 23:11:30 | 20,404,467 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Destiny - XC - set-1 (cont).zip
[2009/08/12 09:29:18 | 49,804,327 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\No_Name_9.rar
[2009/08/12 08:39:24 | 15,395,858 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\25126.rar
[2009/08/11 23:23:45 | 00,243,664 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Kiba.vn_Fashden Weather Conditions and Forcast.rar
[2009/08/11 23:11:20 | 01,842,493 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Flash XML Map Detail_kiba.vn.rar
[2009/08/11 23:08:31 | 21,059,588 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\6000_crystal_icons_collectionUpload_by_Wonder.vn_.rar
[2009/08/11 23:06:34 | 02,845,378 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\wood_icons.rar
[2009/08/11 23:04:01 | 00,747,758 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Flashden Contact form with Notification_kiba.vn.rar
[2009/08/11 17:10:23 | 05,963,068 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jcg14080009.rar
[2009/08/11 11:17:50 | 13,245,112 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\supernovar_Upload_by_Wonder.vn.rar
[2009/08/11 10:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\SWFObject 2 generator v1.2 AIR
[2009/08/11 10:57:54 | 00,014,392 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\swfobject_generator_1_2_air.zip
[2009/08/11 10:57:48 | 00,028,046 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\swfobject_2_2.zip
[2009/08/11 10:29:10 | 77,306,644 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jcg14080012.rar
[2009/08/11 10:17:27 | 09,318,068 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\okfileFLASHDENCLIENTAREAV1.rar
[2009/08/11 08:47:37 | 57,922,036 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jcg14080013.rar
[2009/08/11 08:30:23 | 02,961,708 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\iMenu Pro_kiba.vn.rar
[2009/08/09 13:59:18 | 00,000,000 | ---D | C] -- C:\MGTools
[2009/08/09 09:57:27 | 00,001,026 | ---- | C] () -- C:\windows\System32\blank.htm
[2009/08/07 23:13:25 | 00,000,000 | ---D | C] -- C:\SmitfraudFix
[2009/08/07 21:10:01 | 03,155,573 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Combo-Fix.exe
[2009/08/07 07:06:17 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\windows\System32\dllcache\pctspk.exe
[2009/08/06 23:48:49 | 00,000,000 | ---D | C] -- C:\hajdzak
[2009/08/06 22:42:56 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tomek\Desktop\setup-spybotsd162.exe
[2009/08/05 19:02:01 | 55,427,400 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\FJ--Magdalene-Be_My_Guest--x77--2657x4000-px.part2.rar
[2009/08/05 09:07:55 | 00,290,316 | R--- | C] () -- C:\windows\System32\drivers\etc\hosts_backup
[2009/08/05 09:07:55 | 00,290,273 | ---- | C] () -- C:\windows\System32\drivers\etc\hosts3
[2009/08/05 09:07:55 | 00,000,027 | ---- | C] () -- C:\windows\System32\drivers\etc\hosts
[2009/08/04 07:55:11 | 27,195,586 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\audb_chrlder.rar
[2009/08/04 07:35:41 | 10,705,189 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_ja_moca.rar
[2009/08/03 08:09:54 | 20,226,411 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Recorded Sessions 1-3.zip
[2009/08/02 09:04:28 | 23,178,895 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\packed.zip
[2009/07/21 02:05:03 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/20 10:06:04 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2009/07/20 10:06:03 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2009/07/20 10:05:56 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2009/07/20 10:05:56 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2009/07/20 10:05:30 | 39,652,328 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2009/07/20 10:05:27 | 00,059,923 | ---- | C] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/07/20 10:05:24 | 00,463,779 | ---- | C] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2009/07/20 10:05:20 | 06,061,540 | ---- | C] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2009/07/20 10:05:20 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg
[2009/07/20 10:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/20 09:58:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Application Data\AVG8
[2009/07/20 09:58:38 | 00,847,768 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Tomek\Desktop\avg_free_stb_all_8_30_cnet.exe
[2009/07/18 13:57:36 | 00,504,275 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\mod_ninja_shadowbox-2.0.5.zip
[2009/07/17 22:27:47 | 16,025,6372 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Misty Vonage.avi
[2009/07/12 21:40:52 | 22,492,595 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\ZM072.part1.rar
[2009/07/12 21:27:39 | 32,169,984 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\ramki_romantika_12.zip
[2009/07/12 20:25:53 | 05,299,310 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\cars_shutterstock.rar
[2009/07/10 20:12:45 | 27,535,360 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\backup-exoticstransport.com-7-10-2009.tar.gz
[2009/07/09 19:42:07 | 11,840,6588 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\WOS0902-0906.rar
[2009/07/08 00:31:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/06/29 08:40:17 | 00,047,264 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\PLMVZ169HC.jpeg
[2009/06/27 14:09:11 | 07,448,353 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\SSP_1.8.9.5.rar
[2009/06/27 13:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Desktop\mod_weathermap
[2009/06/27 09:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\Workspace Macro Pro
[2009/06/27 09:30:57 | 00,000,000 | ---D | C] -- C:\Program Files\Workspace Macro Pro 6.5
[2009/06/27 09:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Desktop\Workspace_Macro_Pro_Automation_Edition_6.5.3
[2009/06/27 09:29:17 | 03,388,775 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Workspace_Macro_Pro_Automation_Edition_6.5.3.rar
[2009/06/27 09:07:44 | 13,688,900 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\AutomAny4.rar
[2009/06/27 07:10:16 | 00,036,864 | ---- | C] () -- C:\windows\System32\azpkerg.dll
[2009/06/27 07:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\QMacro
[2009/06/27 07:08:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Desktop\Quick_Macro_v6.20
[2009/06/27 00:46:45 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\debug
[2009/06/27 00:37:25 | 00,000,000 | ---D | C] -- C:\Program Files\Automize8
[2009/06/27 00:31:25 | 02,376,659 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\Quick_Macro_v6.20.rar
[2009/06/26 23:51:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/06/26 23:07:21 | 00,116,736 | ---- | C] (MagicISO, Inc.) -- C:\windows\System32\drivers\mcdbus.sys
[2009/06/26 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2009/06/26 22:41:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Desktop\Automation_5.0
[2009/06/26 19:16:18 | 00,000,101 | ---- | C] () -- C:\windows\WebUpdateSvc.INI
[2009/06/26 19:15:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\Launch-n-Go
[2009/06/26 19:11:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\My Documents\Automation Anywhere
[2009/06/26 19:10:03 | 00,000,000 | ---D | C] -- C:\Program Files\Automation Anywhere 4.0
[2009/06/26 15:38:43 | 00,008,824 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_jxtc_vmdrill_j15.rar
[2009/06/24 07:53:19 | 00,704,031 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_jxtc_deluxe_mp3_player_v1_2_v2.rar
[2009/06/23 23:39:49 | 26,293,574 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_jxtc_musiclabel_fullpack.rar
[2009/06/22 23:03:06 | 01,775,542 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\ijoomla_news_portal_v1-5-4.rar
[2009/06/17 17:11:41 | 01,025,658 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\JforceSuite_Joomla_Component_YAGBU.NET.rar
[2009/06/16 19:41:48 | 00,016,140 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\mod_yj_newsflash.zip
[2009/06/16 19:39:24 | 00,785,695 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_my_blog_3_323.rar
[2009/06/14 14:18:48 | 00,032,773 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_tp_jobs_1_0_2.rar
[2009/06/13 21:01:16 | 00,032,787 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_music_collection.rar
[2009/06/13 20:53:25 | 09,826,853 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\rt_solarsentinel_1.5.3.zip
[2009/06/11 12:23:30 | 05,660,120 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\JomSocial_1.2.192.zip
[2009/06/06 20:48:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Application Data\Nowe Gadu-Gadu
[2009/06/06 20:48:40 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu
[2009/06/04 18:18:42 | 00,022,263 | ---- | C] () -- C:\Documents and Settings\Tomek\Desktop\potengowo.JPG

Edited by PropagandaPanda, 05 September 2009 - 09:22 AM.
Remove redundant log part.


#11 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 September 2009 - 06:04 PM

========== Files - Modified Within 30 Days ==========

[46 C:\windows\System32\dllcache\*.tmp files]
[56 C:\windows\System32\*.tmp files]
[7 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Tomek\My Documents\*.tmp files]
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\windows\PEV.exe
[2009/09/03 15:15:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Desktop\OTL.exe
[2009/09/03 15:15:02 | 03,192,102 | R--- | M] () -- C:\Documents and Settings\Tomek\Desktop\lato.exe
[2009/09/02 18:33:25 | 00,112,640 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\historicalweeklydatanewest.xls
[2009/09/02 08:03:20 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Win32kDiag.exe
[2009/09/01 18:37:51 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/09/01 17:59:56 | 00,000,124 | ---- | M] () -- C:\windows\System32\test.aok
[2009/09/01 12:34:26 | 00,001,257 | ---- | M] () -- C:\windows\QUICKEN.INI
[2009/09/01 11:50:46 | 00,000,037 | ---- | M] () -- C:\windows\iltwain.ini
[2009/08/27 08:09:41 | 14,729,311 | ---- | M] () -- C:\Documents and Settings\Tomek\My Documents\361110594.zip
[2009/08/26 16:50:49 | 75,878,596 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\bleepismine.zip
[2009/08/25 20:15:59 | 22,457,1614 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Tippin_Tha_Scales_Scene_1_b.wmv
[2009/08/25 20:05:10 | 10,125,832 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\candids - busty hot blonde.zip
[2009/08/25 20:04:15 | 10,790,602 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\candids - hot busty blonde tit jiggle 08.avi
[2009/08/25 19:42:35 | 46,437,786 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Anorei 40LL CamGirl - Cam4_com - part1.avi
[2009/08/25 15:07:57 | 12,587,262 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\tt.wmv
[2009/08/25 10:18:59 | 11,700,7986 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\ttoffice.avi
[2009/08/25 08:30:40 | 29,180,4160 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\WP-TT9a.avi
[2009/08/25 07:29:31 | 37,160,700 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\mm1.wmv
[2009/08/24 23:56:21 | 45,274,435 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\WP-TT9.avi
[2009/08/24 21:21:09 | 27,391,0272 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\WP-TT1.avi
[2009/08/23 14:31:10 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Tomek\Local Settings\Application Data\PUTTY.RND
[2009/08/20 16:54:17 | 20,995,8739 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\nikki_v003_640x480.mov
[2009/08/17 08:44:46 | 11,480,808 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\setup_fssmpro.exe
[2009/08/15 23:12:07 | 20,404,467 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Destiny - XC - set-1 (cont).zip
[2009/08/12 09:35:45 | 49,804,327 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\No_Name_9.rar
[2009/08/12 08:41:21 | 15,395,858 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\25126.rar
[2009/08/11 23:23:48 | 00,243,664 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Kiba.vn_Fashden Weather Conditions and Forcast.rar
[2009/08/11 23:11:23 | 01,842,493 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Flash XML Map Detail_kiba.vn.rar
[2009/08/11 23:11:11 | 21,059,588 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\6000_crystal_icons_collectionUpload_by_Wonder.vn_.rar
[2009/08/11 23:06:53 | 02,845,378 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\wood_icons.rar
[2009/08/11 23:04:01 | 00,747,758 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Flashden Contact form with Notification_kiba.vn.rar
[2009/08/11 17:10:58 | 05,963,068 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jcg14080009.rar
[2009/08/11 11:20:13 | 13,245,112 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\supernovar_Upload_by_Wonder.vn.rar
[2009/08/11 10:57:55 | 00,014,392 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\swfobject_generator_1_2_air.zip
[2009/08/11 10:57:48 | 00,028,046 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\swfobject_2_2.zip
[2009/08/11 10:37:46 | 77,306,644 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jcg14080012.rar
[2009/08/11 10:18:35 | 09,318,068 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\okfileFLASHDENCLIENTAREAV1.rar
[2009/08/11 08:53:50 | 57,922,036 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jcg14080013.rar
[2009/08/11 08:30:24 | 02,961,708 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\iMenu Pro_kiba.vn.rar
[2009/08/08 07:05:22 | 00,059,923 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/08/08 07:05:21 | 39,652,328 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2009/08/07 08:59:48 | 03,155,573 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Combo-Fix.exe
[2009/08/06 22:43:31 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tomek\Desktop\setup-spybotsd162.exe
[2009/08/05 19:24:33 | 55,427,400 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\FJ--Magdalene-Be_My_Guest--x77--2657x4000-px.part2.rar
[2009/08/05 09:20:51 | 00,290,273 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts3
[2009/08/05 09:06:08 | 00,290,304 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts2
[2009/08/05 08:20:47 | 00,326,896 | ---- | M] () -- C:\Documents and Settings\Tomek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/04 07:56:44 | 27,195,586 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\audb_chrlder.rar
[2009/08/04 07:36:01 | 10,705,189 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_ja_moca.rar
[2009/08/03 08:10:50 | 20,226,411 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Recorded Sessions 1-3.zip
[2009/08/02 09:08:03 | 23,178,895 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\packed.zip
[2009/07/30 14:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Tomek\Desktop\RootRepeal.exe
[2009/07/20 10:06:04 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2009/07/20 10:06:03 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2009/07/20 10:05:56 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2009/07/20 10:05:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2009/07/20 10:05:27 | 00,463,779 | ---- | M] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2009/07/20 10:05:24 | 06,061,540 | ---- | M] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2009/07/20 09:58:38 | 00,847,768 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Tomek\Desktop\avg_free_stb_all_8_30_cnet.exe
[2009/07/20 08:45:32 | 00,000,488 | ---- | M] () -- C:\windows\ODBC.INI
[2009/07/18 13:57:36 | 00,504,275 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\mod_ninja_shadowbox-2.0.5.zip
[2009/07/12 22:23:36 | 22,492,595 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\ZM072.part1.rar
[2009/07/12 22:23:34 | 32,169,984 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\ramki_romantika_12.zip
[2009/07/12 20:26:31 | 05,299,310 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\cars_shutterstock.rar
[2009/07/10 20:13:17 | 27,535,360 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\backup-exoticstransport.com-7-10-2009.tar.gz
[2009/07/09 19:43:57 | 11,840,6588 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\WOS0902-0906.rar
[2009/06/27 14:10:01 | 07,448,353 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\SSP_1.8.9.5.rar
[2009/06/27 09:30:02 | 03,388,775 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Workspace_Macro_Pro_Automation_Edition_6.5.3.rar
[2009/06/27 09:11:38 | 13,688,900 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\AutomAny4.rar
[2009/06/27 07:11:42 | 00,009,728 | ---- | M] () -- C:\windows\System32\BASSMOD.dll
[2009/06/27 00:46:45 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\debug
[2009/06/27 00:31:30 | 02,376,659 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Quick_Macro_v6.20.rar
[2009/06/26 19:16:18 | 00,000,101 | ---- | M] () -- C:\windows\WebUpdateSvc.INI
[2009/06/26 19:15:02 | 00,000,109 | ---- | M] () -- C:\windows\QBChanUtil_Trigger.ini
[2009/06/26 15:38:43 | 00,008,824 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_jxtc_vmdrill_j15.rar
[2009/06/24 07:53:19 | 00,704,031 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_jxtc_deluxe_mp3_player_v1_2_v2.rar
[2009/06/23 23:40:12 | 26,293,574 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_jxtc_musiclabel_fullpack.rar
[2009/06/22 23:03:13 | 01,775,542 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\ijoomla_news_portal_v1-5-4.rar
[2009/06/17 17:11:43 | 01,025,658 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\JforceSuite_Joomla_Component_YAGBU.NET.rar
[2009/06/16 19:41:48 | 00,016,140 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\mod_yj_newsflash.zip
[2009/06/16 19:39:24 | 00,785,695 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_my_blog_3_323.rar
[2009/06/14 14:39:32 | 00,032,773 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_tp_jobs_1_0_2.rar
[2009/06/13 21:30:55 | 00,032,787 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\jsharing_com_music_collection.rar
[2009/06/13 20:54:38 | 09,826,853 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\rt_solarsentinel_1.5.3.zip
[2009/06/11 12:23:51 | 05,660,120 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\JomSocial_1.2.192.zip
[2009/06/08 22:32:53 | 00,009,662 | ---- | M] () -- C:\windows\EPISME00.SWB
[2009/06/08 05:06:02 | 16,025,6372 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\Misty Vonage.avi
[2009/06/04 18:18:42 | 00,022,263 | ---- | M] () -- C:\Documents and Settings\Tomek\Desktop\potengowo.JPG

Edited by PropagandaPanda, 05 September 2009 - 09:23 AM.
Remove redundant log part.


#12 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 September 2009 - 06:14 PM

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE70D73
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56AC8DD1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D05EBBBF

20. Extras report:

OTL Extras logfile created on: 11/06/03 00:16:10 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Tomek\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.00 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 674.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 232.88 Gb Total Space | 51.96 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 931.51 Gb Total Space | 395.32 Gb Free Space | 42.44% Space Free | Partition Type: NTFS
Drive L: | 465.65 Gb Total Space | 221.34 Gb Free Space | 47.53% Space Free | Partition Type: FAT32
Drive M: | 246.50 Mb Total Space | 176.66 Mb Free Space | 71.66% Space Free | Partition Type: FAT32

Computer Name: TOMEK-STARY
Current User Name: Tomek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu -- (Gadu-Gadu S.A.)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Mailing List Deluxe\fastlist.exe" = C:\Program Files\Mailing List Deluxe\fastlist.exe:*:Enabled:Maillist Deluxe -- ()
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 9.0 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\HarvEX\HarvEX.exe" = C:\Program Files\HarvEX\HarvEX.exe:*:Enabled:HarvEX -- (Xellsoft)
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 -- (Sage Software SB, Inc)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop -- (Google)
"C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02418C87-F90C-4E47-8BA6-16226B35D9C3}" = Serif MoviePlus X3
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BA8085C-414B-4C62-81F5-D2CC9EBEFE65}" = Serif FontManager 2
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10BE781F-8317-4500-A283-D30E7FB0763F}" = Sonic Foundry 5.1 Surround Plug-In Pack 1.0
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164A4433-C56D-42E5-BAAA-8C922F1A8AF6}" = Nostalgic Screensaver
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1739AC0A-B4BF-4C09-9789-250CB552DF03}_is1" = Autoplay 6
"{17B371B7-740F-4C83-BDFE-0C3A2C585103}" = HP Display Assistant
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{271B64EE-3E1B-4381-A8FE-012390050492}" = ACDSee 6.0 PowerPack
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}" = ACT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}" = Focus 500,000 Images
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{4633980B-9D84-4B44-B90B-C6E669E92FF3}" = Garmin MetroGuide Europe v9
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A83BA48-457E-4373-AD00-06750F3C6A72}" = Firegraphic 9
"{4A8629A6-9799-4E98-BED5-A3E272D912E2}" = PhotoFrame Pro 3.1
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{596DA8A2-C576-46F5-A92E-8C9CCECE4E9D}" = Serif PagePlus X3
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skypeâ„¢ 3.6
"{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}" = TMPGEnc MPEG Editor
"{5F2A8319-D8C7-4603-BB03-2B90794861B6}" = Quicken Rental Property Manager
"{60C55062-CFC0-4F13-9FBD-6675175E3746}" = ACT! 2006
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64DEA741-EFA4-63E5-C2A5-1805D019E224}" = XeMoviePlayer
"{662A3F7D-DE1C-4EA6-AC6B-DDAA03193DF0}" = Screenblast ACID 4.0
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1" = Flash Saving Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7238F7A2-E9A1-4AEC-8351-0986F2447B7F}" = Curvas Extremas
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76902AF9-DA86-419D-B533-077643124722}" = Sony ACID Pro 5.0
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}" = Workspace Macro Pro 6.5
"{7EDEDC17-A174-2A41-71B2-1A76BB51FCE0}" = SWFObject 2 generator v1.2 AIR
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E0E1270-9638-4DD9-B5C7-9F0887C2135F}" = Sony CD Architect 5.2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0
"{96C658F8-FCE5-4FB4-8323-BF3D5F1947A5}" = COLLECTIBLES ORGANIZER DELUXE (S)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9A1785DC-3A29-479D-BD63-8DC9F5F60DCE}" = QuickBooks Enterprise Solutions: Accountant Edition 9.0
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A84D0BEE-2422-4F50-9CC8-83B495A6370E}" = Fast Email Extractor
"{A84FB24E-FEB4-4C93-A5F5-DE3B40B2B73D}" = Serif PagePlus X2 Resources
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AE80641A-0C8D-4670-A518-B4EC154B1027}" = ACDSee 8
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBA5F324-D97E-4DEA-BEE4-7D67A51B04C3}" = PaintCOST Estimator Trial
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C3C39D9D-3858-433B-86B1-86B8724ED357}" = Boris FX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB9E953C-A225-4C9B-96B5-7197F6DC6CF7}" = SP2200 Prem.Luster Premium ICC Profiles
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCE0D148-D6FD-4F2A-A631-748DC7727613}" = Universal SQL Editor 1.0.9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1BAC288-83D3-4715-80E0-83457A531213}" = Live Help Messenger
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA9AF501-F981-462F-952F-31D33ED7C982}" = CONTACT ORGANIZER DELUXE (S)
"{DB10AF3B-E30E-49F9-84AC-26785D689E13}" = MainConcept MPEG Encoder
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3B5D92A-94E3-4F48-AA38-83317662116B}" = TurboTax 2008 wmaiper
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"376C2738A0A743559D797242179B5394_is1" = A1 Sitemap Generator
"3ivx D4 4.5.1" = 3ivx D4 4.5.1 (remove only)
"7-Zip" = 7-Zip 4.32
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe AIR" = Adobe AIR
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced CLICKS V2.0" = Advanced CLICKS V2.0
"AFPL Ghostscript 7.33" = AFPL Ghostscript 7.33
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agogo AVI MPEG WMV RM MOV Converter_is1" = Agogo AVI MPEG WMV RM MOV Converter 3.62
"Allok Video Converter_is1" = Allok Video Converter 4.4.0108
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 5.1.0925
"Allok Video to MP4 Converter_is1" = Allok Video to MP4 Converter 4.2.0608
"ALLPlayer V2.X" = ALLPlayer V2.X
"Amara - Flash Intro and Banner Builder" = Amara - Flash Intro and Banner Builder
"Anim-FX" = Anim-FX
"a-squared Free_is1" = a-squared Free 4.0
"Atomic TLD Filter_is1" = Atomic TLD Filter 1.20
"AV Voice Changer Software DIAMOND 4.0" = AV Voice Changer Software DIAMOND 4.0
"Azureus Vuze" = Azureus Vuze
"Banner Maker Pro 6_is1" = Banner Maker Pro Version 6
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BootSkin" = BootSkin
"BSPlayerp" = BS.Player PRO
"BusinessCardsMX3_is1" = BusinessCardsMX 3.94
"CaptureWiz" = CaptureWizPro 3.90
"CCleaner" = CCleaner (remove only)
"CheckIt Diagnostics" = CheckIt Diagnostics
"CoffeeCup Web Calendar" = CoffeeCup Web Calendar
"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cover Commander" = Cover Commander 2.9 by Insofta Development
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creator Professional 8.0.2" = Creator Professional 8.0.2
"Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro_is1" = Cucusoft MPEG/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.18
"CursorXP" = CursorXP
"Dell AIO Printer A960" = Dell AIO Printer A960
"DesktopX" = DesktopX
"Domain Name Analyzer Pro v4_is1" = Domain Name Analyzer Pro v4.0.121405
"DropBox Image Processor" = DropBox Image Processor
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD-lab PRO_is1" = DVD-lab PRO 1.00
"Easy MOV Converter_is1" = Easy MOV Converter 1.2.2
"E-Mail Admin List_is1" = E-Mail Admin List
"eMail Extractor_is1" = eMail Extractor 3.2.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON1394D3Printer" = EPSON 1394.3 Printer Devices
"ERUNT_is1" = ERUNT 1.1j
"Flash Banner Creator" = Flash Banner Creator 1.00
"Flash Menu Labs Pro v2_is1" = Flash Menu Labs Pro v2
"Flash saver" = Flash saver
"Flash Saving Plugin" = Flash Saving Plugin
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.22
"FLVPlayer" = FLV Player 1.3.3
"FotoFusion" = FotoFusion
"Free Mailing List Splitter_is1" = Free Mailing List Splitter
"FTP Now" = FTP Now
"Gadu-Gadu" = Gadu-Gadu 7.6
"Google Desktop" = Google Desktop
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"GSpot" = GSpot Codec Information Appliance
"HarvEX" = HarvEX
"Hidden Finder_is1" = Hidden Finder 1.3.02
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imperialism II" = Imperialism II
"ImTOO MPEG Encoder Ultimate" = ImTOO MPEG Encoder Ultimate
"InstallShield_{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}" = Focus 500,000 Images
"InstallShield_{5F2A8319-D8C7-4603-BB03-2B90794861B6}" = Quicken Rental Property Manager
"InstallShield_{60C55062-CFC0-4F13-9FBD-6675175E3746}" = ACT! 2006
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"InstallShield_{DB10AF3B-E30E-49F9-84AC-26785D689E13}" = MainConcept MPEG Encoder
"IsoBuster_is1" = IsoBuster 1.8
"JavaScript Image Slider Gold_is1" = JavaScript Image Slider Gold
"Keyboard Launchpad" = Keyboard Launchpad
"Kingdia DVD Ripper Professional_is1" = Kingdia DVD Ripper Professional V2.4.3
"Lavasoft Reghance 2.1" = Lavasoft Reghance 2.1
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Logitech Resource Center" = Logitech Resource Center
"LogoMaker_is1" = LogoMaker 2.0
"LogonStudio" = LogonStudio
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic Bullet Editors Vegas" = Magic Bullet Editors Vegas
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mailing List Deluxe" = Mailing List Deluxe
"MailListManager_is1" = MailListManager 2.6
"MC202DeinstKey" = MC202
"Media Convert Master_is1" = Media Convert Master 8.1.1.2
"MediaInfo" = MediaInfo 0.7.8
"MediaMonkey_is1" = MediaMonkey 2.5
"Medieval Total War" = Medieval Total War
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mix-FX" = Mix-FX
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MVApplication1" = Memorex exPressit Label Design Studio
"Nero 6.x Audio + Video Plugins1.0.0.0" = Nero 6.x Audio + Video Plugins
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notowania OnLine 3.0 BM BPH S.A._is1" = Notowania OnLine 3.0 BM BPH S.A.
"Notowania OnLine ver.2.11" = Notowania OnLine ver.2.11
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectBar" = ObjectBar
"Orbit_is1" = Orbit
"Panicware Surf Pal" = Panicware Surf Pal
"Patrician III_is1" = Patrician III
"Photo2DVD Studio 3_is1" = Photo2DVD Studio 3 Build 3.1.0.20
"Photodex Presenter" = Photodex Presenter
"PicaLoader_is1" = PicaLoader 1.65
"PROSet" = Intel® PRO Network Connections Drivers
"ProShow Producer" = ProShow Producer
"Qimage 30 Day Trial" = Qimage 30 Day Trial
"Q-ImageUploader Pro v1_is1" = Q-ImageUploader Pro v1
"Quick Macro_is1" = Quick Macro v6.20
"QuickPar" = QuickPar 0.9
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 5.0
"SkinStudio" = SkinStudio
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareGuard_is1" = SpywareGuard v2.2
"ST6UNST #1" = MDB Browser and Editor
"StTex_is1" = ST Thumbnails Explorer v1.2.2260
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysInfo" = Creative System Information
"Tag&Rename_is1" = Tag&Rename 3.2
"Teleport Pro" = Teleport Pro
"The KMPlayer" = The KMPlayer (remove only)
"The Logo Creator v4" = The Logo Creator v4
"The Logo Creator v5" = The Logo Creator v5
"Theorica Divx ;-) Codecs" = Theorica Divx ;-) Codecs (remove only)
"TotalRecorder" = Total Recorder 5.0
"True BoxShot_is1" = True BoxShot V1.7
"TurboTax 2008" = TurboTax 2008
"Tweak-SE plug-in for Ad-Aware SE" = Tweak-SE plug-in for Ad-Aware SE
"Ultra Color Lab ROES" = Ultra Color Lab ROES
"VCPers32DeinstKey" = VersaCheck Personal 2000
"Video Convert Master_is1" = Video Convert Master 8.0.10.26
"Video Fixer 3.23_is1" = Video Fixer 3.23
"VobSub" = VobSub v2.23 (Remove Only)
"WampServer 2_is1" = WampServer 2.0
"Web Gallery Wizard PRO_is1" = Web Gallery Wizard PRO 1.5.3113.1
"WebPosition 4" = WebPosition 4
"WebReaper_is1" = WebReaper v10
"Website Puller_is1" = Website Puller
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Flash SlideShow Builder_is1" = Wondershare Flash SlideShow Builder (2.0.0.0)
"Wondershare Video To Flash Encoder_is1" = Wondershare Video To Flash Encoder(Build 2.1.0.1) Trial Version
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"yEnc32" = yEnc32 (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Button Shop" = Button Shop
"Flash Music Studio 1.0" = Flash Music Studio 1.0(remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:26:16 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": StateMachineWorker Execution failure :Exeption: Could not
find transition for request id

Error - 05/19/09 12:27:55 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode:
Product mode not fou

Error - 05/19/09 18:42:22 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode:
Product mode not fou

Error - 05/19/09 18:42:37 | Computer Name = TOMEK-STARY | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Enterprise Solutions:
Accountant Edition 9.0": LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode:
Product mode not fou

[ System Events ]
Error - 11/06/03 00:58:54 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 00:58:54 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 00:58:54 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 00:58:54 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 00:58:54 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 01:09:03 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 01:09:03 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 01:09:03 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 01:09:03 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding

Error - 11/06/03 01:09:03 | Computer Name = TOMEK-STARY | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\System32\wbem\wmiprvse.exe
-Embedding


< End of report >

Edited by PropagandaPanda, 05 September 2009 - 09:09 AM.
Remove redundant log part.


#13 RobertAd

RobertAd
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 September 2009 - 06:17 PM

21. RootRepeal still can't run. It initializing and nothing happens. When I started C-Fix it gave me a warning about AVG scanner running, but I have uninstalled AVG software about 2 weeks ago. Also floppy drive showed up in Windows Explorer (it's not present on my system)

Thanks,

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 04 September 2009 - 11:31 PM

Wow! I thought your logs will never end :( (just kidding). Please give me sometime to analyze your log, I will post the necessary instruction ASAP. :(



~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:04 AM

Posted 05 September 2009 - 11:35 AM

Hello Robert,

1. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Warning!

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper, *** If your are not the topic starter DO NOT run this tool as it could cause irreversible damage to your computer.


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix




2. I do not recommend that you have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or a-squared Free.

Important note: Since you have mention that you already removed AVG 2 weeks ago, please use the AVG removal tool:
AVG removal tool --> HERE

You have the option to use or remove a-squad free. But make sure that you have one Antivirus program on your computer. Other recommended free AV programs are:

Avast! and Antivir

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



3. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Orbitdownloader and Azureus Vuze.).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



4. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found

HERE.)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
C:\hajdzak

File::
c:\windows\system32\azpkerg.dll
c:\windows\system32\sysfsaver.dat
C:\windows\System32\yuwamero
C:\Documents and Settings\All Users\Documents\photoshop_cs2_keygen.exe
C:\Documents and Settings\Tomek\Desktop\WP_v452_Keygen_Warez-bb.org.rar
C:\windows\VPTNFILE.725
C:\windows\lpt$vpn.725
C:\windows\TMADCE.ptn
C:\windows\System32\Uninstall.ico
C:\windows\System32\Help.ico
c:\docume~1\Tomek\LOCALS~1\Temp\jbridgep.sys

Folder::
C:\Documents and Settings\Tomek\Desktop\MarBit_KULKI_KeyGen

RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&1506bb2e&0\LogConf]

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

Driver::
jbridgep


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



5. Please open your Malwarebytes' Anti-Malware, Click on update tab and apply all updates available. then perform a full scan. Post the scan result for me when done.


~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users