Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet redirects + svchost.exe problem


  • Please log in to reply
5 replies to this topic

#1 mizzen

mizzen

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 01 October 2010 - 10:30 AM

My problem can be split in two parts. First of all, it has started when I was trying to watch a video on-line. After being asked to install flash player update I clicked 'yes' and it has soon turned out to be spyware. When I'm trying to use google it frequently redirects me to the strange sites. Moreover, as soon as I boot my laptop I receive either svchost error stating that memory could not be 'written' or Generic Host Process for Win32 Services error.

Unfortunately, I couldn't perform GMER scan as stated in the Guide as my computer restarts each time I perform the scan.

Here is my DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 15:29:26,64 on 2010-10-01
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2039.1036 [GMT 1:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\admin\Pulpit\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.abdn.ac.uk:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Pomocnik rejestracji usługi Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AdobeBridge]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun: [ACMON] "c:\program files\asus\splendid\ACMON.exe"
mRun: [HControl] "c:\windows\atk0100\HControl.exe"
mRun: [Power_Gear] "c:\program files\asus\power4 gear\BatteryLife.exe" 1
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [CNAP2 Launcher] "c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE"
mRun: [BlackBerryAutoUpdate] "c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe" /background
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.89,93.188.161.229
TCP: {0C5EE0C7-DEDA-4E42-B735-9148C5063F2E} = 93.188.162.89,93.188.161.229
TCP: {47564D4A-2A0F-41AF-81EE-909203D76DF3} = 93.188.162.89,93.188.161.229
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\daneap~1\mozilla\firefox\profiles\8ca278pf.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - proxy.abdn.ac.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.abdn.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.abdn.ac.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.abdn.ac.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.abdn.ac.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-30 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-20 10384]
R3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2010-3-17 18432]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2010-7-27 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2010-7-27 8278]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-31 79360]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-8-21 768768]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2010-3-17 14336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-6-27 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-6-27 8320]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-8-8 709248]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-10-01 14:20:19 20 ----a-w- c:\documents and settings\admin\defogger_reenable
2010-09-30 13:17:11 0 d-----w- C:\spoolerlogs
2010-09-30 12:49:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 12:49:11 0 d-----w- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2010-09-30 12:49:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 12:49:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 02:45:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-30 02:12:31 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-30 02:11:08 0 dc-h--w- c:\docume~1\alluse~1\daneap~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-30 02:10:39 0 d-----w- c:\program files\Lavasoft
2010-09-29 20:58:37 0 d-----w- c:\program files\Trend Micro
2010-09-28 22:29:24 0 d-----w- c:\program files\MSSOAP
2010-09-28 22:26:26 0 d-----w- c:\docume~1\alluse~1\daneap~1\Spybot - Search & Destroy
2010-09-27 10:54:40 155648 --sha-r- c:\windows\system32\dsdmoprpm.dll
2010-09-16 00:01:24 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-13 20:52:21 0 d-----w- c:\program files\PhotomatixPro3
2010-09-11 17:33:27 1200128 ----a-w- c:\windows\signsis.exe

==================== Find3M ====================

2010-09-15 23:36:59 560912 ----a-w- c:\windows\system32\perfh015.dat
2010-09-15 23:36:59 109976 ----a-w- c:\windows\system32\perfc015.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-23 10:25:02 256 ----a-w- c:\documents and settings\admin\pool.bin
2010-07-22 15:46:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19:06 5632 ------w- c:\windows\system32\xpsp4res.dll

============= FINISH: 15:33:21,29 ===============

Hope that you guys can help.

mizzen


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:33 AM

Posted 05 October 2010 - 07:16 AM

Hello mizzen

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 mizzen

mizzen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 07 October 2010 - 07:39 AM

Hi kahdah, many thanks for help. Sorry for late reply but it seems that my spam filter put the notification about your reply in the spam folder.

Anyway, So far I'm posting the logs from OTL. The first time I was trying to run Rootkit Unhooker my computer freezed. The second time, during the scan, it was trying to load the list of folder and directories for 2hrs so I have cancelled it. Should I chcec all of the drives or just drive C:\? I have partiotion D:\ where I store most of my data and external hard drive. What about ESET Smart Security, should I turn it off?

OTL.txt

OTL logfile created on: 2010-10-07 12:19:53 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33,94 Gb Total Space | 5,53 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive D: | 77,84 Gb Total Space | 15,20 Gb Free Space | 19,52% Space Free | Partition Type: NTFS
Drive E: | 292,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 298,09 Gb Total Space | 26,19 Gb Free Space | 8,79% Space Free | Partition Type: NTFS

Computer Name: MIZZEN
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin\Pulpit\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\acovcnt.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB8SWK.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2RPK.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\WINDOWS\system32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin\Pulpit\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (LGII2CDevice) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (LGDDCDevice) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (ksaud) -- C:\WINDOWS\system32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (ksaudfl) -- C:\WINDOWS\system32\drivers\ksaudfl.sys (Creative)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (usbaudio) Sterownik audio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw3x32) Sterownik karty Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynMini) -- C:\WINDOWS\system32\drivers\SynMini.sys (Syntek America Inc.)
DRV - (SynScan) -- C:\WINDOWS\system32\drivers\SynScan.sys (Syntek America Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.abdn.ac.uk:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.24
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3
FF - prefs.js..extensions.enabledItems: zrzuta@klachoo.net:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.5.3
FF - prefs.js..network.proxy.backup.ftp: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.abdn.ac.uk"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 11:59:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-06-16 23:54:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-12 04:52:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-20 09:19:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-20 09:19:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009-10-31 00:56:35 | 000,000,000 | ---D | M]

[2009-05-21 03:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions
[2009-05-21 03:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010-10-07 00:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions
[2010-01-12 00:50:34 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010-08-19 15:26:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-08-19 15:25:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010-01-29 17:06:09 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010-08-19 15:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\autopager@mozilla.org
[2009-05-21 23:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010-08-19 15:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\Office2007Black@JBBS
[2010-08-19 15:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\zotero@chnm.gmu.edu
[2010-08-19 15:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\8ca278pf.default\extensions\zrzuta@klachoo.net
[2010-10-07 00:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-20 09:19:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-11-25 16:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010-09-20 09:19:25 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010-09-20 09:19:25 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009-10-11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010-09-20 09:19:27 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010-04-04 00:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010-03-14 22:57:51 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-14 22:57:51 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-14 22:57:51 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010-03-14 22:57:51 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-14 22:57:51 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-14 22:57:51 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-14 22:57:51 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-09-29 22:13:20 | 000,001,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Łącza) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nonep] C:\Documents and Settings\admin\Ustawienia lokalne\Temp\tmpe968797d\kill.exe (Firaxis Games)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKCU..\Run: [{8720B4C3-FA3F-82F6-116D-B145CF3BC006}] C:\Documents and Settings\admin\Dane aplikacji\Xuta\exysv.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab (NsvPlayX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.19 213.109.73.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.89,93.188.161.229
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Moduł wstępnego ładowania interfejsu Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demon buforu kategorii składników - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-05-12 01:37:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28d41976-ab97-11de-a792-001bfcdd2755}\Shell - "" = AutoRun
O33 - MountPoints2\{28d41976-ab97-11de-a792-001bfcdd2755}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{28d4197e-ab97-11de-a792-001bfcdd2755}\Shell - "" = AutoRun
O33 - MountPoints2\{28d4197e-ab97-11de-a792-001bfcdd2755}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{9420cca4-c589-11de-a7a7-001bfcdd2755}\Shell - "" = AutoRun
O33 - MountPoints2\{9420cca4-c589-11de-a7a7-001bfcdd2755}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{b7d1b1e2-436c-11df-a7f3-001bfcdd2755}\Shell\AutoRun\command - "" = G:\Toshiba\Launcher\start.exe -- File not found
O33 - MountPoints2\{fd5ececd-dafc-11de-a7c1-001bfcdd2755}\Shell - "" = AutoRun
O33 - MountPoints2\{fd5ececd-dafc-11de-a7c1-001bfcdd2755}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Toshiba\Launcher\start.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\_AUTORUN\AUTORUN.EXE -- File not found
O33 - MountPoints2\H\Shell\instDX\command - "" = H:\directX\dxsetup.exe -- File not found
O33 - MountPoints2\H\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-10-07 12:12:44 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
[2010-10-07 12:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\tmp
[2010-10-06 22:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\sys23
[2010-10-05 19:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\system32
[2010-09-30 14:17:11 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010-09-30 03:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
[2010-09-29 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-09-28 23:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010-09-28 23:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2010-09-13 21:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2010-09-11 18:33:27 | 001,200,128 | ---- | C] (Symbian Software Ltd.) -- C:\WINDOWS\signsis.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\admin\Pulpit\*.tmp files -> C:\Documents and Settings\admin\Pulpit\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-07 12:24:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1337624-5F54-4251-97FB-9519D149CE9D}.job
[2010-10-07 12:14:01 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
[2010-10-07 12:14:00 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-10-07 11:52:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-10-07 08:00:49 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{37783265-D086-423E-BBA0-5AC0DBEC2F93}.job
[2010-10-07 03:05:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2010-10-06 22:37:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-06 22:36:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-10-06 22:36:50 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\HBLUP.job
[2010-10-06 22:36:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-05 22:38:54 | 000,130,449 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Calculus.rar
[2010-10-05 20:34:16 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010-10-05 15:18:36 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Demand and Supply Exercises.doc
[2010-10-05 13:55:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\gmer.exe
[2010-10-04 23:29:06 | 003,388,009 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\james blunt stay the night.mp3
[2010-10-04 22:31:26 | 098,330,951 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\M5-HAO.rar
[2010-10-04 14:53:33 | 000,051,800 | ---- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-10-04 00:15:22 | 000,162,304 | ---- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-01 15:35:21 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\gmer.zip
[2010-10-01 15:20:47 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\admin\defogger_reenable
[2010-10-01 15:19:29 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\dds.scr
[2010-09-30 14:36:41 | 000,002,791 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\HiJackThis.lnk
[2010-09-30 13:55:59 | 003,527,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-29 22:13:20 | 000,001,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010-09-28 23:31:15 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010-09-28 23:29:50 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-09-27 11:54:40 | 000,155,648 | RHS- | M] () -- C:\WINDOWS\System32\dsdmoprpm.dll
[2010-09-22 16:38:06 | 006,134,904 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\cpb.v2010.n1.pdf
[2010-09-21 02:44:53 | 000,002,760 | ---- | M] () -- C:\Azureus_Stats.xml
[2010-09-18 15:55:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-09-16 00:36:59 | 000,560,912 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-09-16 00:36:59 | 000,476,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-09-16 00:36:59 | 000,109,976 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-09-16 00:36:59 | 000,080,432 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-09-16 00:36:58 | 001,244,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-09-14 16:39:03 | 000,017,970 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\CV.docx
[2010-09-11 18:33:27 | 001,200,128 | ---- | M] (Symbian Software Ltd.) -- C:\WINDOWS\signsis.exe
[2010-09-10 14:07:49 | 000,086,656 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\van_gogh_bandaged.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\admin\Pulpit\*.tmp files -> C:\Documents and Settings\admin\Pulpit\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-05 22:30:05 | 000,130,449 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\Calculus.rar
[2010-10-05 15:18:33 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\Demand and Supply Exercises.doc
[2010-10-04 23:29:06 | 003,388,009 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\james blunt stay the night.mp3
[2010-10-04 22:31:21 | 098,330,951 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\M5-HAO.rar
[2010-10-01 15:49:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010-10-01 15:35:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\gmer.exe
[2010-10-01 15:35:36 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\gmer.zip
[2010-10-01 15:21:48 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\dds.scr
[2010-10-01 15:20:19 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\admin\defogger_reenable
[2010-10-01 14:38:13 | 366,311,052 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\Lost 606 Sundown.avi
[2010-09-30 14:36:41 | 000,002,791 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\HiJackThis.lnk
[2010-09-27 11:54:49 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-09-27 11:54:43 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-09-27 11:54:40 | 000,155,648 | RHS- | C] () -- C:\WINDOWS\System32\dsdmoprpm.dll
[2010-09-27 11:54:40 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\HBLUP.job
[2010-09-22 16:38:06 | 006,134,904 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\cpb.v2010.n1.pdf
[2010-09-14 16:39:03 | 000,017,970 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\CV.docx
[2010-09-10 14:07:48 | 000,086,656 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\van_gogh_bandaged.jpg
[2010-08-26 22:16:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iSnooker.INI
[2010-07-03 01:16:32 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\admin\Dane aplikacji\Adobe PNG Format CS5 Prefs
[2010-06-08 12:43:21 | 000,000,848 | ---- | C] () -- C:\WINDOWS\Rtcwplat.INI
[2010-04-23 22:10:15 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2009-12-28 03:00:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-12-09 00:34:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009-12-09 00:34:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009-12-09 00:34:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009-12-09 00:14:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009-12-09 00:14:02 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009-10-31 11:23:28 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2009-10-31 11:23:28 | 000,033,327 | ---- | C] () -- C:\WINDOWS\System32\kschimp.ini
[2009-10-13 01:56:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sign.ini
[2009-09-15 12:06:08 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-09-09 17:02:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009-06-28 00:45:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009-05-22 00:40:26 | 000,162,304 | ---- | C] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-18 21:03:01 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-18 21:02:43 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-05-18 21:02:42 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-05-18 21:02:41 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-05-18 21:02:41 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-05-18 21:02:17 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-18 21:02:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-05-12 04:50:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2009-05-12 04:32:37 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2009-05-12 01:33:15 | 000,058,750 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009-05-12 01:33:15 | 000,014,972 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009-05-12 01:33:14 | 000,018,031 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009-03-27 10:39:54 | 000,033,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\TsWlan.sys
[2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-07-26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007-03-29 22:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2010-09-21 02:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Azureus
[2010-06-19 19:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009-05-19 13:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\DAEMON Tools Lite
[2009-05-19 13:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\DAEMON Tools Pro
[2009-10-31 00:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\ESET
[2009-10-05 00:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\eXPert PDF Editor
[2010-10-07 12:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\foobar2000
[2009-11-06 18:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\HDRsoft
[2010-10-07 12:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Kaoh
[2010-03-20 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Leadertech
[2009-06-20 13:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Nokia
[2010-06-08 02:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Opera
[2009-06-21 20:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\PC Suite
[2010-04-25 15:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\RayV
[2010-02-11 23:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Research In Motion
[2010-06-25 16:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Sports Interactive
[2010-06-24 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\StreamTorrent
[2009-09-27 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Tatara Systems
[2009-05-19 14:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Windows Desktop Search
[2009-05-19 14:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Windows Search
[2010-10-07 10:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Xuta
[2009-06-05 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
[2010-01-15 15:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canon
[2009-05-19 13:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-05-19 13:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
[2009-10-31 00:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2009-06-27 22:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2009-06-27 22:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2009-09-27 19:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\O2CM-CE
[2009-06-17 00:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-05-24 14:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe
[2010-04-08 23:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Research In Motion
[2009-12-09 00:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SafeNet Sentinel
[2010-06-25 16:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
[2009-12-09 00:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SPSS
[2010-01-26 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tesco Photobook Creator
[2010-10-06 22:36:50 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\Tasks\HBLUP.job
[2010-10-07 08:00:49 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{37783265-D086-423E-BBA0-5AC0DBEC2F93}.job
[2010-10-07 12:24:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1337624-5F54-4251-97FB-9519D149CE9D}.job
[2010-10-07 11:52:00 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-10-07 12:14:00 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-10-01 15:48:15 | 000,002,187 | ---- | M] () -- C:\aaw7boot.log
[2009-05-12 01:37:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-09-21 02:44:53 | 000,002,760 | ---- | M] () -- C:\Azureus_Stats.xml
[2010-04-03 16:35:18 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2006-03-02 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-05-12 01:37:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-12 01:37:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-05-12 01:37:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-10-06 22:36:19 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010-01-15 14:26:20 | 000,002,619 | ---- | M] () -- C:\TALKTALK-0E6C5A.p10

< %systemroot%\system32\*.dll /lockedfiles >
[2010-09-27 11:54:40 | 000,155,648 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\dsdmoprpm.dll
[2009-03-08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009-03-08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2010-10-06 22:36:50 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\HBLUP.job

< %systemroot%\System32\config\*.sav >
[2009-05-12 01:53:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-05-12 01:53:18 | 001,077,248 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-05-12 01:53:17 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-09-10 15:12:46 | 000,229,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2006-10-26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\admin\Pulpit\MapSourceUnitedStatesTOPOBasemapPatch.exe:SummaryInformation
< End of report >

Extras.txt

OTL Extras logfile created on: 2010-10-07 12:19:53 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33,94 Gb Total Space | 5,53 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive D: | 77,84 Gb Total Space | 15,20 Gb Free Space | 19,52% Space Free | Partition Type: NTFS
Drive E: | 292,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 298,09 Gb Total Space | 26,19 Gb Free Space | 8,79% Space Free | Partition Type: NTFS

Computer Name: MIZZEN
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /k "cd %L"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- File not found
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- File not found
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc)
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc)
"C:\Program Files\Konnekt\konnekt.exe" = C:\Program Files\Konnekt\konnekt.exe:*:Enabled:Konnekt - Core -- (Stamina)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010 -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74CC5B4D-CBB5-46F1-82B0-3169977B1D36}" = Asystent rejestracji usługi Windows Live
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1D898BF-7690-48FD-955C-8FC7A54B1045}" = Nero 7 Essentials
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E02A6198-0D5A-41AD-A7D8-0FA0B446C6BB}" = ESET Smart Security
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 3.9)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS WebCam, 1.3M, USB2.0, FF" = ASUS WebCam, 1.3M, USB2.0, FF
"BBAD1A7054D7B16ED03E62627C123F5CBA70A4E7" = Windows Driver Package - Intel (NETw3x32) net (09/27/2006 10.5.1.68)
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Canon LBP3010/LBP3018/LBP3050" = Canon LBP3010/LBP3018/LBP3050
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D16AA00FE65B9D2C6E0A57F54400303BF3259CC3" = Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v0.9.6.9
"HControl" = ATK0100 ACPI UTILITY
"Host OpenAL" = Host OpenAL
"ie8" = Windows Internet Explorer 8
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.0
"Konnekt" = Konnekt
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Nokia PC Suite" = Nokia PC Suite
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2
"Picasa 3" = Picasa 3
"ProInst" = Oprogramowanie Intel® PROSet/Wireless
"Return to Castle Wolfenstein - Platinum Edition" = Return to Castle Wolfenstein - Platinum Edition
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SopFilter" = SopFilter 3.0.5
"SubEdit-Player_is1" = SubEdit-Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-10-04 13:22:31 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-04 13:22:31 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-04 13:22:38 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-04 13:22:38 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-04 13:24:31 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-04 13:26:21 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-04 13:36:41 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-05 21:31:45 | Computer Name = MIZZEN | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca egui.exe, wersja 4.0.437.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-06 17:36:53 | Computer Name = MIZZEN | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-10-06 17:38:33 | Computer Name = MIZZEN | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x001a61ae.

[ OSession Events ]
Error - 2010-03-17 17:27:49 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-17 17:28:15 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-17 17:32:43 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-20 13:07:37 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-22 08:27:00 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-22 08:27:25 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-23 06:00:35 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-23 06:01:06 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-03-24 17:50:34 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2010-04-25 10:45:29 | Computer Name = MIZZEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-10-05 11:55:15 | Computer Name = MIZZEN | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 2010-10-05 20:07:41 | Computer Name = MIZZEN | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-10-05 20:07:46 | Computer Name = MIZZEN | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-10-05 20:07:51 | Computer Name = MIZZEN | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-10-05 20:07:55 | Computer Name = MIZZEN | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

Error - 2010-10-05 21:30:58 | Computer Name = MIZZEN | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Sprzęt kontrolera osadzonego nie odpowiedział przed
upłynięciem limitu czasu. Może to wskazywać na błąd w sprzęcie lub oprogramowaniu
układowym kontrolera osadzonego. Możliwe również, że wadliwie zaprojektowany system
BIOS uzyskuje dostęp do kontrolera osadzonego w sposób, który nie jest bezpieczny.
Jeśli to możliwe, sterownik kontrolera osadzonego ponowi niepomyślną transakcję.

Error - 2010-10-05 23:14:16 | Computer Name = MIZZEN | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.3 dla karty sieciowej o adresie 001B779A8279
został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2010-10-06 17:36:50 | Computer Name = MIZZEN | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2010-10-06 17:36:50 | Computer Name = MIZZEN | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2010-10-06 17:38:20 | Computer Name = MIZZEN | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi adfs z powodu następującego błędu: %%2


< End of report >

Btw, some two days ago ESET Smart Security has found a virus - Ramnit.A. It seems to be spreading quite quickly as I'm constantly getting notifications about new files infected. Dunno what to do about it, ran a full system scan with ESET trying to fix it doesn't really helped a lot.

I'll let you know how I'm getting on with Rootkit Unhooker.

Cheers,
mizzen

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:33 AM

Posted 07 October 2010 - 08:04 AM

Ramnit is a file infecter it is best at this point to reinstall.
If you choose not to then we can try to clean it.
Let me know what you want to do.

Do not worry with Rootkit unhooker.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 mizzen

mizzen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 07 October 2010 - 08:14 AM

...Not the best news but I guess trying to fix that all would be a waste of time for both of us.

The only thing that concerns me - how to do the file backup safely? Should I expect my external hard drive to be infected as well?

The other question is, do I have any backdoor rootkits? Because if so, there are security actions to be taken such as passwords change etc...

Could you please advice me how to deal with those problems?

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:33 AM

Posted 07 October 2010 - 10:55 AM

Yes this infection has some backdoor components.
It is advised to change the passwords via phone or another computer if possible.
If you want to recover your items I suggest burning a linux disk to access the data.

You can then safely work on the system to get the non infected data off.
Insructions on doing that are found here > http://www.howtogeek.com/howto/windows-vis...ndows-computer/

Be careful as this infection infects EXE, DLL or HTML extensions so be careful about what you back up.

Hope that helps. smile.gif
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users