Jump to content

please check log my friends after fight with MoneyPak Virus


Guest

Recommended Posts

hi, please check logs after fight with MoneyPak Virus from my friends

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by jaroslav at 19:43:21 on 2013-01-27

.

============== Running Processes ================

.

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.landing.savetubevideo.com/index.php?from=3

uInternet Connection Wizard,ShellNext = hxxp://www.msn.co.uk/

uProxyServer = 81.89.63.129:8080

uProxyOverride = <local>

uURLSearchHooks: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - <orphaned>

uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

mURLSearchHooks: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - <orphaned>

uWinlogon: Userinit = c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoResolveTrack = dword:1

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoResolveTrack = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:-1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: MaxRecentDocs = dword:0

mPolicies-Explorer: NoWinKey = dword:0

mPolicies-Explorer: NoNetConnextDisconnect = dword:0

mPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoSMConfigurePrograms = dword:0

mPolicies-Explorer: NoControlPanle = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-System: NoAdminPage = dword:0

IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Pridat do Anti-Banner - <no file>

IE: Pridat do Anti-Banner - <no file>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 88.81.100.2 88.81.98.4

TCP: Interfaces\{FA3B0640-3A31-4E85-B706-48EB089FFE08} : DHCPNameServer = 88.81.100.2 88.81.98.4

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2013-01-27 18:15:50 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{629a965a-9028-456a-9bb7-fd41e86da9ad}\MpKslf3062d86.sys

2013-01-27 18:14:29 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{629a965a-9028-456a-9bb7-fd41e86da9ad}\offreg.dll

2013-01-27 18:08:26 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{629a965a-9028-456a-9bb7-fd41e86da9ad}\mpengine.dll

2013-01-27 14:09:22 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-01-25 13:54:49 -------- d-----w- c:\documents and settings\jaroslav\local settings\application data\Threat Expert

2013-01-24 16:15:37 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-14 16:40:23 -------- d-----w- c:\program files\GreenScreenWizardPro6

2013-01-14 16:18:34 24229936 ----a-w- c:\documents and settings\jaroslav\application data\SetupGSW6Demo.exe

.

==================== Find3M ====================

.

2013-01-18 10:31:42 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-18 10:31:40 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 15:35:14 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 19:44:37.56 ===============

Attach.txt

Link to post
Share on other sites

Do you know of this proxy server that is active on the system.... uProxyServer = 81.89.63.129:8080 Its registered somewhere in Bratislava, Slovakia?

Do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

ComboFix 13-01-29.01 - jaroslav 01/29/2013 13:18:11.2.1 - x86

Running from: c:\documents and settings\jaroslav\Desktop\WAREZ\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\qSbbERd.pad

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\jaroslav\Application Data\Toolbar4

c:\documents and settings\jaroslav\WINDOWS

c:\windows\system32\SET688C.tmp

c:\windows\system32\SET6891.tmp

c:\windows\system32\SET6898.tmp

c:\windows\system32\SET68A5.tmp

c:\windows\system32\SET68DB.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))

.

.

2013-01-29 07:55 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-29 07:44 . 2013-01-29 07:44 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94001A9D-7ACE-4B9D-9B95-C60FDC3A9D0C}\offreg.dll

2013-01-29 07:44 . 2013-01-29 07:44 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94001A9D-7ACE-4B9D-9B95-C60FDC3A9D0C}\MpKsl29176867.sys

2013-01-29 01:41 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94001A9D-7ACE-4B9D-9B95-C60FDC3A9D0C}\mpengine.dll

2013-01-27 18:08 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-27 14:09 . 2013-01-27 17:41 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-01-25 19:54 . 2013-01-27 04:18 -------- d-----w- c:\documents and settings\Administrator

2013-01-25 13:54 . 2013-01-25 13:54 -------- d-----w- c:\documents and settings\jaroslav\Local Settings\Application Data\Threat Expert

2013-01-14 16:40 . 2013-01-15 07:45 -------- d-----w- c:\program files\GreenScreenWizardPro6

2013-01-14 16:18 . 2013-01-14 16:20 24229936 ----a-w- c:\documents and settings\jaroslav\Application Data\SetupGSW6Demo.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-18 10:31 . 2012-04-11 07:26 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-18 10:31 . 2011-05-15 07:50 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2004-06-15 14:33 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2004-06-15 14:34 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2009-08-24 02:46 1371648 ------w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2002-12-11 23:14 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 15:35 . 2012-12-23 03:13 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-11-01 12:17 . 2006-06-23 10:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-06-15 14:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-06-15 14:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"NoAdminPage"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoChangeStartMenu"= 00000000

"MaxRecentDocs"= 0 (0x0)

"NoWinKey"= 0 (0x0)

"NoNetConnextDisconnect"= 0 (0x0)

"NoSMConfigurePrograms"= 0 (0x0)

"NoControlPanle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]

2003-06-03 10:01 496640 ----a-w- c:\windows\zHotkey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-06-21 15:44 126976 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-06-21 15:48 155648 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-09-12 17:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

R1 afeogwpb;afeogwpb;c:\windows\system32\drivers\afeogwpb.sys

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSCHEDULER

*NewlyCreated* - MBAMSERVICE

*NewlyCreated* - MPKSL29176867

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 10:31]

.

2013-01-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-JAKE-jaroslav.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-11-28 03:44]

.

2013-01-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 17:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.landing.savetubevideo.com/index.php?from=3

uInternet Connection Wizard,ShellNext = hxxp://www.msn.co.uk/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = 81.89.63.129:8080

IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Pridat do Anti-Banner

IE: Pridat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

TCP: DhcpNameServer = 88.81.100.2 88.81.98.4

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe

MSConfigStartUp-YouTube Mini - c:\program files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-29 13:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.DLL

.

Completion time: 2013-01-29 13:36:27

ComboFix-quarantined-files.txt 2013-01-29 13:36

.

Pre-Run: 34,905,477,120 bytes free

Post-Run: 34,940,424,192 bytes free

.

- - End Of File - - 3A8BEC18759FE35887CD1379EFA14156

Link to post
Share on other sites

Run the following please, unfortunately there are issues with Combofix, we cannot use that until the Developer gives the all clear..

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin

Link to post
Share on other sites

OTL logfile created on: 1/31/2013 11:12:05 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jaroslav\Desktop\WAREZ

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.63% Memory free

3.35 Gb Paging File | 3.00 Gb Available in Paging File | 89.68% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 29.12 Gb Free Space | 39.07% Space Free | Partition Type: NTFS

Drive E: | 74.53 Gb Total Space | 63.82 Gb Free Space | 85.63% Space Free | Partition Type: NTFS

Drive J: | 76.33 Gb Total Space | 28.64 Gb Free Space | 37.52% Space Free | Partition Type: NTFS

Computer Name: JAKE | User Name: jaroslav | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/31 22:08:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jaroslav\Desktop\WAREZ\OTL.exe

PRC - [2012/10/23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/02/29 21:20:20 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/23 17:40:08 | 000,109,688 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll

MOD - [2012/10/23 17:40:00 | 000,769,144 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll

MOD - [2012/07/19 18:56:08 | 000,172,544 | ---- | M] () -- C:\WINDOWS\system32\libbluray.dll

MOD - [2012/07/19 18:56:02 | 006,894,331 | ---- | M] () -- C:\WINDOWS\system32\avcodec-lav-54.dll

MOD - [2012/07/19 18:56:02 | 001,111,581 | ---- | M] () -- C:\WINDOWS\system32\avformat-lav-54.dll

MOD - [2012/07/19 18:56:02 | 000,232,895 | ---- | M] () -- C:\WINDOWS\system32\avutil-lav-51.dll

MOD - [2012/07/17 08:34:18 | 003,479,552 | ---- | M] () -- C:\WINDOWS\system32\ffdshow.ax

MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2008/10/11 21:18:46 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll

MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2008/05/08 06:37:14 | 000,352,256 | ---- | M] () -- C:\Program Files\Photo DVD Maker Professional\MPAudioSplitter_pdm.ax

MOD - [2008/04/14 00:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll

MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2007/04/12 13:19:50 | 000,129,024 | ---- | M] () -- C:\WINDOWS\system32\AVERM.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013/01/18 10:31:42 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/04/21 17:04:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2007/11/06 20:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2004/02/29 21:20:20 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\jaroslav\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\afeogwpb.sys -- (afeogwpb)

DRV - [2013/01/31 22:18:48 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{526BF133-DBA2-40BE-8E78-628A0FD068E2}\MpKsl9b5135ee.sys -- (MpKsl9b5135ee)

DRV - [2012/10/23 17:40:32 | 000,062,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)

DRV - [2011/11/28 13:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\anvsnddrv.sys -- (anvsnddrv)

DRV - [2010/02/25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/02/19 23:24:20 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2009/02/10 16:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)

DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)

DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007/11/06 20:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2004/06/15 07:49:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2004/06/07 23:38:00 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2004/06/07 23:30:00 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)

DRV - [2004/04/11 17:35:22 | 001,301,080 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

DRV - [2004/04/11 05:42:56 | 000,095,800 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2004/04/11 05:40:38 | 000,635,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)

DRV - [2004/04/02 07:21:52 | 000,013,840 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)

DRV - [2004/03/22 10:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)

DRV - [2004/03/22 10:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)

DRV - [2004/02/29 20:00:10 | 000,230,584 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2004/02/29 19:38:52 | 000,180,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)

DRV - [2004/02/29 19:27:58 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {2877A654-1C9F-4cb5-8438-16022B2FDD9C} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.landing.savetubevideo.com/index.php?from=3

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\SearchScopes\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}: "URL" = http://www.landing.savetubevideo.com/results.php?q={searchTerms}

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.89.63.129:8080

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/12/23 04:54:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========== Chrome ==========

O1 HOSTS File: ([2013/01/31 22:41:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Reg Error present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = [binary data]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanle = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Explorer = Reg Error: Value error. File not found

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HKEY_USERS = Reg Error: Value error. File not found

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Pridat do Anti-Banner - Reg Error: Value error. File not found

O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.81.100.2 88.81.98.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA3B0640-3A31-4E85-B706-48EB089FFE08}: DhcpNameServer = 88.81.100.2 88.81.98.4

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\jaroslav\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\jaroslav\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 23:10:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/01/31 23:10:09 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/01/30 18:46:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jaroslav\Recent

[2013/01/29 13:14:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/01/29 13:14:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/01/29 13:14:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/01/29 13:14:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/01/29 13:13:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/29 13:12:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/01/27 14:09:22 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2013/01/25 13:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaroslav\Local Settings\Application Data\Threat Expert

[2013/01/14 16:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaroslav\Start Menu\Programs\GreenScreenWizard

[2013/01/14 16:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\GreenScreenWizardPro6

[2013/01/14 16:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jaroslav\My Documents\Green Screen Wizard

[2009/08/17 21:52:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\jaroslav\Application Data\pcouffin.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/31 22:41:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/01/31 22:28:45 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\jaroslav\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/01/31 02:00:02 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JAKE-jaroslav.job

[2013/01/29 14:13:09 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/01/29 14:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/29 14:02:00 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/18 10:31:43 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/18 10:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/01/18 10:31:40 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/01/15 07:38:48 | 003,716,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/01/09 10:40:59 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/09 10:40:59 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/08 14:54:57 | 000,002,848 | ---- | M] () -- C:\WINDOWS\ACROREAD.INI

[2013/01/06 05:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/29 13:14:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/01/29 13:14:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/01/29 13:14:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/01/29 13:14:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/01/29 13:14:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/01/25 21:18:54 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys

[2013/01/14 16:19:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\chrtmp

[2013/01/09 11:05:21 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

[2012/12/23 04:53:31 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2012/11/22 08:00:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AUTORUN.INI

[2012/11/22 07:58:30 | 000,074,528 | ---- | C] () -- C:\WINDOWS\MSCOMSTF.DLL

[2012/11/22 07:58:30 | 000,065,440 | ---- | C] () -- C:\WINDOWS\MSINSSTF.DLL

[2012/11/22 07:58:30 | 000,024,544 | ---- | C] () -- C:\WINDOWS\MSDETSTF.DLL

[2012/11/22 07:58:30 | 000,017,068 | ---- | C] () -- C:\WINDOWS\REGAION.EXE

[2012/11/22 07:58:30 | 000,014,928 | ---- | C] () -- C:\WINDOWS\MSSHLSTF.DLL

[2012/11/22 07:58:30 | 000,006,144 | ---- | C] () -- C:\WINDOWS\MSUILSTF.DLL

[2012/11/22 07:58:22 | 000,002,848 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI

[2012/08/18 21:01:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI

[2012/08/18 19:10:59 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat

[2012/07/19 18:56:08 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll

[2012/07/19 18:56:02 | 006,894,331 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll

[2012/07/19 18:56:02 | 001,111,581 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll

[2012/07/19 18:56:02 | 000,401,685 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll

[2012/07/19 18:56:02 | 000,232,895 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll

[2012/07/19 18:56:02 | 000,162,743 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-3.dll

[2012/07/19 18:56:02 | 000,101,820 | ---- | C] () -- C:\WINDOWS\System32\avresample-lav-0.dll

[2012/07/17 08:35:20 | 003,978,240 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll

[2012/07/17 08:34:30 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012/07/17 08:33:48 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2012/07/17 08:33:28 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2012/07/17 08:33:28 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2012/07/17 08:33:26 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2012/07/17 08:33:26 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2012/07/17 08:33:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2012/07/17 08:33:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2012/07/17 08:33:24 | 000,330,240 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2012/06/17 21:15:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe

[2012/06/17 21:14:58 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe

[2012/06/17 21:14:42 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll

[2012/06/04 14:40:50 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll

[2012/06/04 14:40:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2012/05/12 22:42:16 | 001,272,320 | ---- | C] () -- C:\WINDOWS\System32\avcodec-53.dll

[2012/05/12 22:42:16 | 000,146,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-51.dll

[2012/02/15 05:31:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll

[2011/10/19 17:11:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/09/08 14:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2011/09/08 14:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2011/09/08 14:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2011/09/08 14:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2011/09/08 14:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe

[2011/09/08 14:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2011/09/08 14:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe

[2011/09/08 14:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe

[2011/09/08 13:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2011/09/08 13:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2011/07/17 20:36:14 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2011/07/17 20:28:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011/07/15 17:12:12 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\AutoGK.ini

[2011/07/15 17:09:31 | 000,043,602 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe

[2011/05/30 13:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/05/23 07:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/04/27 19:53:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2011/04/27 19:42:53 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT

[2011/04/27 19:42:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\StatusSheet

[2011/04/27 19:41:20 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2011/04/27 19:41:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\StartupItems

[2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2010/11/28 10:48:58 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\jaroslav\Local Settings\Application Data\SRDownloader.nast

[2010/11/28 10:46:29 | 000,165,581 | ---- | C] () -- C:\Documents and Settings\jaroslav\Local Settings\Application Data\SRDownloader.err

[2010/02/25 19:11:31 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2010/02/14 22:41:21 | 000,000,243 | ---- | C] () -- C:\Documents and Settings\jaroslav\styles.css

[2009/12/19 10:44:47 | 000,000,035 | ---- | C] () -- C:\Program Files\sm.def

[2009/08/18 07:08:25 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\jaroslav\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/17 21:52:04 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\ezpinst.exe

[2009/08/17 21:52:04 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\pcouffin.cat

[2009/08/17 21:52:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\jaroslav\Application Data\pcouffin.inf

========== ZeroAccess Check ==========

[2011/11/15 21:34:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/05 13:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft

[2012/05/10 14:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/11/17 15:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2009/09/26 12:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft

[2011/11/15 21:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool

[2011/10/09 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2011/04/27 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2012/10/29 07:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND

[2009/10/25 19:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2013/01/27 18:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaceOnBody

[2010/03/13 16:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireGlow

[2012/11/25 12:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirmTools

[2010/03/07 22:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone

[2010/12/18 19:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii

[2009/10/23 21:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3

[2009/10/17 10:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear

[2010/01/29 21:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma

[2010/12/27 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany

[2009/10/17 10:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom

[2009/08/27 08:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/08/30 11:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2009/10/09 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2012/11/27 23:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2012/11/24 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung

[2010/02/25 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2010/10/01 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2011/07/15 17:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2011/04/27 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2004/06/15 07:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/06/17 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2012/12/23 17:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaroslav\Application Data\AC3Filter

[2012/08/19 08:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaroslav\Application Data\AnvSoft

[2012/05/10 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jaroslav\Application Data\Ask.com

[2012/08/18 2

Link to post
Share on other sites

OTL Extras logfile created on: 1/31/2013 11:12:05 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jaroslav\Desktop\WAREZ

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 62.63% Memory free

3.35 Gb Paging File | 3.00 Gb Available in Paging File | 89.68% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 29.12 Gb Free Space | 39.07% Space Free | Partition Type: NTFS

Drive E: | 74.53 Gb Total Space | 63.82 Gb Free Space | 85.63% Space Free | Partition Type: NTFS

Drive J: | 76.33 Gb Total Space | 28.64 Gb Free Space | 37.52% Space Free | Partition Type: NTFS

Computer Name: JAKE | User Name: jaroslav | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03855E1B-960A-4C0D-AF76-3A615F2D014E}" = eBook Library by Sony

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{0830C2E8-01B9-4CD1-B218-12B0107D5BED}" = calibre

"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack

"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help

"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.3.5818

"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode

"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision

"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision

"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime

"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help

"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AA531FBD-E130-4F3B-A856-507190DBE11D}" = Envisioneer 4.5c2 Express

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help

"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb

"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help

"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live

"{e2effe07-e296-46d2-80e2-6fdb517ab872}" = Nero 9

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed

"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition

"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver

"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

"7-Zip" = 7-Zip 9.20

"AC3Filter_is1" = AC3Filter 1.62b

"Adobe Acrobat Reader 3.0" = Adobe Acrobat Reader 3.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.9

"AnyDVD" = AnyDVD

"Avidemux 2.5" = Avidemux 2.5 (32-bit)

"AviSynth" = AviSynth 2.5

"Browser Defender_is1" = Browser Guard 4.0

"CCleaner" = CCleaner

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Cortona® VRML Client" = Cortona® VRML Client

"Debut" = Debut Video Capture Software

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX Setup

"Duplicate Photo Finder" = FirmTools Duplicate Photo Finder 1

"Easy DVD Creator_is1" = Easy DVD Creator 2.4.6

"Easy DVD Shrink" = Easy DVD Shrink

"FaceOnBody Pro v 2.4" = FaceOnBody Pro v 2.4

"FMCODEC" = FM Screen Capture Codec (Remove Only)

"Green Screen Wizard Pro 6.95_is1" = GreenScreenWizard 6.95

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"InstallShield_{AA531FBD-E130-4F3B-A856-507190DBE11D}" = Envisioneer 4.5c2 Express

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)

"Magic Video Converter_is1" = Magic Video Converter 8.0.7.24

"Media Player - Codec Pack" = Media Player Codec Pack 4.2.1

"MediaCoder" = MediaCoder 2011

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Opera 12.13.1734" = Opera 12.13

"Photo DVD Maker Professional" = Photo DVD Maker Professional 8.04

"PhotoFiltre" = PhotoFiltre

"RealPlayer 6.0" = RealPlayer Basic

"save2pc_is1" = save2pc 5.11

"SLAMRNTV" = Smart Link 56K Voice Modem

"Ultra Video Splitter_is1" = Ultra Video Splitter 6.0.1201

"UltraISO_is1" = UltraISO Premium V9.33

"ViewpointMediaPlayer" = Viewpoint Media Player

"VobSub" = VobSub v2.23 (Remove Only)

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPcapInst" = WinPcap 4.0.2

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

"yBook_is1" = yBook

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"eBook Reader" = eBook Reader

"PhotoFiltre Studio X" = PhotoFiltre Studio X

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/18/2012 11:30:14 AM | Computer Name = JAKE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 3.0.8402.0,

P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 1/23/2012 10:28:01 AM | Computer Name = JAKE | Source = Application Error | ID = 1000

Description = Faulting application pd.exe, version 1.8.0.717, faulting module unknown,

version 0.0.0.0, fault address 0x00000000.

Error - 1/24/2012 10:01:37 AM | Computer Name = JAKE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,

P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/29/2012 5:17:31 AM | Computer Name = JAKE | Source = ESENT | ID = 489

Description = wuauclt (1456) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"

for read only access failed with system error 32 (0x00000020): "The process cannot

access the file because it is being used by another process. ". The open file

operation will fail with error -1032 (0xfffffbf8).

Error - 1/29/2012 5:17:31 AM | Computer Name = JAKE | Source = ESENT | ID = 455

Description = wuaueng.dll (1456) SUS20ClientDataStore: Error -1032 (0xfffffbf8)

occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/29/2012 5:17:41 AM | Computer Name = JAKE | Source = ESENT | ID = 489

Description = wuauclt (1456) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"

for read only access failed with system error 32 (0x00000020): "The process cannot

access the file because it is being used by another process. ". The open file

operation will fail with error -1032 (0xfffffbf8).

Error - 1/29/2012 5:17:41 AM | Computer Name = JAKE | Source = ESENT | ID = 455

Description = wuaueng.dll (1456) SUS20ClientDataStore: Error -1032 (0xfffffbf8)

occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/29/2012 8:01:36 PM | Computer Name = JAKE | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,

P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2/2/2012 10:55:34 AM | Computer Name = JAKE | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 2/2/2012 10:55:34 AM | Computer Name = JAKE | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

[ System Events ]

Error - 1/20/2013 6:04:38 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:40 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:42 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:43 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:45 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:46 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:47 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:49 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:50 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 1/20/2013 6:04:51 AM | Computer Name = JAKE | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

Link to post
Share on other sites

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\afeogwpb.sys -- (afeogwpb)
    IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.landing.s...ndex.php?from=3
    IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\SearchScopes\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}: "URL" = http://www.landing.s...q={searchTerms}
    IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.89.63.129:8080
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Reg Error present
    O8 - Extra context menu item: Pridat do Anti-Banner - Reg Error: Value error. File not found
    O8 - Extra context menu item: Pr(idat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\Ask
    C:\Documents and Settings\All Users\Application Data\Babylon
    C:\Documents and Settings\jaroslav\Application Data\Ask.com
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log

Next,

Go here: http://windows.microsoft.com/en-GB/windows7/Reset-Internet-Explorer-settings-in-Internet-Explorer-9 reset IE to default settings.

Next,

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Post both logs, let me know how the system is responding, also if any issues/concerns...

Kevin

Link to post
Share on other sites

Fix log OLT

All processes killed

Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\afeogwpb.sys -- (afeogwpb)> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.landing.s...ndex.php?from=3> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\SearchScopes\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}: "URL" = http://www.landing.s...q={searchTerms}> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.89.63.129:8080> in the current context!

Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()> in the current context!

Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Reg Error present> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: Pridat do Anti-Banner - Reg Error: Value error. File not found> in the current context!

Error: Unable to interpret <O8 - Extra context menu item: Pr(idat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found> in the current context!

Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)> in the current context!

Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\jaroslav\Desktop\WAREZ\cmd.bat deleted successfully.

C:\Documents and Settings\jaroslav\Desktop\WAREZ\cmd.txt deleted successfully.

C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub\ATU2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Ask folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.

C:\Documents and Settings\jaroslav\Application Data\Ask.com folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56909 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Flash cache emptied: 56504 bytes

User: jaroslav

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 57493 bytes

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 286039 bytes

User: NetworkService

->Temp folder emptied: 2816 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 87824 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: jaroslav

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 02012013_123659

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

I do not think you ran OTL fix correctly, when you copy the text from within the code box you must start with and include :OTL that is the colon and the three letters!!

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\afeogwpb.sys -- (afeogwpb)
    IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.landing.s...ndex.php?from=3
    IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\..\SearchScopes\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}: "URL" = http://www.landing.s...q={searchTerms}
    IE - HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.89.63.129:8080
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Reg Error present
    O8 - Extra context menu item: Pridat do Anti-Banner - Reg Error: Value error. File not found
    O8 - Extra context menu item: Pr(idat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    :Commands
    [emptytemp]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

New OLT Fix

All processes killed

========== OTL ==========

Service afeogwpb stopped successfully!

Service afeogwpb deleted successfully!

File C:\WINDOWS\system32\drivers\afeogwpb.sys not found.

HKU\S-1-5-21-1644146276-2351038451-96131757-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Internet Explorer\SearchScopes\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2877A654-1C9F-4cb5-8438-16022B2FDD9C}\ not found.

HKU\S-1-5-21-1644146276-2351038451-96131757-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Reg Error\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Pridat do Anti-Banner\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Pr(idat do Anti-Banner\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.

File/Folder C:\WINDOWS\System32\*.tmp not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: jaroslav

->Temp folder emptied: 9654 bytes

->Temporary Internet Files folder emptied: 328947 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 3041 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 65010 bytes

User: NetworkService

->Temp folder emptied: 12268 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7172 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02032013_075632

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Can you post the ESET log? what issues/concerns remain now, how is the system responding? Also run the following:

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin

Link to post
Share on other sites

sorry kevinf80 but firends delete malware quickly before I told him about logs of eset online scaren

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

CCleaner

Java 6 Update 20

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader 10.1.5 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 1%

````````````````````End of Log``````````````````````

PC work well

Link to post
Share on other sites

OK continue as follows:

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

We need to remove ESET Online Scanner (Only If installed).

  • Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER.
  • Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted

Next,

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system. Select > start > control panel > Add/Remove Programs. Ensure any old versions of Adobe reader are removed.

Next,

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Add/Remove Programs, make certain there are no old versions of Java still installed, if so - remove them.

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, if no remaining issues are you ok to close out?

Kevin

Link to post
Share on other sites

OK, thanks for the update....here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Take care,

Kevin

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.