Am i still infected?

sypko · Feb 7, 2011

Hello comunity, i am desperate for last couples of days and i found this forum and members here doing their best to help others.

Following forum rules about posting to this section i have to mention, i was trying to fix my problem by myself. (now i know i should not do so)

All problems i have noticed on my Pc were virus alerts.
My Nod32 still pop up a virus alert aproximatelly every 10 minutes.
It always gives me a variant of Win32/kryptik.kio trojan

When i check my running process window I saw:

Conhost.exe
Multiple csrss.exe

Also i have noticed dwm.exe in documents and settings/application data ........

So i downoladed Spybot and ran a scan.

Results were:
Win32.palevo and
fake alert.
aslo some other threat.

I pres fix, and it was about to delete those files, but some of them were zipped, so spybot was not able to remove them.

Nod32 still showed me virus alerts again and again.

Then i downloaded trojan remover as i have read lots of great reviews on it.

I run the scan and it instantly found some registry trouble and i was asked what i want to do..
I check – fix them or so.
Also it pointed exactly on the files mentioned above csrss.exe, conhost.exe and ask me what to do with those files.
I think i gave them removed.

After that my Pc looked OK, but Conhost.exe were still in my pc, aslo dwm.exe were still here.
csrss.exe was removed though.

Then i scan my system with Nod32 and my Nod32 find a conhost.exe as a cycbot.AD trojan and pointed me to delete the file and copy to quarantne.

Also i have manualy right click to chceck the dwm.exe with nod32 and i was also advise to delete it.

Then i run spybot, and anything were found.

All i wish to know am i safe now?

Aslo i have to mention that i have Restore point where i am infected.
So when you need me to go to that point i can start everything from the start with your profesional help.

But first i really would like to know if there is any possibility that i am clean and how i should check or somehow find if i am still infected or not..

I cant see any symptoms, but i would like to be 100% sure.

I realize my procedure was not OK, but i have found how i should ask for your professional advise after i have done those fixes.

So please can you point me what to do now?

Thank you in advance and sorry for my very bad english.

Milan

ken545 · Feb 9, 2011

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Download DDS from one of the links below to your desktop

Link 1
Link 2

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

Information on A/V control Here

sypko · Feb 10, 2011

Hi, thanks for reply.

here is mi DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Majka at 10:45:58,96 on çt 10.02.2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1633 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Majka\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Nero DriveSpeed] c:\progra~1\ahead\neroto~1\DRIVES~1.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [6BF8bAIjSv] c:\documents and settings\all users\application data\nehmtcnc\bynuhapm.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-1a282b393534027c.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: MntCmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\majka\applic~1\mozilla\firefox\profiles\tepf0ol7.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Stahuj.cz: stahuj@centrum.cz - c:\program files\mozilla firefox\extensions\stahuj@centrum.cz
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-10-13 35328]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-3-9 15424]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-15 246520]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-3-9 552064]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-8-29 69120]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]

=============== Created Last 30 ================

2011-02-09 13:36:58 -------- d-----w- c:\docume~1\majka\applic~1\Malwarebytes
2011-02-09 13:36:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 13:36:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-09 13:36:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 13:36:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 00:00:43 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-06 00:00:43 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-06 00:00:43 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-06 00:00:43 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-06 00:00:43 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-06 00:00:30 -------- d-----w- c:\program files\Trojan Remover
2011-02-06 00:00:30 -------- d-----w- c:\docume~1\majka\applic~1\Simply Super Software
2011-02-06 00:00:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2011-02-05 19:13:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-05 19:13:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-05 10:41:43 -------- d-----w- c:\docume~1\majka\applic~1\Waldorf
2011-02-05 10:39:33 -------- d-----w- c:\docume~1\majka\locals~1\applic~1\eLicenser
2011-02-05 10:39:10 2892 ----a-w- c:\windows\system32\audcon.sys
2011-02-05 10:39:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Syncrosoft
2011-02-05 10:37:58 -------- d-----w- c:\program files\Syncrosoft
2011-02-05 10:37:58 -------- d-----w- c:\program files\eLicenser
2011-02-05 10:37:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\eLicenser
2011-02-05 10:37:50 86016 ----a-w- c:\windows\system32\SYNSOPOS.exe
2011-02-05 10:37:50 1261568 ----a-w- c:\windows\system32\SYNSOACC.dll
2011-02-01 12:51:21 -------- d-----w- c:\docume~1\majka\applic~1\Voxengo
2011-01-20 19:36:29 -------- d-----w- c:\program files\YouTube Downloader
2011-01-19 20:23:06 -------- d-----w- c:\docume~1\majka\applic~1\PhotoScape
2011-01-19 20:22:21 -------- d-----w- c:\program files\PhotoScape

==================== Find3M ====================

2011-02-05 10:22:25 73 ----a-w- c:\windows\system32\ssprs.dll
2011-02-05 10:22:25 205 ----a-w- c:\windows\system32\lsprst7.dll

============= FINISH: 10:46:50,01 ===============

sypko · Feb 10, 2011

sorry i uploaded bad attachment

ken545 · Feb 10, 2011

Hi,

Still looking at some bad stuff on your log. Copy and paste the reports in in lew of attaching them its easier for us to analyze .

You have services for both Panda and ESET running, you only need one AV, more than one is overkill and will hamper system performance, your call but you need to uninstall one via Add Remove Programs in the Control Panel

You have Malwarebytes installed, open it, check for updates and run the Quick scan and post the log.

Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

sypko · Feb 10, 2011

Hi thanks again

First of all, i had panda years ago, but i am currenty using NOD32.
I am unable to find panda in remove or add programs / as i definitely uninstall it before i instaled my Nod.

So i type „panda“ to search any files and folders in my PC and only empty folder „panda software“ was found in C:/program files/common files.
I deleted it manualy. I am not sure if there are any other traces of this soft.. ?? any advice how to chceck it / what to do???

As you can see i have Malvarebytes already and i ran it yesterday.
It found couple of threads and fix them.

Currenty it can not find any threat.
So maybe you want to see log from yesterday.
Here it is:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 5718

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

9.2.2011 15:04:52
mbam-log-2011-02-09 (15-04-52).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 148337
Uplynutý čas: 4 min, 38 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 8
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:

Also i should mention as i ran lots of scans, that at this moment malvarebyte, spybot or any other scan i have can find anything on my comp.
Just my NOD32 can find zipped or packed stuff in my Restore points..

Also spybot at the beginnig of the scan say that temp files were found around 800 and when i gave them remove it says 700 of them are in use.. so they can not be removed..

Anyway ATF cleaner went OK, but those 700 files mentioned above are still there (maybe they should not be deleted anyway)

I just though you should know..

sypko · Feb 10, 2011

OTL logfile created on: 10.2.2011 14:17:44 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Majka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,80 Gb Total Space | 2,38 Gb Free Space | 4,51% Space Free | Partition Type: NTFS

Computer Name: MAJKA-BEJBY | User Name: Majka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ESET\nod32kui.exe (Eset )
PRC - C:\Program Files\ESET\nod32krn.exe (Eset )
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: stahuj@centrum.cz:1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 22:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 22:29:40 | 000,000,000 | ---D | M]

[2009.05.03 17:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Extensions
[2011.02.06 10:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions
[2010.06.21 09:52:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.08 12:36:30 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\daemon-search.xml
[2011.02.06 10:36:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-1.xml
[2009.07.29 12:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-2.xml
[2009.08.05 12:47:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-3.xml
[2009.09.14 22:27:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-4.xml
[2009.10.29 16:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-5.xml
[2009.12.18 14:47:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-6.xml
[2010.01.06 23:33:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-7.xml
[2011.02.06 10:26:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-8.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin.xml
[2011.02.06 10:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 07:57:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.02 17:37:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.05.21 20:34:44 | 000,000,000 | ---D | M] (Stahuj.cz) -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.07.08 12:36:37 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2010.09.02 17:37:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.02 17:36:59 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.15 22:29:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.12.15 22:29:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.12.15 22:29:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.12.15 22:29:29 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.12.15 22:29:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.13 23:40:54 | 000,005,167 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 204.13.11.27
O1 - Hosts: 127.0.0.1 audio-surf.com
O1 - Hosts: 127.0.0.1 www.audio-surf.com127.0.0.1 www.easycracks.net
O1 - Hosts: 127.0.0.1 www.mscracks.net
O1 - Hosts: 127.0.0.1 www.bestserials.com
O1 - Hosts: 127.0.0.1 www.serials.ws
O1 - Hosts: 127.0.0.1 www.astalavista.com
O1 - Hosts: 127.0.0.1 www.astalavista.box.sk
O1 - Hosts: 127.0.0.1 www.zoozle.net
O1 - Hosts: 127.0.0.1 www.security.nnov.ru
O1 - Hosts: 127.0.0.1 www.crack.ms
O1 - Hosts: 127.0.0.1 www.multihunter.com
O1 - Hosts: 127.0.0.1 www.demonoid.com
O1 - Hosts: 127.0.0.1 www.sumotorrent.com
O1 - Hosts: 127.0.0.1 www.megamixers.eu
O1 - Hosts: 127.0.0.1 www.binsearch.info
O1 - Hosts: 127.0.0.1 www.serialcrackz.com
O1 - Hosts: 127.0.0.1 www.crackteam.ws
O1 - Hosts: 127.0.0.1 www.zakirostom.wordpress.com
O1 - Hosts: 127.0.0.1 www.dnb.az
O1 - Hosts: 127.0.0.1 www.keygen.ms
O1 - Hosts: 127.0.0.1 www.cracknews.com
O1 - Hosts: 127.0.0.1 www.999bpm.ru
O1 - Hosts: 127.0.0.1 www.cracks4u.us
O1 - Hosts: 127.0.0.1 www.jubox.us
O1 - Hosts: 96 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Nero DriveSpeed] C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 6BF8bAIjSv = C:\Documents and Settings\All Users\Application Data\nehmtcnc\bynuhapm.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-1a282b393534027c.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: MntCmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 20:01:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.10 14:06:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Malwarebytes
[2011.02.09 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 14:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.09 14:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.02.09 14:36:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.09 14:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.06 16:01:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Majka\Recent
[2011.02.06 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011.02.06 01:00:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\My Documents\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011.02.05 20:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.02.05 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Waldorf
[2011.02.05 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Local Settings\Application Data\eLicenser
[2011.02.05 11:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waldorf
[2011.02.05 11:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011.02.05 11:37:50 | 001,261,568 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2011.02.05 11:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\u-he
[2011.02.01 13:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.28 17:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\Blue Cat Audio
[2011.01.20 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011.01.20 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011.01.19 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2011.01.19 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.10 14:16:31 | 000,006,192 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\forum spybot.rtf
[2011.02.10 14:08:17 | 000,005,547 | ---- | M] () -- C:\WINDOWS\wdict32.INI
[2011.02.10 14:06:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.10 10:34:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.10 10:33:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.09 14:36:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 14:27:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.02.08 19:33:31 | 000,078,639 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\fl studio related stuff.doc
[2011.02.07 13:33:35 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 14:39:16 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\quotes.doc
[2011.02.06 13:01:43 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\adresy biznis.xls
[2011.02.06 01:00:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 00:21:26 | 000,005,985 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 23:33:36 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.02.05 21:47:09 | 000,000,281 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.05 20:13:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 16:10:59 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2011.02.05 11:39:10 | 000,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:38:05 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:22:25 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011.02.05 11:22:25 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.02.05 11:22:25 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011.02.05 11:22:25 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011.02.04 17:23:30 | 005,296,904 | ---- | M] () -- C:\precursions62.wav
[2011.02.04 17:12:27 | 005,296,904 | ---- | M] () -- C:\precursions6.wav
[2011.01.31 00:07:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011.01.30 10:22:28 | 000,032,953 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\biznis.doc
[2011.01.27 23:03:19 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\ukrajina.xls
[2011.01.27 09:45:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.01.24 19:56:51 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.20 20:36:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:24:53 | 000,012,288 | -H-- | M] () -- C:\photothumb.db
[2011.01.19 21:24:50 | 000,029,696 | -H-- | M] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.19 21:22:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.18 12:16:50 | 000,219,593 | ---- | M] () -- C:\DSC07820.JPG
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.10 13:25:04 | 000,006,192 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\forum spybot.rtf
[2011.02.09 14:36:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.07 13:33:35 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 01:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 01:00:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011.02.06 01:00:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011.02.06 01:00:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011.02.06 01:00:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011.02.05 20:13:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 15:12:48 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 11:39:10 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:37:59 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2011.02.05 11:37:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2011.02.05 11:37:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2011.02.05 11:37:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:37:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2011.02.04 17:19:37 | 005,296,904 | ---- | C] () -- C:\precursions62.wav
[2011.02.04 17:12:20 | 005,296,904 | ---- | C] () -- C:\precursions6.wav
[2011.01.20 20:36:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:22:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.19 21:12:55 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.18 11:10:18 | 000,219,593 | ---- | C] () -- C:\DSC07820.JPG
[2009.09.03 10:41:59 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009.09.03 10:41:58 | 012,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009.07.20 15:52:54 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2009.07.08 12:34:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\ssolefw.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibram.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solekuy.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibeh.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibtth.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibmmn.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solegeh.dll
[2009.07.03 09:35:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.06.18 17:36:49 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.06.13 19:40:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.06.13 19:40:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.06.13 12:17:11 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2009.05.31 13:09:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009.04.29 20:36:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.09.20 18:56:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008.05.10 21:38:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008.05.10 21:37:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.04.28 20:15:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2008.04.23 10:44:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.23 10:44:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.04.23 10:44:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.23 10:44:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.23 10:44:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.21 20:50:17 | 000,000,959 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.03.27 19:45:05 | 000,000,281 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.15 12:26:40 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.03.09 12:03:42 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.02.23 20:02:57 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.01.14 17:56:53 | 000,000,645 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.03 01:26:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007.11.03 00:32:06 | 000,005,547 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2007.11.03 00:08:44 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.02 22:56:23 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.02 22:56:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007.11.02 22:38:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.02 22:20:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.08.07 18:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2003.04.21 14:30:42 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.05.17 22:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.03.20 23:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.07.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009.06.20 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArtsAcoustic
[2009.07.08 12:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.06.13 15:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011.02.05 11:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2007.12.02 23:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.12.23 13:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EyePowerGames
[2010.08.24 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008.04.13 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.06.21 09:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.10.03 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008.05.07 20:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011.02.06 01:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2008.12.08 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011.02.05 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.09 18:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.09.26 19:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.11.06 09:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.20 15:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.07.24 13:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\AVSMedia
[2011.01.28 17:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Blue Cat Audio
[2008.03.09 11:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\BSplayer
[2008.01.05 21:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\BSplayer Pro
[2008.04.15 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\City Interactive
[2008.05.09 09:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\COWON
[2009.07.08 12:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DAEMON Tools
[2009.07.09 07:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DAEMON Tools Lite
[2009.07.08 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DAEMON Tools Pro
[2010.09.26 11:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Deckadance
[2010.07.08 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DVDVideoSoftIEHelpers
[2010.03.15 15:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\FabFilter
[2009.06.16 22:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\FXpansion
[2011.02.09 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\ICQ
[2008.03.03 19:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\ICQ Toolbar
[2009.06.03 14:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Juce VST Host
[2008.04.23 10:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\kantaris
[2009.06.03 15:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Morphine
[2008.10.03 20:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\muvee Technologies
[2007.11.04 00:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Opera
[2008.05.07 20:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\PC Suite
[2011.01.19 21:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2008.10.15 10:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Samsung
[2008.02.01 17:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Seven Zip
[2011.02.06 11:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2008.12.08 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Sony
[2008.10.18 13:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Thinstall
[2008.03.29 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\TuneUp Software
[2008.04.11 16:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\uk.co.planetside
[2010.09.02 17:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\VitySoft
[2011.02.01 13:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.29 19:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\VSO
[2011.02.05 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Waldorf

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE4A64B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

sypko · Feb 10, 2011

Otl

OTL logfile created on: 10.2.2011 14:17:44 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Majka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,80 Gb Total Space | 2,38 Gb Free Space | 4,51% Space Free | Partition Type: NTFS

Computer Name: MAJKA-BEJBY | User Name: Majka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ESET\nod32kui.exe (Eset )
PRC - C:\Program Files\ESET\nod32krn.exe (Eset )
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: stahuj@centrum.cz:1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 22:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 22:29:40 | 000,000,000 | ---D | M]

[2009.05.03 17:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Extensions
[2011.02.06 10:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions
[2010.06.21 09:52:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.08 12:36:30 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\daemon-search.xml
[2011.02.06 10:36:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-1.xml
[2009.07.29 12:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-2.xml
[2009.08.05 12:47:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-3.xml
[2009.09.14 22:27:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-4.xml
[2009.10.29 16:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-5.xml
[2009.12.18 14:47:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-6.xml
[2010.01.06 23:33:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-7.xml
[2011.02.06 10:26:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-8.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin.xml
[2011.02.06 10:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 07:57:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.02 17:37:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.05.21 20:34:44 | 000,000,000 | ---D | M] (Stahuj.cz) -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.07.08 12:36:37 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2010.09.02 17:37:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.02 17:36:59 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.15 22:29:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.12.15 22:29:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.12.15 22:29:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.12.15 22:29:29 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.12.15 22:29:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.13 23:40:54 | 000,005,167 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 204.13.11.27
O1 - Hosts: 127.0.0.1 audio-surf.com
O1 - Hosts: 127.0.0.1 www.audio-surf.com127.0.0.1 www.easycracks.net
O1 - Hosts: 127.0.0.1 www.mscracks.net
O1 - Hosts: 127.0.0.1 www.bestserials.com
O1 - Hosts: 127.0.0.1 www.serials.ws
O1 - Hosts: 127.0.0.1 www.astalavista.com
O1 - Hosts: 127.0.0.1 www.astalavista.box.sk
O1 - Hosts: 127.0.0.1 www.zoozle.net
O1 - Hosts: 127.0.0.1 www.security.nnov.ru
O1 - Hosts: 127.0.0.1 www.crack.ms
O1 - Hosts: 127.0.0.1 www.multihunter.com
O1 - Hosts: 127.0.0.1 www.demonoid.com
O1 - Hosts: 127.0.0.1 www.sumotorrent.com
O1 - Hosts: 127.0.0.1 www.megamixers.eu
O1 - Hosts: 127.0.0.1 www.binsearch.info
O1 - Hosts: 127.0.0.1 www.serialcrackz.com
O1 - Hosts: 127.0.0.1 www.crackteam.ws
O1 - Hosts: 127.0.0.1 www.zakirostom.wordpress.com
O1 - Hosts: 127.0.0.1 www.dnb.az
O1 - Hosts: 127.0.0.1 www.keygen.ms
O1 - Hosts: 127.0.0.1 www.cracknews.com
O1 - Hosts: 127.0.0.1 www.999bpm.ru
O1 - Hosts: 127.0.0.1 www.cracks4u.us
O1 - Hosts: 127.0.0.1 www.jubox.us
O1 - Hosts: 96 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Nero DriveSpeed] C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 6BF8bAIjSv = C:\Documents and Settings\All Users\Application Data\nehmtcnc\bynuhapm.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-1a282b393534027c.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: MntCmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 20:01:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.10 14:06:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Malwarebytes
[2011.02.09 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 14:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.09 14:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.02.09 14:36:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.09 14:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.06 16:01:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Majka\Recent
[2011.02.06 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011.02.06 01:00:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\My Documents\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011.02.05 20:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.02.05 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Waldorf
[2011.02.05 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Local Settings\Application Data\eLicenser
[2011.02.05 11:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waldorf
[2011.02.05 11:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011.02.05 11:37:50 | 001,261,568 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2011.02.05 11:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\u-he
[2011.02.01 13:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.28 17:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\Blue Cat Audio
[2011.01.20 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011.01.20 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011.01.19 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2011.01.19 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.10 14:16:31 | 000,006,192 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\forum spybot.rtf
[2011.02.10 14:08:17 | 000,005,547 | ---- | M] () -- C:\WINDOWS\wdict32.INI
[2011.02.10 14:06:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.10 10:34:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.10 10:33:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.09 14:36:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 14:27:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.02.08 19:33:31 | 000,078,639 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\fl studio related stuff.doc
[2011.02.07 13:33:35 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 14:39:16 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\quotes.doc
[2011.02.06 13:01:43 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\adresy biznis.xls
[2011.02.06 01:00:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 00:21:26 | 000,005,985 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 23:33:36 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.02.05 21:47:09 | 000,000,281 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.05 20:13:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 16:10:59 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2011.02.05 11:39:10 | 000,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:38:05 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:22:25 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011.02.05 11:22:25 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.02.05 11:22:25 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011.02.05 11:22:25 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011.02.04 17:23:30 | 005,296,904 | ---- | M] () -- C:\precursions62.wav
[2011.02.04 17:12:27 | 005,296,904 | ---- | M] () -- C:\precursions6.wav
[2011.01.31 00:07:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011.01.30 10:22:28 | 000,032,953 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\biznis.doc
[2011.01.27 23:03:19 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\ukrajina.xls
[2011.01.27 09:45:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.01.24 19:56:51 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.20 20:36:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:24:53 | 000,012,288 | -H-- | M] () -- C:\photothumb.db
[2011.01.19 21:24:50 | 000,029,696 | -H-- | M] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.19 21:22:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.18 12:16:50 | 000,219,593 | ---- | M] () -- C:\DSC07820.JPG
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.10 13:25:04 | 000,006,192 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\forum spybot.rtf
[2011.02.09 14:36:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.07 13:33:35 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 01:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 01:00:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011.02.06 01:00:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011.02.06 01:00:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011.02.06 01:00:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011.02.05 20:13:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 15:12:48 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 11:39:10 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:37:59 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2011.02.05 11:37:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2011.02.05 11:37:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2011.02.05 11:37:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:37:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2011.02.04 17:19:37 | 005,296,904 | ---- | C] () -- C:\precursions62.wav
[2011.02.04 17:12:20 | 005,296,904 | ---- | C] () -- C:\precursions6.wav
[2011.01.20 20:36:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:22:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.19 21:12:55 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.18 11:10:18 | 000,219,593 | ---- | C] () -- C:\DSC07820.JPG
[2009.09.03 10:41:59 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009.09.03 10:41:58 | 012,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009.07.20 15:52:54 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2009.07.08 12:34:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\ssolefw.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibram.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solekuy.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibeh.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibtth.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibmmn.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solegeh.dll
[2009.07.03 09:35:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.06.18 17:36:49 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.06.13 19:40:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.06.13 19:40:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.06.13 12:17:11 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2009.05.31 13:09:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009.04.29 20:36:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.09.20 18:56:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008.05.10 21:38:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008.05.10 21:37:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.04.28 20:15:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2008.04.23 10:44:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.23 10:44:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.04.23 10:44:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.23 10:44:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.23 10:44:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.21 20:50:17 | 000,000,959 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.03.27 19:45:05 | 000,000,281 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.15 12:26:40 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.03.09 12:03:42 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.02.23 20:02:57 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.01.14 17:56:53 | 000,000,645 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.03 01:26:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007.11.03 00:32:06 | 000,005,547 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2007.11.03 00:08:44 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.02 22:56:23 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.02 22:56:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007.11.02 22:38:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.02 22:20:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.08.07 18:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2003.04.21 14:30:42 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.05.17 22:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.03.20 23:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.07.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009.06.20 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArtsAcoustic
[2009.07.08 12:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.06.13 15:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011.02.05 11:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2007.12.02 23:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.12.23 13:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EyePowerGames
[2010.08.24 08:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008.04.13 12:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010.06.21 09:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.10.03 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008.05.07 20:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011.02.06 01:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2008.12.08 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011.02.05 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.09 18:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.09.26 19:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.11.06 09:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.20 15:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.07.24 13:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\AVSMedia
[2011.01.28 17:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Blue Cat Audio
[2008.03.09 11:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\BSplayer
[2008.01.05 21:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\BSplayer Pro
[2008.04.15 21:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\City Interactive
[2008.05.09 09:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\COWON
[2009.07.08 12:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DAEMON Tools
[2009.07.09 07:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DAEMON Tools Lite
[2009.07.08 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DAEMON Tools Pro
[2010.09.26 11:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Deckadance
[2010.07.08 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\DVDVideoSoftIEHelpers
[2010.03.15 15:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\FabFilter
[2009.06.16 22:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\FXpansion
[2011.02.09 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\ICQ
[2008.03.03 19:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\ICQ Toolbar
[2009.06.03 14:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Juce VST Host
[2008.04.23 10:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\kantaris
[2009.06.03 15:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Morphine
[2008.10.03 20:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\muvee Technologies
[2007.11.04 00:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Opera
[2008.05.07 20:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\PC Suite
[2011.01.19 21:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2008.10.15 10:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Samsung
[2008.02.01 17:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Seven Zip
[2011.02.06 11:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2008.12.08 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Sony
[2008.10.18 13:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Thinstall
[2008.03.29 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\TuneUp Software
[2008.04.11 16:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\uk.co.planetside
[2010.09.02 17:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\VitySoft
[2011.02.01 13:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.29 19:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\VSO
[2011.02.05 11:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Majka\Application Data\Waldorf

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE4A64B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

sypko · Feb 10, 2011

i am so sorry, i have no idea why i made double post..
as i hit submit reply it show me "newreply.php"

i have save it to my desktop..

hopefuly it is not going to happen againg

OTL Extras logfile created on: 10.2.2011 14:17:44 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Majka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,80 Gb Total Space | 2,38 Gb Free Space | 4,51% Space Free | Partition Type: NTFS

Computer Name: MAJKA-BEJBY | User Name: Majka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- C:\Program Files\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet

isabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet

isabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet

isabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet

isabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe" = C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2 -- (Sony Creative Software Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5620D5AF-A931-4ce5-B533-F70861266BC4}" = Blue Cat's Freeware Pack VST 1.23
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DBB547-3633-493A-949F-F2224DA6B9DF}" = Blue Cat's Flanger - VST
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.5.1
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.0.54
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97116140-E126-446C-8F80-2CB3887C8B7C}" = !Quick Screen Capture 2.2
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A71F3F58-30B3-4A65-A653-71784E4C2F51}" = Blue Cat's FreqAnalyst - VST
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3GP Video Converter 3" = 3GP Video Converter 3
"ACDSee 32" = ACDSee 32
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"All ATI Software" = ATI - Software Uninstall Utility
"Alpha 3" = Alpha 3
"Artillery2" = Artillery2
"ArtsAcoustic Reverb" = ArtsAcoustic Reverb 1.2.2
"Arturia CS-80V v1.5" = Arturia CS-80V v1.5
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BSPlayer1" = BSPlayer
"bx_cleansweep V2 All_is1" = bx_cleansweep V2 All 2.0
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"db audioware Sidechain Compressor VST v1.1.0" = db audioware Sidechain Compressor VST v1.1.0
"DDDP_is1" = discoDSP Discovery Pro
"Deckadance" = Deckadance
"discoDSP Discovery v2.7_is1" = discoDSP Discovery v2.7
"Effectrix" = Effectrix
"eLicenser Control" = eLicenser Control
"FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.0.1.6
"FL Studio 8" = FL Studio 8
"Fraps" = Fraps (remove only)
"GoldWave v5.08" = GoldWave v5.08
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Autogun" = IL Autogun
"IL Download Manager" = IL Download Manager
"Image-Line PoiZone v2.1" = Image-Line PoiZone v2.1
"impOSCar" = GForce - impOSCar
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Full
"KORG Legacy Collection v1.1.3 " = KORG Legacy Collection v1.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MJuiceWinamp" = Mjuice Media Support for Winamp
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN
"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 Antivirus System
"Office8.0" = Microsoft Office 97 Standard
"Ohmforce Predatohm PRO VST v1.32" = Ohmforce Predatohm PRO VST v1.32
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PoiZone" = PoiZone
"Predator_is1" = Rob Papen Predator V1.1.0
"PSP VintageWarmer2 2.1.4" = PSP VintageWarmer2 2.1.4
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"reFX Nexus 1.4.0_is1" = reFX Nexus 1.4.0
"reFX Vanguard 1.7.2_is1" = reFX Vanguard 1.7.2
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"Rob Papen BLUE Version 1.7.0_is1" = Rob Papen BLUE Version 1.7.0
"Robotronic" = Robotronic
"SightSpeed" = SightSpeed (remove only)
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 2.00
"Sonic Charge Synplant_is1" = Sonic Charge Synplant 1.0
"Sylenth1_is1" = Sylenth1 v2.0
"Tone2 Firebird VSTi v1.2.1" = Tone2 Firebird VSTi v1.2.1
"Tone2 Gladiator Retail_is1" = Gladiator v1.2.2.0
"Tone2 Warmverb multi-FX full_is1" = Tone2 Warmverb multi-FX full
"Toxic Biohazard" = Toxic Biohazard
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TT Dynamic Range Meter_is1" = TT Dynamic Range Meter 1.0
"Unique" = Unique
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vogue" = Vogue
"Waldorf Largo" = Waldorf Largo
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Winamp" = Winamp (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archivátor
"WMFDist11" = Windows Media Format 11 runtime
"WOW" = WOW
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.1.2011 10:52:31 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie fl.exe, verzia 0.0.0.0, zlyhanie modulu unknown,
verzia 0.0.0.0, adresa zlyhania 0x4ec6730c.

Error - 25.1.2011 12:38:35 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie fl.exe, verzia 0.0.0.0, zlyhanie modulu unknown,
verzia 0.0.0.0, adresa zlyhania 0x4ec6730c.

Error - 25.1.2011 13:22:35 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie fl.exe, verzia 0.0.0.0, zlyhanie modulu unknown,
verzia 0.0.0.0, adresa zlyhania 0x4ec6730c.

Error - 28.1.2011 15:50:56 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 2.5.0.1, zlyhanie modulu in_wave.dll,
verzia 0.0.0.0, adresa zlyhania 0x00001a84.

Error - 28.1.2011 16:22:52 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 2.5.0.1, zlyhanie modulu in_wave.dll,
verzia 0.0.0.0, adresa zlyhania 0x00001a84.

Error - 28.1.2011 16:43:02 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 2.5.0.1, zlyhanie modulu in_wave.dll,
verzia 0.0.0.0, adresa zlyhania 0x00001a84.

Error - 28.1.2011 16:44:22 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie winamp.exe, verzia 2.5.0.1, zlyhanie modulu in_wave.dll,
verzia 0.0.0.0, adresa zlyhania 0x00001a84.

Error - 5.2.2011 6:38:15 | Computer Name = MAJKA-BEJBY | Source = crypt32 | ID = 131083
Description = Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov
zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error - 5.2.2011 6:38:15 | Computer Name = MAJKA-BEJBY | Source = crypt32 | ID = 131083
Description = Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov
zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error - 5.2.2011 12:22:09 | Computer Name = MAJKA-BEJBY | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie fl.exe, verzia 0.0.0.0, zlyhanie modulu unknown,
verzia 0.0.0.0, adresa zlyhania 0x4ec6730c.

[ System Events ]
Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262153
Description = Zariadenie \Device\Ide\IdePort1 neodpovedá v danom časovom limite.

Error - 10.2.2011 5:34:15 | Computer Name = MAJKA-BEJBY | Source = atapi | ID = 262155
Description = Ovládač zistil chybu radiča na \Device\Ide\IdePort1.

< End of report >

ken545 · Feb 10, 2011

Hi,

Do you access the internet through a proxy server ?

Run this program please

Download CKScanner

Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

sypko · Feb 10, 2011

hi,
to be honest, i really know nothing about proxy and what are they for.. my internet connection was set up by my provider..

i am using opera browser and after i was infected, and doing fixes my opera was not working..

it gives me acces denied..

so i used firefox to find a solution to this

i went to the settings - preferences - adwanced tab - network - proxy servers and uncheck everything..

after that my opera was working, i dont know if i did right, but maybe you should help me how to set it right..

anyway i am going to run CKS scanner..

sypko · Feb 10, 2011

CKScanner

CKScanner - Additional Security Risks - These are not necessarily bad
c:\disc f\milan\software\fruity loops related software\midi\trance & dance midi for remixes\trance & dance midi for remixes\crack head n magic myron\vibes_crackheadnmagicmyron.mid
c:\documents and settings\majka\start menu\programs\waves\documents\x-crackle help.lnk
c:\program files\common files\native instruments\shared content\sounds\fm7\beam cracker bass.ksd
c:\program files\common files\native instruments\shared content\sounds\fm7\cracklephone.ksd
c:\program files\waves\plug-ins\xcrackle.dll
c:\program files\waves\plug-ins\documents\xcrackle.pdf
scanner sequence 3.HK.11
----- EOF -----

ken545 · Feb 10, 2011

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom

Scans/Fixes box located at the bottom of OTL

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



:Services

:Reg

:Files



:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

sypko · Feb 10, 2011

otl fix

Here is the log i found after i reboot:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1748542 bytes
->Flash cache emptied: 348 bytes

User: Majka
->Temp folder emptied: 9698506 bytes
->Temporary Internet Files folder emptied: 2393903 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16380508 bytes
->Google Chrome cache emptied: 34114886 bytes
->Opera cache emptied: 9716770 bytes
->Flash cache emptied: 6001 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1567249 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.6 log created on 02102011_232224

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

sypko · Feb 10, 2011

OTL logfile created on: 10.2.2011 23:33:08 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Majka\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52,80 Gb Total Space | 2,40 Gb Free Space | 4,55% Space Free | Partition Type: NTFS

Computer Name: MAJKA-BEJBY | User Name: Majka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ESET\nod32kui.exe (Eset )
PRC - C:\Program Files\ESET\nod32krn.exe (Eset )
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Majka\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NOD32krn) -- C:\Program Files\Eset\nod32krn.exe (Eset )
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AMON) -- C:\WINDOWS\system32\drivers\amon.sys (Eset )
DRV - (nod32drv) -- C:\WINDOWS\system32\drivers\nod32drv.sys ()
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: stahuj@centrum.cz:1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 22:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 22:29:40 | 000,000,000 | ---D | M]

[2009.05.03 17:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Extensions
[2011.02.06 10:26:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions
[2010.06.21 09:52:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.07.08 12:36:30 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\daemon-search.xml
[2011.02.06 10:36:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-1.xml
[2009.07.29 12:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-2.xml
[2009.08.05 12:47:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-3.xml
[2009.09.14 22:27:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-4.xml
[2009.10.29 16:22:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-5.xml
[2009.12.18 14:47:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-6.xml
[2010.01.06 23:33:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-7.xml
[2011.02.06 10:26:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin-8.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\Mozilla\Firefox\Profiles\tepf0ol7.default\searchplugins\icqplugin.xml
[2011.02.06 10:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 07:57:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.02 17:37:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.05.21 20:34:44 | 000,000,000 | ---D | M] (Stahuj.cz) -- C:\Program Files\Mozilla Firefox\extensions\stahuj@centrum.cz
[2009.07.08 12:36:37 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2010.09.02 17:37:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.02 17:36:59 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.15 22:29:29 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.12.15 22:29:29 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.12.15 22:29:29 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.12.15 22:29:29 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.12.15 22:29:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.02.10 23:23:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Nero DriveSpeed] C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 6BF8bAIjSv = C:\Documents and Settings\All Users\Application Data\nehmtcnc\bynuhapm.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-1a282b393534027c.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: MntCmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.03 20:01:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell - "" = AutoRun
O33 - MountPoints2\{8a2092e0-eec9-11dc-9a7f-8b161a0e73dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a07736-04d2-11de-9bd3-00123fe85991}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell - "" = AutoRun
O33 - MountPoints2\{ea3b9e09-8a11-11dc-992e-8a26022205dc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.10 23:22:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.10 14:06:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Malwarebytes
[2011.02.09 14:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 14:36:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.09 14:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.02.09 14:36:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.09 14:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.06 16:01:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Majka\Recent
[2011.02.06 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011.02.06 01:00:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\My Documents\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Simply Super Software
[2011.02.06 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011.02.05 20:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.05 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.02.05 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Waldorf
[2011.02.05 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Local Settings\Application Data\eLicenser
[2011.02.05 11:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Waldorf
[2011.02.05 11:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eLicenser
[2011.02.05 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2011.02.05 11:37:50 | 001,261,568 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2011.02.05 11:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\u-he
[2011.02.01 13:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\Voxengo
[2011.01.28 17:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Start Menu\Programs\Blue Cat Audio
[2011.01.20 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011.01.20 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011.01.19 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Majka\Application Data\PhotoScape
[2011.01.19 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.10 23:32:33 | 000,004,352 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\spybot.rtf
[2011.02.10 23:27:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.10 23:26:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.10 23:23:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.02.10 22:42:51 | 000,005,547 | ---- | M] () -- C:\WINDOWS\wdict32.INI
[2011.02.10 18:29:17 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\CKScanner.exe
[2011.02.10 14:06:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Majka\Desktop\OTL.exe
[2011.02.10 13:56:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Majka\Desktop\ATF-Cleaner.exe
[2011.02.09 14:36:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.09 14:27:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.02.08 19:33:31 | 000,078,639 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\fl studio related stuff.doc
[2011.02.07 13:33:35 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 14:39:16 | 000,012,967 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\quotes.doc
[2011.02.06 13:01:43 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\adresy biznis.xls
[2011.02.06 01:00:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 00:21:26 | 000,005,985 | ---- | M] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 23:33:36 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011.02.05 21:47:09 | 000,000,281 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.02.05 20:13:27 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 16:10:59 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2011.02.05 11:39:10 | 000,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:38:05 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:22:25 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011.02.05 11:22:25 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.02.05 11:22:25 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011.02.05 11:22:25 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011.02.04 17:23:30 | 005,296,904 | ---- | M] () -- C:\precursions62.wav
[2011.02.04 17:12:27 | 005,296,904 | ---- | M] () -- C:\precursions6.wav
[2011.01.31 00:07:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011.01.30 10:22:28 | 000,032,953 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\biznis.doc
[2011.01.27 23:03:19 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\ukrajina.xls
[2011.01.27 09:45:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.01.24 19:56:51 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.20 20:36:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:24:53 | 000,012,288 | -H-- | M] () -- C:\photothumb.db
[2011.01.19 21:24:50 | 000,029,696 | -H-- | M] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.19 21:22:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.18 12:16:50 | 000,219,593 | ---- | M] () -- C:\DSC07820.JPG
[2 C:\Documents and Settings\Majka\Desktop\*.tmp files -> C:\Documents and Settings\Majka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.10 23:31:05 | 000,004,352 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\spybot.rtf
[2011.02.10 18:29:17 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\CKScanner.exe
[2011.02.09 14:36:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.07 13:33:35 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\dds.com
[2011.02.06 01:00:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011.02.06 01:00:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011.02.06 01:00:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011.02.06 01:00:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011.02.06 01:00:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011.02.05 20:13:27 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\Spybot - Search & Destroy.lnk
[2011.02.05 15:12:48 | 000,005,985 | ---- | C] () -- C:\Documents and Settings\Majka\Application Data\7EC2.94A
[2011.02.05 11:39:10 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.02.05 11:37:59 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2011.02.05 11:37:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2011.02.05 11:37:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2011.02.05 11:37:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2011.02.05 11:37:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2011.02.04 17:19:37 | 005,296,904 | ---- | C] () -- C:\precursions62.wav
[2011.02.04 17:12:20 | 005,296,904 | ---- | C] () -- C:\precursions6.wav
[2011.01.20 20:36:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011.01.19 21:22:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Majka\Desktop\PhotoScape.lnk
[2011.01.19 21:12:55 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\Majka\My Documents\photothumb.db
[2011.01.18 11:10:18 | 000,219,593 | ---- | C] () -- C:\DSC07820.JPG
[2009.09.03 10:41:59 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009.09.03 10:41:58 | 012,550,144 | ---- | C] () -- C:\WINDOWS\CS-80V(10 voices).dll
[2009.07.20 15:52:54 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll
[2009.07.08 12:34:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\ssolefw.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibram.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solekuy.dll
[2009.07.05 11:06:44 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibeh.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibtth.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibmmn.dll
[2009.07.05 11:06:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\solegeh.dll
[2009.07.03 09:35:16 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.06.18 17:36:49 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.06.13 19:40:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.06.13 19:40:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.06.13 19:40:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.06.13 12:17:11 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2009.05.31 13:09:11 | 000,000,077 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2009.04.29 20:36:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008.09.20 18:56:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008.05.10 21:38:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008.05.10 21:37:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.04.28 20:15:19 | 000,000,339 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2008.04.23 10:44:48 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.04.23 10:44:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.04.23 10:44:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.04.23 10:44:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.23 10:44:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.04.21 20:50:17 | 000,000,959 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.03.27 19:45:05 | 000,000,281 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.15 12:26:40 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.03.09 12:03:42 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008.02.23 20:02:57 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.01.14 17:56:53 | 000,000,645 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.03 01:26:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007.11.03 00:32:06 | 000,005,547 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2007.11.03 00:08:44 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Majka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.02 22:56:23 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.02 22:56:23 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007.11.02 22:38:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.11.02 22:20:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.08.07 18:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.06.25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2003.04.21 14:30:42 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002.05.17 22:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.03.20 23:38:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\Recapr.dll
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997.07.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.07.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECE4A64B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

i feel like my PC is runnig prety smooth now..
what log say to you??

ken545 · Feb 10, 2011

Log looks fine :bigthumb:

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.

Please run this free online virus scanner from ESET

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

sypko · Feb 10, 2011

internal error 2753. regutils.dll

hi, i was installing new java and i get this error

internal error 2753. regutils.dll

any idea what i should do??

i am sorry

ken545 · Feb 11, 2011

Your new log looks fine.

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 23, if not proceed with the instructions.

Download the latest version Here save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 23 <--The wording is confusing but this is what you need

Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here

sypko · Feb 11, 2011

so i go to ADD or Remov programs and i found

java TM 6 update 21

it has 97mb and i click remove.

it starts removing and at the end it gave me same error as in my previous post when i was trying install new jre-6u23-windows-i586..

the error is:

internal error 2753. regutils.dll

sypko · Feb 11, 2011

so i have a trouble to uninstal old version, and instaling new one.

also when i find "cup" icon in my control panel and double click on it i get this:

The systen cannot find the registry key specified:

HKEY_LOCAL_MACHINE/SOFTWARE/JavaSoft/Java Runtime Environment/1.6.0_21

Am i still infected?

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

New member

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member