Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need help

Unread postby beanscool » November 14th, 2010, 12:34 pm

when i use my browser it automaticaly redirects me to http://www.landing.safetubevideos,com i uninstalled the program but the site keeps coming up please help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:11:04, on 14/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\PROGRA~1\samsung\SAB60E~1\SUPNOT~1.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Agnieszka Podolecka\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Agnieszka Podolecka\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QuestDns Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\QuestDns\questdns117.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 7284 bytes
please help
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am
Advertisement
Register to Remove

Re: need help

Unread postby vict0r » November 15th, 2010, 5:40 pm

Hello and welcome to MWR.

My name is vict0r and I will help you with the malware issues on your computer.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

To make cleaning this machine easier:

  • Continue to respond to this thread until I I tell you that the logs are clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.
  • Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: Please be aware as I am still in training all of my fixes/posts require prior checking by a MRU Teacher. So some delays may be inevitable, please be patient and I will reply again asap.


Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby beanscool » November 16th, 2010, 2:20 pm

this is the list

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
avast! Free Antivirus
BatteryLifeExtender
Bonjour
Choice Guard
DivX Setup
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Foxit Reader
Free Audio CD Burner version 1.4
Free YouTube Download 2.9
Free YouTube to MP3 Converter version 3.8
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 18
Junk Mail filter update
Magic Keyboard
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 3.2
PCLinq2 High-Speed USB Bridge Cable
PCLinq3
Picasa 3
PKR
Play Camera
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Revo Uninstaller 1.89
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
STOPzilla
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.0
WEB Partner
WebCam SCB-0340N
Windows Easy Transfer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am

Re: need help

Unread postby vict0r » November 17th, 2010, 8:47 am

Hi

Uninstall misc programs

Please uninstall STOPZilla as it might interfere with the fix. J2SE Runtime Environment 5.0 is just a old version of the installed Java(TM) 6 Update 18.

  • Click on Start > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:

    J2SE Runtime Environment 5.0
    STOPzilla


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop. If there are any problems downloading/installing/updating, then describe the problem in your next reply.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)


When finished please post:
  • The MBAM log.
  • The RSIT logs.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby beanscool » November 17th, 2010, 1:04 pm

the MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5138

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/11/2010 16:51:49
mbam-log-2010-11-17 (16-51-49).txt

Scan type: Quick scan
Objects scanned: 149150
Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d7be8ed1-b138-48fd-bb22-9779a39130b1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f334c7b0-8774-4d5b-bd7a-4f448d03a1ae} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7be8ed1-b138-48fd-bb22-9779a39130b1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTDNS_SERVICE (Adware.QuestDns) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestDns Service (Adware.QuestDns) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790577b37654553fa891 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} (Adware.QuestDns) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome (Adware.QuestDns) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\QuestDns\questdns117.exe (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestDns\questdns119.exe (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome.manifest (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\install.rdf (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome\questdns.jar (Adware.QuestDns) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences\prefs.js (Adware.QuestDns) -> Quarantined and deleted successfully.
C:\Program Files\QuestDns\uninstall.exe (Adware.QuestDns) -> Quarantined and deleted successfully.


RSIT logs:
log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Agnieszka Podolecka at 2010-11-17 17:02:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (34%) free of 73 GB
Total RAM: 1014 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:06, on 17/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\samsung\SAB60E~1\SUPNOT~1.EXE
C:\Documents and Settings\Agnieszka Podolecka\My Documents\Pobieranie\RSIT.exe
C:\Program Files\trend micro\Agnieszka Podolecka.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\program files\stopzilla!\sziebho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Agnieszka Podolecka\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Agnieszka Podolecka\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 7266 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - c:\program files\stopzilla!\sziebho.dll [2010-11-10 247248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-31 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-18 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2009-06-02 3153408]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-15 151552]
"SUPBackground"=C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-21 298664]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-18 421888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo"
"C:\Program Files\cacaoweb\cacaoweb.exe"="C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb"
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Disabled:Football Manager 2011"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-11-17 17:02:52 ----D---- C:\rsit
2010-11-17 16:34:06 ----D---- C:\Documents and Settings\Agnieszka Podolecka\Application Data\Malwarebytes
2010-11-17 16:33:57 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-17 16:33:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-17 16:33:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-11-17 16:33:55 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-14 15:11:32 ----D---- C:\Program Files\Trend Micro
2010-11-12 13:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2010-11-12 13:03:24 ----D---- C:\Program Files\STOPzilla!
2010-11-12 13:03:23 ----D---- C:\Program Files\Common Files\iS3
2010-11-12 13:03:22 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-11-11 17:36:49 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2010-11-11 17:35:36 ----D---- C:\Documents and Settings\Agnieszka Podolecka\Application Data\Sports Interactive
2010-11-11 17:35:15 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-11-11 17:35:15 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-11-11 17:35:14 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-11-11 17:35:13 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-11-11 17:35:13 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-11-11 17:35:12 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-11-11 17:35:12 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-11-11 17:35:10 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-11-11 17:35:10 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-11-11 17:35:10 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-11-11 17:35:08 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-11-11 17:35:08 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-11-11 17:35:08 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-11-11 17:35:07 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-11-11 17:35:06 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-11-11 17:35:06 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-11-11 17:35:05 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-11-11 17:35:04 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-11-11 17:35:04 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-11-11 17:35:03 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-11-11 17:35:01 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-11-11 17:35:01 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-11-11 17:34:59 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-11-11 17:34:58 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-11-11 17:34:55 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-11-11 17:34:55 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-11-11 17:34:54 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-11-11 17:34:53 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-11-11 17:34:53 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-11-11 17:34:52 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-11-11 17:34:51 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-11-11 17:34:51 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-11-11 17:34:50 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-11-11 17:34:49 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-11-11 17:34:48 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-11-11 17:34:48 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-11-11 17:34:47 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-11-11 17:34:46 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-11-11 17:34:45 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-11-11 17:34:45 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-11-11 17:34:45 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-11-11 17:34:44 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-11-11 17:34:44 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-11-11 17:34:43 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-11-11 17:34:43 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-11-11 17:34:42 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-11-11 17:34:41 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-11-11 17:34:40 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-11-11 17:34:39 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-11-11 17:34:39 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-11-11 17:34:36 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-11-11 17:34:36 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-11-11 17:34:35 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-11-11 17:34:34 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-11-11 17:34:34 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-11-11 17:34:33 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-11-11 17:34:33 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-11-11 17:34:33 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-11-11 17:34:32 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-11-11 17:34:32 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-11-11 17:34:31 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-11-11 17:34:21 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-11-11 17:34:20 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-11-11 17:34:20 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-11-11 17:34:20 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-11-11 17:34:19 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-11-11 17:34:19 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-11-11 17:34:18 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-11-11 17:34:18 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-11-11 17:34:17 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-11-11 17:34:15 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-11-11 17:33:41 ----D---- C:\WINDOWS\Logs
2010-11-11 17:29:38 ----HD---- C:\Program Files\Zero G Registry
2010-11-11 17:29:38 ----D---- C:\Program Files\Sports Interactive
2010-11-10 17:32:18 ----RA---- C:\WINDOWS\system32\IS3HTUI5.dll
2010-11-10 17:32:16 ----RA---- C:\WINDOWS\system32\SZIO5.dll
2010-11-10 17:32:16 ----RA---- C:\WINDOWS\system32\SZComp5.dll
2010-11-10 17:32:16 ----RA---- C:\WINDOWS\system32\SZBase5.dll
2010-11-10 17:32:16 ----RA---- C:\WINDOWS\system32\IS3XDat5.dll
2010-11-10 17:32:16 ----RA---- C:\WINDOWS\system32\IS3DBA5.dll
2010-11-10 17:32:14 ----RA---- C:\WINDOWS\system32\IS3Win325.dll
2010-11-10 17:32:14 ----RA---- C:\WINDOWS\system32\IS3UI5.dll
2010-11-10 17:32:14 ----RA---- C:\WINDOWS\system32\IS3Svc5.dll
2010-11-10 17:32:14 ----RA---- C:\WINDOWS\system32\IS3Inet5.dll
2010-11-10 17:32:14 ----RA---- C:\WINDOWS\system32\IS3Hks5.dll
2010-11-10 17:32:12 ----RA---- C:\WINDOWS\system32\IS3Base5.dll
2010-10-24 06:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-24 06:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-24 06:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-24 06:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-24 06:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-24 06:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-24 06:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-24 01:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-24 01:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-21 17:26:25 ----A---- C:\WINDOWS\system32\drivers\mod7700.sys
2010-10-21 17:26:25 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2010-10-21 17:26:25 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2010-10-21 17:26:25 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2010-10-21 17:26:25 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2010-10-21 17:26:25 ----A---- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys
2010-10-21 17:26:13 ----D---- C:\Program Files\WEB Partner

======List of files/folders modified in the last 1 months======

2010-11-17 17:03:02 ----D---- C:\WINDOWS\Temp
2010-11-17 17:02:51 ----D---- C:\WINDOWS\Prefetch
2010-11-17 16:54:03 ----D---- C:\WINDOWS\system32\drivers
2010-11-17 16:52:52 ----AD---- C:\WINDOWS\MSETUP
2010-11-17 16:52:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-17 16:51:49 ----RD---- C:\Program Files
2010-11-17 16:27:01 ----SHD---- C:\WINDOWS\Installer
2010-11-17 16:25:27 ----D---- C:\Program Files\Common Files\Java
2010-11-17 16:25:07 ----D---- C:\WINDOWS\system32
2010-11-16 19:40:32 ----D---- C:\WINDOWS
2010-11-14 15:11:32 ----SD---- C:\Documents and Settings\Agnieszka Podolecka\Application Data\Microsoft
2010-11-12 13:03:28 ----D---- C:\WINDOWS\WinSxS
2010-11-12 13:03:23 ----D---- C:\Program Files\Common Files
2010-11-11 20:23:10 ----HD---- C:\WINDOWS\inf
2010-11-11 20:22:29 ----RSD---- C:\WINDOWS\assembly
2010-11-11 20:21:34 ----D---- C:\WINDOWS\system32\DirectX
2010-11-11 18:06:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-11 17:34:23 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-10 13:28:02 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 00:57:55 ----D---- C:\Program Files\PKR
2010-11-04 02:19:30 ----D---- C:\Program Files\Mozilla Firefox
2010-11-01 16:25:11 ----D---- C:\Documents and Settings\Agnieszka Podolecka\Application Data\cacaoweb
2010-10-31 16:46:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 02:30:42 ----D---- C:\WINDOWS\Help
2010-10-24 06:40:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-24 06:40:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-24 06:40:12 ----A---- C:\WINDOWS\imsins.BAK
2010-10-24 06:39:18 ----D---- C:\Program Files\Internet Explorer
2010-10-24 06:39:04 ----D---- C:\WINDOWS\ie8updates
2010-10-21 22:30:09 ----D---- C:\WINDOWS\Network Diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-09 45648]
R0 szkg5;szkg5; C:\WINDOWS\system32\drivers\szkg.sys [2009-12-07 61328]
R0 szkgfs;szkgfs; C:\WINDOWS\system32\drivers\szkgfs.sys [2010-05-12 59280]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2010-03-20 117504]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105728]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-23 5082624]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver; C:\WINDOWS\system32\DRIVERS\rtl819xp.sys [2009-05-08 517504]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMC33F;Vimicro Camera Service VMC33F; C:\WINDOWS\System32\Drivers\VMC33F.sys [2009-07-01 237952]
S0 is3srv;is3srv; C:\WINDOWS\system32\drivers\is3srv.sys [2009-12-07 61328]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2010-03-20 100992]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-06-02 40060]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-31 153376]
R2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-11-10 62928]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-16 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info:
info.txt logfile of random's system information tool 1.08 2010-11-17 17:03:10

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AnyPC Client-->C:\Program Files\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros WLAN Client-->"C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x0009 -removeonly
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BatteryLifeExtender-->MsiExec.exe /I{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Easy Network Manager-->MsiExec.exe /I{A7581D39-EA20-4883-A480-80C21047052B}
Easy Resolution Manager-->MsiExec.exe /I{9CAC71E9-D196-472E-845C-5462356B2AE1}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Audio CD Burner version 1.4-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube Download 2.9-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to MP3 Converter version 3.8-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\7.0.517.44\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952117-v2)-->"C:\WINDOWS\$NtUninstallKB952117-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
OpenOffice.org 3.2-->MsiExec.exe /I{70B9CD9B-93D7-4B50-BAF1-99CDE11343B8}
PCLinq2 High-Speed USB Bridge Cable-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95381165-5D16-4CD4-9162-57799A3F3AB5}\Setup.exe" -l0x9
PCLinq3-->"C:\Program Files\InstallShield Installation Information\{BD77C684-DF3C-4237-A9F9-FA90ED58CA3F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
Play Camera-->C:\Program Files\InstallShield Installation Information\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\setup.exe -runfromtemp -l0x0409
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
REALTEK Wireless LAN Software-->C:\Program Files\InstallShield Installation Information\{6A1F72DD-2465-43A2-A137-8A849399B7A8}\Install.exe -uninst -l0x9
Revo Uninstaller 1.89-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Samsung Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x9 Remove
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WEB Partner-->C:\Program Files\WEB Partner\uninst.exe
WebCam SCB-0340N-->C:\Program Files\InstallShield Installation Information\{71A51BED-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Easy Transfer-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: AGNIESZKA
Event Code: 1002
Message: The IP address lease 192.168.1.124 for the Network Card with network address 001E101F051B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6322
Source Name: Dhcp
Time Written: 20101104205327.000000+000
Event Type: error
User:

Computer Name: AGNIESZKA
Event Code: 1002
Message: The IP address lease 192.168.1.127 for the Network Card with network address 001E101FA6DB has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6292
Source Name: Dhcp
Time Written: 20101104190231.000000+000
Event Type: error
User:

Computer Name: AGNIESZKA
Event Code: 1002
Message: The IP address lease 192.168.1.112 for the Network Card with network address 001E101FC8C1 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6263
Source Name: Dhcp
Time Written: 20101104162014.000000+000
Event Type: error
User:

Computer Name: AGNIESZKA
Event Code: 1002
Message: The IP address lease 192.168.1.128 for the Network Card with network address 001E101FA7A5 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6234
Source Name: Dhcp
Time Written: 20101104120332.000000+000
Event Type: error
User:

Computer Name: AGNIESZKA
Event Code: 1002
Message: The IP address lease 192.168.1.118 for the Network Card with network address 001E101FD271 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6203
Source Name: Dhcp
Time Written: 20101104012125.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: AGNIESZKA
Event Code: 1000
Message: Faulting application divxupdate.exe, version 1.0.1.10, faulting module msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Record Number: 1152
Source Name: Application Error
Time Written: 20101021185121.000000+060
Event Type: error
User:

Computer Name: AGNIESZKA
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 1148
Source Name: Microsoft Fax
Time Written: 20101021182056.000000+060
Event Type: warning
User:

Computer Name: AGNIESZKA
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 1147
Source Name: Microsoft Fax
Time Written: 20101021182056.000000+060
Event Type: warning
User:

Computer Name: AGNIESZKA
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 1141
Source Name: Microsoft Fax
Time Written: 20101017131046.000000+060
Event Type: warning
User:

Computer Name: AGNIESZKA
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 1140
Source Name: Microsoft Fax
Time Written: 20101017131046.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am

Re: need help

Unread postby vict0r » November 18th, 2010, 7:47 am

Hi

STOPZilla!

It seems that the STOPZilla uninstaller did not uninstall the program at all. Right-click the STOPZilla!-icon in the system tray (in the lower right corner of your screen) and click Exit STOPzilla!.


Backup registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Double-click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create an ERUNT entry in to the Start up folder, answer NO

    Image

  • Backup the registry to the default location


Run OTL Script

Please download OTL ... by Old Timer . Save it to your Desktop.

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    :Services
    DOSMEMIO
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"=-
    "C:\Program Files\cacaoweb\cacaoweb.exe"=-
    :Files
    C:\Documents and Settings\Agnieszka Podolecka\Application Data\cacaoweb
    :commands
    [REBOOT]
    
  • This will reboot the machine: Click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Still redirected?

In which browsers were you previously redirected? Internet Explorer, Firefox, Google Chrome?

Are you still getting redirected in your browser(s)? Please verify.


STOPZilla! removal.

I can see that you have Revo uninstaller installed. If you are familiar with this program, please use it to completely uninstall STOPZilla: Right-click the STOPZilla!-icon in the system tray (in the lower right corner of your screen) and click Exit STOPzilla! before using Revo. If you are not familiar with Revo uninstaller, then post back so I can give you alternative instructions for the complete removal.


Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  3. Please post the contents of "log.txt" in your next reply.


Please post:
  • What is the status of the browser redirection now?
  • The OTL log.
  • The Rsit log.

Continue to reply to this thread until I tell you that the logs are clean! Absence of symptoms does not necessarily mean a clean computer!
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby beanscool » November 18th, 2010, 7:39 pm

I use mozilla firefox and the browser is still redirecting but instead redirecting to www.landing.savetubevideo.com it redirects to http://www./??

OTL reboots my computer but when it comes back on again the log doesnt come up?
And finally the stopzilla is not on the uninstall list in rovo unsistaller?
I'm really comfused is my computer even fixable??
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am

Re: need help

Unread postby vict0r » November 19th, 2010, 7:53 pm

Hi

I use mozilla firefox and the browser is still redirecting but instead redirecting to http://www.landing.savetubevideo.com it redirects to http://www./??
That's good, we are making progress.

is my computer even fixable??
I am quite sure it's possible to fix your computer. However malwareremoval is not easy and can be a timeconsuming process. Please be patient. :)


Regarding Stopzilla

I think that the easiest way now to get Stopzilla uninstalled is to reinstall it first, reboot the computer, then right-click the STOPZilla!-icon in the system tray and choose (click) Exit STOPzilla!, then try to uninstall the program from Control-panel -> Add-Remove programs (or use Revo).


Retrieve the OTL log

Please navigate to this folder:
C:\_OTL\Movedfiles
In this folder there should be a text/log file named "date_time" (example: 08112010_120501). If it is present, then please post the contents in your next reply.


Download and run DDS

Let's take a closer look at the Firefox settings. Please download DDS by sUBs from one of the links below and save it to your desktop:

Image

Link1
Link2 (right click -> Save link as...)

  • Double-Click on dds.scr(/com/pif) and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs into your next reply


Please post:
  • The OTL log (if present).
  • The DDS logs.

Continue to reply to this thread until I tell you that the logs are clean! Absence of symptoms does not necessarily mean a clean computer!
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby beanscool » November 20th, 2010, 8:38 am

the OTL log

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File not found.
========== SERVICES/DRIVERS ==========
Error: No service named DOSMEMIO was found to stop!
Service\Driver key DOSMEMIO not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\cacaoweb\cacaoweb.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Agnieszka Podolecka\Application Data\cacaoweb not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.17.3 log created on 11182010_232442


DDS logs

attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 01/08/2010 01:32:01
System Uptime: 20/11/2010 12:24:19 (0 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N130
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1595/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 23.782 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 70.82 GiB free.
F: is CDROM (CDFS)
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP69: 09/11/2010 19:32:06 - System Checkpoint
RP70: 10/11/2010 13:27:57 - Software Distribution Service 3.0
RP71: 11/11/2010 17:33:52 - Installed DirectX
RP72: 11/11/2010 18:21:21 - Revo Uninstaller's restore point - Football Manager 2011
RP73: 11/11/2010 20:21:34 - Installed DirectX
RP74: 11/11/2010 20:50:14 - Revo Uninstaller's restore point - Football Manager 2011
RP75: 12/11/2010 12:44:04 - Installed Microsoft Visual C++ 2005 Redistributable
RP76: 12/11/2010 12:45:42 - Revo Uninstaller's restore point - SaveTubeVideo 3.8 (20091213)
RP77: 12/11/2010 13:03:07 - Installed STOPzilla. Available with Windows Installer version

1.2 and later.
RP78: 12/11/2010 17:07:38 - Revo Uninstaller's restore point - STOPzilla
RP79: 12/11/2010 17:10:36 - Revo Uninstaller's restore point - STOPzilla
RP80: 12/11/2010 17:14:16 - Revo Uninstaller's restore point - STOPzilla
RP81: 12/11/2010 17:30:08 - Installed STOPzilla. Available with Windows Installer version

1.2 and later.
RP82: 14/11/2010 15:09:46 - Revo Uninstaller's restore point - STOPzilla
RP83: 14/11/2010 15:10:29 - Removed STOPzilla. Available with Windows Installer version 1.2

and later.
RP84: 14/11/2010 15:11:31 - Installed HiJackThis
RP85: 14/11/2010 15:39:42 - Installed STOPzilla. Available with Windows Installer version

1.2 and later.
RP86: 17/11/2010 16:25:04 - Removed J2SE Runtime Environment 5.0
RP87: 17/11/2010 16:26:57 - Removed STOPzilla. Available with Windows Installer version 1.2

and later.
RP88: 18/11/2010 18:03:23 - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
avast! Free Antivirus
BatteryLifeExtender
Bonjour
Choice Guard
DivX Setup
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
ERUNT 1.1j
Foxit Reader
Free Audio CD Burner version 1.4
Free YouTube Download 2.9
Free YouTube to MP3 Converter version 3.8
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Magic Keyboard
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 3.2
PCLinq2 High-Speed USB Bridge Cable
PCLinq3
Picasa 3
PKR
Play Camera
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Revo Uninstaller 1.89
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.0
WEB Partner
WebCam SCB-0340N
WebFldrs XP
Windows Easy Transfer
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

20/11/2010 12:24:48, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the

Network Card with network address 001E101F731C has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
20/11/2010 03:16:07, error: Dhcp [1002] - The IP address lease 192.168.1.119 for the

Network Card with network address 001E101FDDF3 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
19/11/2010 16:47:03, error: Dhcp [1002] - The IP address lease 192.168.1.118 for the

Network Card with network address 001E101F9D8C has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 23:33:05, error: Dhcp [1002] - The IP address lease 192.168.1.117 for the

Network Card with network address 001E101F3976 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 23:26:01, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the

Network Card with network address 001E101FAE32 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 23:17:11, error: Dhcp [1002] - The IP address lease 192.168.1.116 for the

Network Card with network address 001E101F5BFC has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 23:07:19, error: Dhcp [1002] - The IP address lease 192.168.1.115 for the

Network Card with network address 001E101F305E has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 22:11:55, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: Cdrom
18/11/2010 22:11:54, error: Dhcp [1002] - The IP address lease 192.168.1.114 for the

Network Card with network address 001E101FAB03 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 18:20:17, error: Dhcp [1002] - The IP address lease 192.168.1.112 for the

Network Card with network address 001E101FE9C7 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 17:44:29, error: Dhcp [1002] - The IP address lease 192.168.1.113 for the

Network Card with network address 001E101F4C53 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 17:41:15, error: Dhcp [1002] - The IP address lease 192.168.1.112 for the

Network Card with network address 001E101F4C03 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/11/2010 17:29:38, error: Dhcp [1002] - The IP address lease 192.168.1.111 for the

Network Card with network address 001E101F4C53 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
17/11/2010 23:57:35, error: Dhcp [1002] - The IP address lease 192.168.1.110 for the

Network Card with network address 001E101FA75C has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
17/11/2010 22:00:40, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the

Network Card with network address 001E101F2A27 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
17/11/2010 18:29:09, error: Dhcp [1002] - The IP address lease 192.168.1.108 for the

Network Card with network address 001E101F8A85 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
17/11/2010 16:53:20, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the

Network Card with network address 001E101F7433 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
17/11/2010 16:25:39, error: Service Control Manager [7023] - The Application Management

service terminated with the following error: The specified module could not be found.
17/11/2010 16:20:51, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the

Network Card with network address 001E101F2E51 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
17/11/2010 13:44:18, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the

Network Card with network address 001E101F5BFC has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
16/11/2010 22:29:55, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the

Network Card with network address 001E101FBCAD has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
16/11/2010 18:10:32, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the

Network Card with network address 001E101F051B has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
15/11/2010 22:30:42, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the

Network Card with network address 001E101F0815 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
15/11/2010 16:57:01, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the

Network Card with network address 001E101F3DA8 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
15/11/2010 15:28:33, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the

Network Card with network address 001E101F5BFC has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
15/11/2010 14:22:36, error: Service Control Manager [7009] - Timeout (30000 milliseconds)

waiting for the QuestDns Service service to connect.
15/11/2010 14:22:28, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the

Network Card with network address 001E101FDDF3 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 23:51:04, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the

Network Card with network address 001E101FE347 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 19:27:34, error: Dhcp [1002] - The IP address lease 192.168.1.108 for the

Network Card with network address 001E101FDDF3 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 15:51:41, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the

Network Card with network address 001E101F77CE has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 15:37:59, error: Service Control Manager [7034] - The QuestDns Service service

terminated unexpectedly. It has done this 1 time(s).
14/11/2010 15:05:09, error: Dhcp [1002] - The IP address lease 192.168.1.108 for the

Network Card with network address 001E101FCAB6 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 13:57:16, error: Dhcp [1002] - The IP address lease 192.168.1.107 for the

Network Card with network address 001E101F77CE has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 00:46:02, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the

Network Card with network address 001E101F7F7D has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
13/11/2010 20:18:57, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the

Network Card with network address 001E101FF767 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
13/11/2010 13:40:55, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the

Network Card with network address 001E101FA7A5 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
13/11/2010 11:19:37, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the

Network Card with network address 001E101FDDF3 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
13/11/2010 05:02:37, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the

Network Card with network address 001E101F96A7 has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).
13/11/2010 02:48:50, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the

Network Card with network address 001E101F731C has been denied by the DHCP server

192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS:

DDS (Ver_10-11-10.01) - NTFSx86
Run by Agnieszka Podolecka at 12:36:12.01 on 20/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.514 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\samsung\SAB60E~1\SUPNOT~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Agnieszka Podolecka\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [SUPBackground] c:\program files\samsung\samsung update plus\SUPBackground.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\documents and settings\agnieszka podolecka\application

data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\agnieszka podolecka\application

data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program

files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\agnies~1\applic~1\mozilla\firefox\profiles\2dwfqpyr.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-31 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-31 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-31 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-30 55152]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-31 40384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-10-21 117504]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-10-21 100992]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys

[2009-7-30 517504]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [2009-7-30 237952]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-30 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-7 533360]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2010-8-3 40060]

=============== Created Last 30 ================

2010-11-18 17:36:01 -------- d-----w- C:\_OTL
2010-11-17 16:34:06 -------- d-----w- c:\docume~1\agnies~1\applic~1\Malwarebytes
2010-11-17 16:33:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 16:33:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-17 16:33:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 16:33:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-14 15:11:32 388096 ----a-r-

c:\docume~1\agnies~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-14 15:11:32 -------- d-----w- c:\program files\Trend Micro
2010-11-12 13:04:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-11-12 13:03:24 -------- d-----w- c:\program files\STOPzilla!
2010-11-12 13:03:23 -------- d-----w- c:\program files\common files\iS3
2010-11-12 13:03:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-11-11 17:36:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sports Interactive
2010-11-11 17:34:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-11-11 17:33:41 -------- d-----w- c:\windows\Logs
2010-11-11 17:29:38 -------- d--h--w- c:\program files\Zero G Registry
2010-11-11 17:29:38 -------- d-----w- c:\program files\Sports Interactive
2010-11-11 17:28:20 -------- d--h--w- c:\documents and settings\agnieszka podolecka\InstallAnywhere
2010-11-10 17:32:18 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-11-10 17:32:16 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-11-10 17:32:16 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-11-10 17:32:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-11-10 17:32:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-11-10 17:32:16 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-11-10 17:32:14 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-11-10 17:32:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-11-10 17:32:14 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-11-10 17:32:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-11-10 17:32:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-11-10 17:32:12 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-10-21 22:27:52 -------- d-sh--w- c:\documents and settings\agnieszka podolecka\IECompatCache
2010-10-21 17:26:25 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-10-21 17:26:25 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-10-21 17:26:25 117504 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-10-21 17:26:25 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2010-10-21 17:26:25 105728 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-10-21 17:26:25 100992 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-10-21 17:26:13 -------- d-----w- c:\program files\WEB Partner

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 12:37:08.56 ===============
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am

Re: need help

Unread postby vict0r » November 20th, 2010, 7:46 pm

Hi

Uncheck Notepad Wordwrap

Please open notepad, click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Close notepad.


Run OTL Script

This program should still be located on your desktop. If not, please re-download: OTL by Old Timer. Save it to your Desktop.

You only need to run this fix once, if the log does not open after the reboot, then look for it in the C:\_OTL\Movedfiles folder.

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
    FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
    FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="
    :commands
    [emptytemp]
    
  • This will reboot the machine: Click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Note: You can post all logs immediately in a separate posts.


GMER

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow .sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

If GMER crashes, then restart your computer and try again, this time also uncheck Devices.


Disable Avast

  • Right click on the avast! icon in system tray (looks like this: Image) and choose (Stop On-Access Protection)
  • Note: Don't forget to re-enable it after the fix.


Kaspersky Online Scan

Note: This download is about 200Mb and the scan can last for several hours.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.


Enable Avast when the Kaspersky scan is finished.


Re-run - DDS

You should still have this program on your desktop.
  1. Double click on the DDS-icon to run it.
  2. When DDS is done the logs will open in notepad.
  3. Please post the contents of "DDS.txt" in your next reply. (Don't post Attach.txt.)


Please post:
  • Are you still redirected in Firefox after running the OTL-script?
  • The OTL log.
  • The GMER log.
  • The Kaspersky log.
  • DDS.txt
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby vict0r » November 22nd, 2010, 8:41 pm

Hello...

It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you experiencing any trouble when running GMER or Kaspersky? If so then tell me, there are alternatives if they fail to run.

Just let me know what's going on otherwise... After 24 hrs., if you have not replied to this thread... it will be closed!
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby beanscool » November 23rd, 2010, 12:03 pm

i cant seem to scan weith the kaspersky sanner because a window pops up sayin that the license has expired??
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am

Re: need help

Unread postby vict0r » November 23rd, 2010, 12:55 pm

Hi.

Please skip the Kaspersky scan for now and continue with the instructions while I research the expired license issue.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby vict0r » November 24th, 2010, 6:47 am

Hi

Regarding the popup with the Kaspersky license expired: The program is safe to use, the popup is just warning that the java license builtin to the program has expired. Please allow it to run and complete the scan as described.

I will hold this topic open for another 24 hours. To keep it open, please reply with the following:
  • Are you still redirected in Firefox after running the OTL-script? How is the general performance of your computer now?
  • The OTL log.
  • The GMER log.
  • The Kaspersky log.
  • DDS.txt

If you experience any problems, then try to describe them and I will try to find a workaround for the problem or another solution.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: need help

Unread postby beanscool » November 24th, 2010, 2:38 pm

hi,
i tried to scan it again and i paid no attention to the expired license window but when i tried to click on the settings button the writting on it was faded and it wasnt working?
beanscool
Active Member
 
Posts: 13
Joined: November 14th, 2010, 11:21 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware