Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Restarts and strange errors

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Restarts and strange errors

Unread postby Kentos » July 7th, 2009, 4:52 pm

From some time (around 2 weeks) shortly after win xp has loaded, my antivir finds a trojan - win32/PSW.OnLineGames and INF/Autorun.gen. It doesn't happen every time but very often. Although after full scan it doesn't find nothing, the same thing happens again. Also Firefox after few minutes from start gives error and it won't start again before rebooting. The same with Microsoft Office. This computer also sometimes gets stuck or restarts without warning. And when it's disconnected from the Internet it works normally, without any errors.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:13, on 2009-07-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5645481953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6663 bytes
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am
Advertisement
Register to Remove

Re: Restarts and strange errors

Unread postby Cyborg » July 11th, 2009, 5:12 am

Hello and welcome to Malware Removal. My nickname is Cyborg, and I will be helping you in removing the malware infections in your computer.
Before we start disinfecting your computer, please note all the following points :
  • Please note that it is important that you following all my instructions carefully.
  • Please do not fix anything prior to notifying me as it could render your system in an unstable state.
  • Please make sure that you are the administrator of the system which I am going to disinfect.
  • If you are receiving help from elsewhere, please notify me about it.

I am currently going through your log, and will get back to you as soon as I can.

Please note that I am currently under training, and all my fixes are being checked by an expert to confirm that they are in order, so there may be slight delays in replies due to this, please bear with us.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 11th, 2009, 5:15 am

Hi Cyborg, thanks for your answer!
No problem with the rules, I also haven't even touched the infected computer since last post.
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am

Re: Restarts and strange errors

Unread postby Cyborg » July 13th, 2009, 1:11 pm

Hiya Kentos :),

Sorry for the late reply, the forum staff's pretty busy.

Please create an uninstall list so that I can review which programs are installed on your computer.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Please download Random's System Information Tool by random/random from here and save it

to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
  • log.txt will be opened maximized
  • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 13th, 2009, 3:02 pm

Hello Cyborg

uninstall list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Aktualizacja dla systemu Windows Internet Explorer 8 (KB971930)
Aktualizacja dla systemu Windows XP (KB951072-v2)
Aktualizacja dla systemu Windows XP (KB951978)
Aktualizacja dla systemu Windows XP (KB955839)
Aktualizacja dla systemu Windows XP (KB967715)
Aktualizacja zabezpieczeń dla programu Windows Media Encoder (KB954156)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
Aktualizacja zabezpieczeń dla programu Windows Media Player 10 (KB936782)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB969897)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956390)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)
Aktualizacja zabezpieczeń dla Windows XP (KB923689)
Aktualizacja zabezpieczeń dla Windows XP (KB941569)
Archiwizator WinRAR
Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Indeo® software
Intel(R) Graphics Media Accelerator Driver
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
Nero 6
Photo Story 3 dla Windows
Poprawka dla systemu Windows XP (KB952287)
QuickTime
Realtek High Definition Audio Driver
Rossmann Fotoswiat
save2pc Light 3.36
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype™ 3.8
SmartSound Quicktracks Plugin
Spelling Dictionaries Support For Adobe Reader 9
Ulead VideoStudio 10
Update for 2007 Microsoft Office System (KB967642)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vplayer
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3

-----------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ewa P at 2009-07-13 20:52:35
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 37 GB (53%) free of 71 GB
Total RAM: 1015 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:37, on 2009-07-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ewa P\Pulpit\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ewa P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5645481953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6721 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{00125DD9-37B2-4586-9445-E8DBD3552CED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-13 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-13 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\System32\igfxpers.exe [2005-04-05 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-13 68592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-21 155648]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-07 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-13 39408]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Ewa P\Menu Start\Programy\Autostart
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-13 20:52:35 ----D---- C:\rsit
2009-07-07 22:20:33 ----D---- C:\Program Files\Trend Micro
2009-07-07 22:20:18 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-07 20:10:20 ----HDC---- C:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 20:10:15 ----D---- C:\Program Files\Lavasoft
2009-07-07 20:10:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2009-07-04 21:42:27 ----D---- C:\WINDOWS\pss
2009-07-02 19:54:10 ----SHD---- C:\found.001
2009-06-28 13:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-28 13:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-28 13:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-28 13:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-24 21:27:24 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-24 21:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-24 21:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-24 21:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-24 21:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-06-24 21:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-24 21:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-24 21:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-24 21:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-24 21:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-06-24 21:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-24 21:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-24 21:21:01 ----D---- C:\WINDOWS\ie8updates
2009-06-24 21:20:37 ----D---- C:\WINDOWS\WBEM
2009-06-24 21:19:40 ----HDC---- C:\WINDOWS\ie8
2009-06-24 21:12:05 ----D---- C:\Temp
2009-06-24 21:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-24 21:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-24 21:10:30 ----D---- C:\Program Files\MSXML 4.0
2009-06-24 21:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-24 21:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-06-16 17:45:38 ----SHD---- C:\found.000

======List of files/folders modified in the last 1 months======

2009-07-13 20:52:18 ----D---- C:\WINDOWS\Temp
2009-07-13 20:50:10 ----D---- C:\Program Files\Mozilla Firefox
2009-07-13 20:47:09 ----SHD---- C:\WINDOWS\Installer
2009-07-13 20:46:49 ----D---- C:\Program Files\Pinnacle
2009-07-13 20:46:30 ----D---- C:\WINDOWS\WinSxS
2009-07-13 20:46:29 ----D---- C:\Program Files\Common Files
2009-07-13 20:46:27 ----RSD---- C:\WINDOWS\Fonts
2009-07-13 20:46:21 ----D---- C:\WINDOWS\system32
2009-07-13 20:43:10 ----D---- C:\WINDOWS\Prefetch
2009-07-13 20:42:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-12 23:09:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 22:20:33 ----RD---- C:\Program Files
2009-07-07 20:10:36 ----SD---- C:\WINDOWS\Tasks
2009-07-07 19:50:53 ----D---- C:\Documents and Settings\Ewa P\Dane aplikacji\Skype
2009-07-07 12:31:17 ----D---- C:\Program Files\eMule
2009-07-05 22:44:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-05 21:43:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2009-07-05 21:43:40 ----RSD---- C:\WINDOWS\assembly
2009-07-05 21:43:13 ----D---- C:\Program Files\Microsoft Works
2009-07-05 21:34:49 ----D---- C:\WINDOWS\Minidump
2009-07-05 21:34:49 ----D---- C:\WINDOWS
2009-07-04 21:35:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-04 21:35:53 ----D---- C:\WINDOWS\system32\drivers
2009-06-28 19:16:42 ----D---- C:\Program Files\NAVIGO Professional Plus
2009-06-28 13:41:14 ----HD---- C:\WINDOWS\inf
2009-06-28 13:41:07 ----A---- C:\WINDOWS\imsins.BAK
2009-06-28 13:41:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-24 21:36:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-24 21:32:22 ----D---- C:\WINDOWS\system32\wbem
2009-06-24 21:32:22 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-24 21:32:22 ----D---- C:\WINDOWS\Help
2009-06-24 21:32:22 ----D---- C:\Program Files\Internet Explorer
2009-06-24 21:32:21 ----D---- C:\WINDOWS\AppPatch
2009-06-24 21:20:42 ----D---- C:\WINDOWS\system32\config
2009-06-24 21:20:31 ----D---- C:\WINDOWS\Media
2009-06-24 21:11:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-17 19:54:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2009-06-17 19:54:39 ----D---- C:\Program Files\Common Files\Adobe
2009-06-17 19:54:37 ----D---- C:\Program Files\Adobe
2009-06-15 18:34:49 ----D---- C:\Documents and Settings\Ewa P\Dane aplikacji\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-07 1029456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

-----------------------------------------------------------------------------------------------------------

info.txt logfile of random's system information tool 1.06 2009-07-13 20:52:39

======Uninstall list======

-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {72776234-19F1-4688-9312-85FAF07143F4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {72776234-19F1-4688-9312-85FAF07143F4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {72776234-19F1-4688-9312-85FAF07143F4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {2D1F88C2-ADAE-47C4-8648-6EA8F7E6EB2D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {94A4609B-0414-4427-81F3-0FD282A2D0D3}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {72776234-19F1-4688-9312-85FAF07143F4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Aktualizacja dla systemu Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-0415-0000-0000000FF1CE}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Photo Story 3 dla Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
Rossmann Fotoswiat-->"C:\Program Files\rossmann\Rossmann Fotoswiat\uninstall.exe"
save2pc Light 3.36-->"C:\Program Files\FDRLab\save2pc\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\Setup.exe" -l0x9
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vplayer-->MsiExec.exe /I{A05BE20E-6510-44BC-95ED-6E6D730407D3}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======System event log======

Computer Name: EWA
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan zatrzymania.

Record Number: 4252
Source Name: Service Control Manager
Time Written: 20090506001349.000000+120
Event Type: informacje
User:

Computer Name: EWA
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.

Record Number: 4251
Source Name: Service Control Manager
Time Written: 20090506001342.000000+120
Event Type: informacje
User:

Computer Name: EWA
Event Code: 7035
Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom.

Record Number: 4250
Source Name: Service Control Manager
Time Written: 20090506001342.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: EWA
Event Code: 7036
Message: Usługa Google Software Updater weszła w stan zatrzymania.

Record Number: 4249
Source Name: Service Control Manager
Time Written: 20090505214449.000000+120
Event Type: informacje
User:

Computer Name: EWA
Event Code: 7036
Message: Usługa Google Software Updater weszła w stan uruchomienia.

Record Number: 4248
Source Name: Service Control Manager
Time Written: 20090505214349.000000+120
Event Type: informacje
User:

=====Application event log=====

Computer Name: EWA
Event Code: 11724
Message: Produkt: NAVIGO Professional Plus -- Usunięcie zakończyło się pomyślnie.

Record Number: 5
Source Name: MsiInstaller
Time Written: 20090628191645.000000+120
Event Type: informacje
User: EWA\Ewa P

Computer Name: EWA
Event Code: 1001
Message: Bucket 1341776466, bucket table 1, faulting application powerpnt.exe, version 12.0.6500.5000, stamp 49a68f9d, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x0013d230.

Record Number: 4
Source Name: Microsoft Office 12
Time Written: 20090628181709.000000+120
Event Type: informacje
User:

Computer Name: EWA
Event Code: 1000
Message: Faulting application powerpnt.exe, version 12.0.6500.5000, stamp 49a68f9d, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x0013d230.

Record Number: 3
Source Name: Microsoft Office 12
Time Written: 20090628181701.000000+120
Event Type: błąd
User:

Computer Name: EWA
Event Code: 1800
Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20090628175434.000000+120
Event Type: informacje
User:

Computer Name: EWA
Event Code: 0
Message: Service started successfully.

Record Number: 1
Source Name: GPClientServiceWinService
Time Written: 20090628175431.000000+120
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am

Re: Restarts and strange errors

Unread postby Cyborg » July 14th, 2009, 1:29 pm

Hiya kentos :),

Please do an online scan with Kaspersky WebScanner
    Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, click Yes

    The program will launch and then begin downloading the latest definition files:

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Please post the contents of the log here.


Also, do you have any external drives?
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 15th, 2009, 6:56 am

It's not my computer, but I think there were only usb flash drive and camera ever connected to this computer. There isn't any external hard disk drive. Also, to be able to run Kaspersky skan I had to install java runtime. When I ran it first time, firefox crashed (this window with sending report back to microsoft appeared) at ~80% and it couldn't finish. Next time I started through IE but it crashed just after start, but I was able to restart it without rebooting computer, but this time the whole computer crashed and rebooted without warning. Finally, during 4 scan, nothing wrong happened and it has finished, but found nothing...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 15, 2009
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 15, 2009 10:37:39
Records in database: 2470703
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 57091
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:34:34

No malware has been detected. The scan area is clean.

The selected area was scanned.
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am

Re: Restarts and strange errors

Unread postby Cyborg » July 16th, 2009, 2:21 am

Hiya Kentos :),

Please download Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Please post the contents of your antivirus' finding here so that we can get to know what it had detected.

  • Click Start → All Programs → Eset → ESET Smart Security.
  • At the bottom of ESET's screen, please click Toggle Advanced mode.
  • Click Tools → Log files
  • In the Log drop-down box, select Detected threats.
  • Under the Time and Scanned Folders column, double-click on the most recently completed scan. A Log details window will open up.
  • Please select all text inside Log details and click copy. Paste that log in your reply.


Also, please tell me how old your hard drive is in your reply.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 18th, 2009, 5:05 pm

Sorry for late reply.
Primary hard drive is not very old, but I would have to ask previous owner for details.
I haven't used this flash disinfector yet, because my camera was connected to the infected PC and I don't have it now, I will have it back on monday.
It will be a small problem with my antivirus - logs are written all in polish... I could tell you that it found nothing during last scan. If it's important, I could translate it tomorrow.
All infected files were found by real-time protection. They were deleted and quarantined. Here are all detected:
2009-07-13 21:20:42 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028128.sys odmiana wirusa Win32/PSW.OnLineGames.OKW koń trojański
2009-07-07 20:35:54 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP136\A0028178.bat Win32/PSW.OnLineGames.NNU koń trojański
2009-07-07 20:35:53 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028144.dll Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-07 20:35:53 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028155.exe Win32/PSW.OnLineGames.NNU koń trojański
2009-07-07 20:35:53 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028157.dll Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-07 20:35:53 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028166.dll Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-07 20:35:52 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028151.com Win32/PSW.OnLineGames.NNU koń trojański
2009-07-07 20:35:52 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028152.inf INF/Autorun.gen koń trojański
2009-07-06 13:49:42 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028111.sys odmiana wirusa Win32/PSW.OnLineGames.OKW koń trojański
2009-07-06 12:50:56 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028099.sys odmiana wirusa Win32/PSW.OnLineGames.OKW koń trojański
2009-07-06 12:05:14 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP135\A0028096.sys odmiana wirusa Win32/PSW.OnLineGames.OKW koń trojański
2009-07-05 22:31:05 F:\Autorun.inf INF/Autorun.gen koń trojański
2009-07-04 21:40:03 C:\WINDOWS\SYSTEM32\NMDFGDS1.DLL Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-04 21:37:48 C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-04 21:37:45 C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-04 21:37:22 C:\WINDOWS\system32\nmdfgds0.dll Win32/PSW.OnLineGames.ODJ koń trojański
2009-07-04 21:36:43 D:\autorun.inf INF/Autorun.gen koń trojański
2009-07-04 21:36:43 C:\WINDOWS\system32\olhrwef.exe Win32/PSW.OnLineGames.NNU koń trojański
2009-07-04 21:36:43 C:\autorun.inf INF/Autorun.gen koń trojański
2009-07-04 21:36:28 HTTP http://sder44.net/mg/am.rar Win32/PSW.OnLineGames.FKR.Gen koń trojański connection terminated
2009-07-01 21:48:19 F:\Autorun.inf Win32/PSW.OnLineGames.NNU koń trojański
2009-06-28 13:58:29 D:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP125\A0025125.inf Win32/PSW.OnLineGames.NNU koń trojański
2009-06-27 18:12:41 D:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP125\A0025124.com Win32/PSW.OnLineGames.NNU koń trojański
2009-06-27 17:12:05 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP125\A0025140.exe Win32/PSW.OnLineGames.NNU koń trojański
2009-06-27 16:12:06 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP125\A0025139.dll Win32/PSW.OnLineGames.NMP koń trojański
2009-06-27 15:13:12 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP125\A0025123.inf Win32/PSW.OnLineGames.NNU koń trojański
2009-06-24 21:51:35 C:\System Volume Information\_restore{14B761AF-7B41-4DF1-8A6E-0E2B1B724AB7}\RP125\A0025122.com Win32/PSW.OnLineGames.NNU koń trojański
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am

Re: Restarts and strange errors

Unread postby Cyborg » July 20th, 2009, 2:24 pm

Hiya Kentos :)

Sorry for late reply.


No problem, please let me know before hand if you need some time, this will prevent your thread from being closed ;)

I haven't used this flash disinfector yet, because my camera was connected to the infected PC and I don't have it now, I will have it back on monday.


You said that you'd receive your camera today, if you have it, please plug it in (with the memory card inside the camera) and run Flash_Disinfector.
Please re-use these instructions to run Flash_Disinfector :
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Please ignore the prompts from your antivirus, it is detecting inactive infected files from the System Restore points.
Please do NOT use system restore at any point of time during these fixes


Please re-use these instructions to post log.txt from RSIT :
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, a log will open:
  • log.txt will be opened maximized
  • Please post the contents of log.txt
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 20th, 2009, 4:10 pm

I've run flash disinfector without problems and here is log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ewa P at 2009-07-20 22:07:37
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 38 GB (53%) free of 71 GB
Total RAM: 1015 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:40, on 2009-07-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\Ewa P\Pulpit\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ewa P.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5645481953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7415 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{00125DD9-37B2-4586-9445-E8DBD3552CED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-13 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-13 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-14 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2005-04-05 94208]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\System32\igfxpers.exe [2005-04-05 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-13 68592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-21 155648]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-07 520024]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-13 39408]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Ewa P\Menu Start\Programy\Autostart
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-20 22:03:01 ----RASHD---- C:\autorun.inf
2009-07-14 20:05:33 ----D---- C:\WINDOWS\Sun
2009-07-14 20:03:47 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-14 20:03:47 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-14 20:03:47 ----A---- C:\WINDOWS\system32\java.exe
2009-07-14 20:03:47 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-14 20:03:34 ----D---- C:\Program Files\Java
2009-07-14 20:03:18 ----D---- C:\Documents and Settings\Ewa P\Dane aplikacji\Sun
2009-07-13 20:52:35 ----D---- C:\rsit
2009-07-07 22:20:33 ----D---- C:\Program Files\Trend Micro
2009-07-07 22:20:18 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-07 20:10:20 ----HDC---- C:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 20:10:15 ----D---- C:\Program Files\Lavasoft
2009-07-07 20:10:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2009-07-04 21:42:27 ----D---- C:\WINDOWS\pss
2009-07-02 19:54:10 ----SHD---- C:\found.001
2009-06-28 13:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-28 13:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-28 13:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-28 13:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-24 21:27:24 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-24 21:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-24 21:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-24 21:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-24 21:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-06-24 21:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-24 21:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-24 21:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-24 21:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-24 21:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-06-24 21:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-24 21:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-24 21:21:01 ----D---- C:\WINDOWS\ie8updates
2009-06-24 21:20:37 ----D---- C:\WINDOWS\WBEM
2009-06-24 21:19:40 ----HDC---- C:\WINDOWS\ie8
2009-06-24 21:12:05 ----D---- C:\Temp
2009-06-24 21:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-24 21:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-24 21:10:30 ----D---- C:\Program Files\MSXML 4.0
2009-06-24 21:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-24 21:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$

======List of files/folders modified in the last 1 months======

2009-07-20 22:07:05 ----D---- C:\WINDOWS\Temp
2009-07-20 22:06:44 ----D---- C:\Program Files\Mozilla Firefox
2009-07-20 22:04:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-20 22:04:10 ----D---- C:\WINDOWS\Prefetch
2009-07-20 19:00:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 10:49:27 ----D---- C:\WINDOWS
2009-07-15 10:49:06 ----D---- C:\WINDOWS\Minidump
2009-07-15 10:25:27 ----HD---- C:\WINDOWS\inf
2009-07-15 10:25:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 20:03:50 ----SHD---- C:\WINDOWS\Installer
2009-07-14 20:03:47 ----D---- C:\WINDOWS\system32
2009-07-14 20:03:34 ----RD---- C:\Program Files
2009-07-13 20:46:49 ----D---- C:\Program Files\Pinnacle
2009-07-13 20:46:30 ----D---- C:\WINDOWS\WinSxS
2009-07-13 20:46:29 ----D---- C:\Program Files\Common Files
2009-07-13 20:46:27 ----RSD---- C:\WINDOWS\Fonts
2009-07-07 20:10:36 ----SD---- C:\WINDOWS\Tasks
2009-07-07 19:50:53 ----D---- C:\Documents and Settings\Ewa P\Dane aplikacji\Skype
2009-07-07 12:31:17 ----D---- C:\Program Files\eMule
2009-07-05 22:44:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-05 21:43:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2009-07-05 21:43:40 ----RSD---- C:\WINDOWS\assembly
2009-07-05 21:43:13 ----D---- C:\Program Files\Microsoft Works
2009-07-04 21:35:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-04 21:35:53 ----D---- C:\WINDOWS\system32\drivers
2009-06-28 19:16:42 ----D---- C:\Program Files\NAVIGO Professional Plus
2009-06-28 13:41:07 ----A---- C:\WINDOWS\imsins.BAK
2009-06-24 21:36:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-24 21:32:22 ----D---- C:\WINDOWS\system32\wbem
2009-06-24 21:32:22 ----D---- C:\WINDOWS\system32\pl-pl
2009-06-24 21:32:22 ----D---- C:\WINDOWS\Help
2009-06-24 21:32:22 ----D---- C:\Program Files\Internet Explorer
2009-06-24 21:32:21 ----D---- C:\WINDOWS\AppPatch
2009-06-24 21:20:42 ----D---- C:\WINDOWS\system32\config
2009-06-24 21:20:31 ----D---- C:\WINDOWS\Media
2009-06-24 21:11:24 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-14 152984]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-13 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-07 1029456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am

Re: Restarts and strange errors

Unread postby Cyborg » July 23rd, 2009, 3:24 am

Hiya Kentos :),

Sorry for the late reply, I've been on a move of late...

Please reopen HijackThis and click on "Do a system scan only".

Please locate the following lines and place a check against them :


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


Close all other open windows and click on, "Fix Checked".

Also, nothing malicious is showing up in your logs. Are you still having problems?
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 25th, 2009, 4:09 pm

I've done what you said. Also, nothing wrong happens to this computer now I think - I haven't got any error since last week.
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am

Re: Restarts and strange errors

Unread postby Cyborg » July 28th, 2009, 7:09 am

Congratulations, your computer appears to be clean! Below are some steps you can take to keep yourself safer online.

  • Flush previous restore points and create a new one

    Malware can hide in various System Restore points, which is bad if you ever have to use that restore point. The steps below will get rid of all previous restore points, then create a new, clean one, should you ever have to use it.

    1. Go to Start -> All Programs -> Accessories -> System Tools -> System Restore.
    2. Select Create a Restore Point, then click Next.
    3. Give your restore point a nice name, then click Create.
    4. Close System Restore.
    5. Go to Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup. This program will take a few minutes to load.
    6. Click More Options...
    7. Under the System Restore heading, click Cleanup.
    8. Click Yes.
    9. Close Disk Cleanup.

  • Keep Windows updated!

    Windows by itself is vulnerable to many exploits. Keeping your Windows up-to-date will help to minimize your risk of getting infected again. If you're not sure if Windows is set to update itself, follow the steps below:

    1. Go to Start -> Control Panel
    2. If you are on Category View, click on Switch to Classic View (it's near the upper-left corner of the window)
    3. Double-click Automatic Updates.
    4. Click on the bullet next to Automatic.
    5. Click OK.

  • Keep your anti-virus and firewall updated

    Anti-virus programs are as good as the definition files they have. Keep your anti-virus updated so that it can catch the latest threats! Firewalls occasionally get updated, so if your firewall is asking to update itself, let it!

  • Get an anti-malware scanner, and keep it updated

    Anti-malware scanners will scan and remove any malware it finds. These programs are good because they will catch things your anti-virus may not be programmed to catch. Below are links to some free ones.


  • Consider using a HOSTS file

    A HOSTS file maps web addresses to IP addresses. The HOSTS file linked below maps bad sites to a "Page Cannot Be Found" address, which means if you accidentally click on one of those bad sites, you won't go there. If you are interested in using the HOSTS file below, please follow these instructions.

    1. Download the zipped HOSTS file from here.
    2. Open the file you just downloaded and extract its contentes to C:\windows\system32\drivers\etc. If you are asked to overwrite an existing file, say YES.
    3. Delete the hosts.zip you downloaded.

  • Use a healthy dose of common sense

    Don't rely on the Internet for freebies; more often than not, they're bundled with Something Nasty. If you have any doubts about a link, don't click on it. It's better to pass on the two-for-one chicken deal than to deal with a slow computer that constantly spits out ads!

    If you want to know more about keeping safe online, please read the following articles:

    Tony Klein's "How did I get infected in the first place?"
    How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security

If you have any questions, feel free to post! If you don't have any questions, post anyway, so that this thread can be locked and archived.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Restarts and strange errors

Unread postby Kentos » July 31st, 2009, 3:02 pm

Last day I had another error while using IE, but it restarted properly and nothing wrong happened from this time.
Thanks for all your help and for the time you spent answering me, I appreciate it :)
Kentos
Active Member
 
Posts: 9
Joined: July 7th, 2009, 5:46 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 79 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware