Unknown infection

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Unknown infection21st April 2012, 12:45 pm

Hi
I was wondering if you could please have a look at my problem (possibly malware infection)
The problem with my machine manifests itself by redirecting, opening other windows when I'm trying to navigate to google search results. At times it was impossible to open any pages from search results.
I have since used Kaspersky and Housecall which improved the situation but I'm still having random pages opened (sometimes in new window) when navigating in IE or firefox.

Kaspersky scan detected and supposedly removed
HUER.Exploit.Script.Generic
Trojan-Downloader.VBS.Agent.aaf

Subsequently Trand Micro House call detected and removed
TROJ.SPNR.06df12

OTL logs:

OTL logfile created on: 21/04/2012 8:02:18 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\rafal.ARTISTS-7B481E5\My Documents\Downloads\VirusRemTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.32% Memory free
3.85 Gb Paging File | 2.72 Gb Available in Paging File | 70.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 83.80 Gb Free Space | 28.11% Space Free | Partition Type: NTFS

Computer Name: ARTISTS-7B481E5 | User Name: rafal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 19:56:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\My Documents\Downloads\VirusRemTools\OTL.com
PRC - [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/22 22:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/09/14 18:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/08/19 16:30:45 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/07/26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/12/12 07:39:03 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/11/28 18:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/05 08:38:22 | 000,020,480 | ---- | M] (Artists Technologies P/L) -- C:\Program Files\AT2\AT2 Media Server\AT2.Media.Server.exe
PRC - [2007/08/26 10:37:42 | 000,405,504 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2007/06/13 20:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/23 19:20:54 | 002,165,520 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe
PRC - [2007/04/11 07:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/09/13 11:12:52 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/09/13 11:07:08 | 000,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/09/01 11:01:42 | 000,671,744 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/07/19 12:03:56 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2006/05/11 11:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/04/25 12:52:24 | 000,385,024 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\JMRaidTool.exe
PRC - [2006/02/28 22:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2000/02/04 17:53:22 | 000,705,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Web Application Stress Tool\webtool.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 16:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/07/21 22:21:25 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\76d06200e518196c5ceb94d68557cf2b\Microsoft.ReportingServices.Interfaces.ni.dll
MOD - [2010/07/21 22:16:36 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/07/21 22:16:35 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/07/21 22:16:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/21 22:16:34 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/07/21 22:16:30 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2010/07/21 22:16:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/07/21 22:16:21 | 005,242,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2010/07/21 22:14:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
MOD - [2010/07/21 22:14:31 | 011,797,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
MOD - [2010/07/21 22:14:16 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2010/07/21 22:12:02 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2010/07/21 22:10:33 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2009/11/02 07:38:47 | 000,900,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msvcm80\f9aabeadf09a975301be374109fbd4dc\msvcm80.ni.dll
MOD - [2009/11/02 07:35:31 | 000,275,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReportingServicesNa#\83839b2920f4f3afc29d5edc408b287c\ReportingServicesNativeClient.ni.dll
MOD - [2009/11/02 07:27:14 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2009/10/20 18:34:46 | 002,069,520 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avzkrnl.dll
MOD - [2008/06/21 03:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/21 03:41:10 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/12/12 07:37:11 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2007/09/21 04:14:40 | 003,246,048 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2007/08/26 10:38:46 | 000,133,632 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
MOD - [2007/08/26 10:33:36 | 000,007,680 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
MOD - [2007/08/26 10:33:34 | 000,011,264 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\windows-1252.so
MOD - [2007/08/26 10:33:34 | 000,007,680 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\utf-8.so
MOD - [2007/04/03 15:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\XpertVision\TBMANAGE.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2011/04/22 22:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/19 16:30:45 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/07/29 12:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/11/28 18:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/11/05 08:38:22 | 000,020,480 | ---- | M] (Artists Technologies P/L) [Auto | Running] -- C:\Program Files\AT2\AT2 Media Server\AT2.Media.Server.exe -- (MediaConverterService)
SRV - [2007/05/18 07:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/02/28 22:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2006/02/28 22:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2006/02/28 22:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2000/02/04 17:53:22 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Web Application Stress Tool\webtool.exe -- (WebTool)

========== Driver Services (SafeList) ==========

DRV - File not found [Unknown (0) | Boot | Unknown] -- -- (Winflash)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Player\cds300.dll -- (11355857-31c8-413a-bff0-c1b91ae7271d)
DRV - [2009/11/21 12:06:37 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 19:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 17:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 12:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 13:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/04/11 07:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/04/03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/23 23:23:16 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/01 12:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/08/15 16:41:16 | 004,368,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/19 12:29:08 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/07/19 12:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/07/19 12:27:46 | 000,055,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/07/19 12:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/06/17 22:36:32 | 000,083,968 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/05/19 18:16:14 | 000,042,880 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/05/03 13:46:38 | 000,014,592 | ---- | M] (ABIT) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/02/28 22:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2006/02/07 21:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2005/08/21 23:53:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/19 19:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2004/11/01 16:21:32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)

Re: Unknown infection21st April 2012, 12:47 pm

OTS logs continued:

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 20:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/05 20:51:57 | 000,000,000 | ---D | M]

[2010/10/24 21:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Extensions
[2010/10/24 21:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/03/20 12:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Firefox\Profiles\0eyfg4l5.default\extensions
[2008/03/20 12:38:20 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Firefox\Profiles\0eyfg4l5.default\extensions\firebug@software.joehewitt.com
[2012/04/21 19:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Firefox\Profiles\qq4lvrxg.default\extensions
[2009/09/11 10:39:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Firefox\Profiles\qq4lvrxg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/21 19:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Firefox\Profiles\qq4lvrxg.default\extensions\staged
[2011/10/05 20:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 11:11:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/21 12:00:14 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2011/09/29 16:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/07 11:10:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 10:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{9D539AB8-D253-75A2-7908-29B662AE1D6A}] C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Etyv\obavi.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Display Toolbar and Menubar - C:\Program Files\IEInspector\IEWebDeveloperV2\cmd_display.html ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: IE WebDeveloper V2 - {D851CEE8-86A0-440C-B8F4-DA7DA99B5765} - C:\Program Files\IEInspector\IEWebDeveloperV2\IEWebDeveloperV2.dll (IEInspector Software)
O9 - Extra 'Tools' menuitem : IE WebDeveloper V2 - {D851CEE8-86A0-440C-B8F4-DA7DA99B5765} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10212.cab (CyImage2Ctl Class)
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} http://app.ipop.co.kr/gogsweb/gogsweb.cab (Gogs Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182728842860 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} http://dl.ipop.co.kr/ipop/ipopx.cab (Launcher Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aufreetrial.webex.com/client/T25L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EE91049-5352-49DA-B5B5-BFADB0C1DB5F}: DhcpNameServer = 192.168.0.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7615B973-F400-420F-8667-F1C91300760E}: NameServer = 172.16.100.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9838C503-CDB3-4ACB-A4A3-4090868E939E}: NameServer = 172.16.100.130
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/15 17:08:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2fc988f6-df5d-11df-af0a-00508d9a140f}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {006FBE8B-9DD0-4B06-B277-972E4480868A} - NetShow
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEC6504-8920-9577-EF45-D860D052A051} - DirectAnimation
ActiveX: {0F433B5E-2F22-47D1-9861-2FF167CF891D} - Microsoft Visual Studio .NET 2003 Service Pack 1 (KB918007)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66DA9ADD-B1C4-4891-84D6-706E216B411B} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
ActiveX: {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
ActiveX: {964C8238-245C-4475-BB6E-D19D2C1220F2} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Re: Unknown infection21st April 2012, 12:48 pm

OTS logs continued:

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 23:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/20 23:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012/04/20 06:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\My Documents\Kasperky reports
[2012/04/19 21:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/04/19 21:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2012/04/12 21:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Piqya
[2012/04/12 21:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Application Data\Etyv
[2012/04/10 16:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/10 16:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/10 16:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/21 20:11:37 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2012/04/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/21 19:37:59 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_AT2_jin.job
[2012/04/21 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/21 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/21 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/21 16:49:23 | 000,314,757 | ---- | M] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\census.cache
[2012/04/21 16:49:21 | 000,276,464 | ---- | M] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\ars.cache
[2012/04/21 16:35:00 | 000,664,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/21 16:35:00 | 000,151,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/21 16:32:21 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/04/21 16:31:41 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/21 16:29:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 02:20:43 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\housecall.guid.cache
[2012/04/21 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/04/21 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/21 00:44:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/20 23:45:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Desktop\HijackThis.lnk
[2012/04/20 23:42:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/04/20 20:55:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/20 20:47:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/20 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/20 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/20 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/20 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/20 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/20 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/20 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/20 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/20 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/20 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/20 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/04/20 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/20 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/04/20 03:00:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/19 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/19 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 02:38:39 | 000,314,757 | ---- | C] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\census.cache
[2012/04/21 02:38:25 | 000,276,464 | ---- | C] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\ars.cache
[2012/04/21 02:20:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\housecall.guid.cache
[2012/04/20 23:45:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Desktop\HijackThis.lnk
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/04/19 21:51:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/04/10 16:24:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/10 16:12:26 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2011/05/26 22:08:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/14 22:51:04 | 000,171,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/26 16:32:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/10/05 20:50:32 | 014,045,800 | ---- | M] (Mozilla) -- C:\Documents and Settings\rafal.ARTISTS-7B481E5\Desktop\Firefox Setup 7.0.1.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/29 16:53:40 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/29 16:53:40 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/29 16:53:40 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/06/15 17:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\ABIT
[2008/04/24 11:29:30 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/08/26 16:57:50 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/06/27 16:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\Aspose
[2007/08/20 17:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\AT2
[2008/09/04 13:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2011/09/20 21:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/09/20 21:24:25 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2007/06/25 09:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2008/03/20 14:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2011/05/26 22:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/06/15 17:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/08/13 18:14:50 | 000,000,000 | ---D | M] -- C:\Program Files\Dave Sexton
[2008/05/09 14:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dimac
[2007/11/02 16:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\eclipse
[2007/06/28 11:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\ESTsoft
[2007/08/14 09:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Flash Control
[2007/10/11 10:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\Fluorine Gateway
[2009/03/04 23:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/08/17 16:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2007/06/25 09:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2008/10/23 14:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\IEInspector
[2008/03/20 14:05:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/06/15 17:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/07/21 22:05:18 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/07 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/09/16 11:34:08 | 000,000,000 | ---D | M] -- C:\Program Files\JetBrains
[2009/11/21 11:58:58 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2010/09/07 15:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\KenticoCMS
[2007/06/19 08:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/08/15 17:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/06/25 11:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2010/09/16 00:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET
[2007/06/25 10:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/09/04 13:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2007/06/27 15:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Enterprise Library 3.0 - April 2007
[2007/06/15 17:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/07/23 14:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2007/07/27 15:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/22 14:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Press Training Kit Exam Prep
[2008/09/04 13:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2012/03/21 20:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/01 22:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2007/06/25 09:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
[2008/02/27 15:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server 2005 Upgrade Advisor
[2008/09/04 13:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/09/04 13:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2007/07/27 15:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2007/12/05 10:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2007/07/27 15:23:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2008/10/16 13:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2007/08/03 12:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Application Stress Tool
[2008/09/04 13:23:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2007/06/25 09:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Small Business Server
[2009/11/01 22:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/09/04 13:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/07/21 22:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/04/21 19:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/09/04 13:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/25 09:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSDN
[2009/10/15 10:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/06/15 17:06:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/07/10 14:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/06/25 16:47:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/06/15 17:40:25 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2007/06/15 17:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/07/18 11:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\NUnit 2.4.1
[2010/06/19 20:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\NUnit 2.5.5
[2007/06/15 17:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/21 22:11:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/26 16:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/06/15 17:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/09/04 13:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/12 12:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\SelfTest
[2007/07/05 16:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\ServiceCapture
[2011/05/26 22:07:25 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2007/06/28 11:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Projects
[2007/06/27 14:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Snippet Complier
[2007/12/12 16:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\SourceGear
[2007/06/25 11:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\SQLXML 4.0
[2010/10/24 21:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/10/24 21:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2007/12/05 13:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\TortoiseSVN
[2012/04/20 23:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/12/05 11:31:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/17 07:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2007/11/08 09:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/11/08 09:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/04 13:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2007/06/15 17:06:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/06/15 17:08:15 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/11/07 15:59:47 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2007/06/15 17:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/06/15 17:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\XpertVision
[2007/06/26 10:40:19 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< MD5 for: AGP440.SYS >
[2006/02/28 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2006/02/28 22:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2006/02/28 22:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/05/11 21:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OemDir\iaStor.sys
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/05/11 21:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys
[2006/05/11 11:32:48 | 000,486,400 | ---- | M] (Intel Corporation) MD5=F20A3B8E3E72877088DD97566FFED546 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 04:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 22:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-18 01:20:07

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 16:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 16:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 16:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 22:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 22:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 22:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/04/16 21:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 16:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 16:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 16:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 16:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 22:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 22:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 22:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/04/16 21:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation)

< End of report >

Re: Unknown infection21st April 2012, 12:49 pm

Extras Log:

OTL Extras logfile created on: 21/04/2012 8:02:18 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\rafal.ARTISTS-7B481E5\My Documents\Downloads\VirusRemTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.32% Memory free
3.85 Gb Paging File | 2.72 Gb Available in Paging File | 70.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 83.80 Gb Free Space | 28.11% Space Free | Partition Type: NTFS

Computer Name: ARTISTS-7B481E5 | User Name: rafal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"4500:UDP" = 4500:UDP:*:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:*:Enabled:IPsec (IKE)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:http

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE)
"135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Flex Builder 2\jre\bin\javaw.exe" = C:\Program Files\Adobe\Flex Builder 2\jre\bin\javaw.exe:*:Enabled:javaw
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2005 -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\GuiDebug\DbgCLR.exe" = C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\GuiDebug\DbgCLR.exe:*:Enabled:Microsoft CLR Debugger -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio .NET 2003 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2008 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio .NET 2003 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio 2005 -- (Microsoft Corporation)
"C:\kav\kis\setup.exe" = C:\kav\kis\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0028A6EE-4945-4233-8024-80A546F56A5C}" = JetBrains dotTrace 3.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{046B2D78-365E-4A1B-9F95-54208111F85E}" = AT2WebApp AU Live
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{0784D8F4-03B4-44C0-A10E-42701A509D14}" = ServiceCapture
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series" = Canon MX420 series MP Drivers
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{13C7193B-0C14-4780-9D7D-47FA04FD84BD}" = AT2 Media Server
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{20023494-704C-4336-902A-B1E7D92DE61B}" = Microsoft ASP.NET MVC 2 - Visual Studio 2008 Tools
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{2243F21A-E132-44F7-BA13-024D0845C815}" = Microsoft SQL Server 2005 Backward compatibility
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005 (SQL2005)
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{265E7147-C7BA-4660-AF4D-1A1531F6E566}" = Enterprise Library 3.0 - April 2007
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{31EA0960-799B-4A7C-A5BB-5C804F649AA2}" = MCTS TK (Exam 70-536) 2nd Ed
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40261D0A-A385-4C1A-A7DE-5F270D9B1033}" = Nero 7 Ultra Edition
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3C8A4B-4EAC-4793-AC46-EB7D55894B8A}_is1" = IE WebDeveloper V2.4.1
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7126A40E-493B-4C1C-95AC-8481D0BF1751}" = Aspose.Words
"{75736F55-9518-4D33-8CD9-8183C71EEA89}" = Microsoft Press Training Kit Exam Prep Suite 70-536
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90550409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio for Enterprise Architects
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9137E62C-1C49-4323-9E09-8F20B1DA9561}" = NUnit 2.5.5
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{91D069E3-C858-4310-BD60-B9C93ADB51D3}" = WebORB for .NET 3.2
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{A188FCCF-E929-494D-B1F1-4313E02ACD52}" = SQLXML4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A852B66B-89B3-426F-9274-633A69BA66BB}" = TK562
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB931789-906F-4433-B50E-B5F2BE7DD1D6}" = AT2WebApp NZ Live
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEDAAD7A-005F-4D65-9085-FDCA378C22E7}" = NUnit 2.4.1
"{BF6654CD-B231-4A6B-BD9E-FF3936948897}" = WebORB for .NET 3.1.0.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9F0EC84-AE56-47F4-839A-1A9C28B8CA32}" = At2WebApp UK Live
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDF6E319-BCD9-4FE3-9D69-26B2F47BEF7C}" = Microsoft SQL Server 2005 Samples
"{E00837D1-CB05-4BD7-A131-3F0872E6BC35}" = SourceGear DiffMerge
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E21523F4-FA6E-4676-A1AA-2AF0AE5C3989}" = w3 JMail Free Version
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E71FBBE1-B946-431A-967C-F1CDE1286396}" = Aspose.Pdf
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BE96AB-F083-4AEC-ABE0-DAD7F5D50310}" = Microsoft SQL Server 2005 Upgrade Advisor (English)
"{F0F9E47D-3132-4DA0-98E7-A8A9C6716C90}" = Microsoft ASP.NET MVC 2 - VWD Express 2008 Tools
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4BBA950-56F0-4335-8D93-EE64BFF593A0}" = TortoiseSVN 1.4.5.10425 (32 bit)
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = ABIT uGuru
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Flex Builder 2 Plug-in" = Adobe Flex Builder 2 Plug-in
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ALZip_is1" = ALZip
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSG12" = Canon PowerShot G12 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Fluorine .NET Flash Remoting Gateway_is1" = Fluorine Gateway
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IsoBuster_is1" = IsoBuster 2.0
"Kentico CMS 5.5_is1" = Kentico CMS 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2000 (SQL2000)" = Microsoft SQL Server 2000 (SQL2000)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Microsoft Web Application Stress Tool" = Microsoft Web Application Stress Tool
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PROPLUS" = Microsoft Office Professional Plus 2007
"Self Test Practice Test Engine" = Self Test Practice Test Engine
"Self Test Software: Exam 70-536CSHP " = Self Test Software: Exam 70-536CSHP
"Self Test Software: Exam 70-562CSHP " = Self Test Software: Exam 70-562CSHP
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Speed Dial Utility" = Canon Speed Dial Utility
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winscp3_is1" = WinSCP 4.1.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpertVision_is1" = XpertVision 5.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/03/2012 7:47:55 AM | Computer Name = ARTISTS-7B481E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/03/2012 8:43:50 PM | Computer Name = ARTISTS-7B481E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/03/2012 8:46:17 PM | Computer Name = ARTISTS-7B481E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/03/2012 6:45:56 AM | Computer Name = ARTISTS-7B481E5 | Source = MSSQL$SQL2005 | ID = 17187
Description = SQL Server is not ready to accept new client connections; the connection
has been closed. Wait a few minutes before trying again. If you have access to
the error log, look for the informational message that indicates that SQL Server
is ready before trying to connect again. [CLIENT: 192.168.0.3]

Error - 21/03/2012 7:33:27 AM | Computer Name = ARTISTS-7B481E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/03/2012 7:33:31 AM | Computer Name = ARTISTS-7B481E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/03/2012 8:05:41 PM | Computer Name = ARTISTS-7B481E5 | Source = MSSQL$SQL2005 | ID = 17187
Description = SQL Server is not ready to accept new client connections; the connection
has been closed. Wait a few minutes before trying again. If you have access to
the error log, look for the informational message that indicates that SQL Server
is ready before trying to connect again. [CLIENT: ]

Error - 23/03/2012 8:05:41 PM | Computer Name = ARTISTS-7B481E5 | Source = MSSQL$SQL2005 | ID = 17187
Description = SQL Server is not ready to accept new client connections; the connection
has been closed. Wait a few minutes before trying again. If you have access to
the error log, look for the informational message that indicates that SQL Server
is ready before trying to connect again. [CLIENT: ]

Error - 23/03/2012 8:05:42 PM | Computer Name = ARTISTS-7B481E5 | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 20/04/2012 12:46:48 PM | Computer Name = ARTISTS-7B481E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 3/02/2009 11:54:15 PM | Computer Name = ARTISTS-7B481E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21283
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 14/04/2009 9:40:38 PM | Computer Name = ARTISTS-7B481E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7038
seconds with 420 seconds of active time. This session ended with a crash.

Error - 19/10/2009 4:45:02 PM | Computer Name = ARTISTS-7B481E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1289
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21/04/2012 2:51:01 AM | Computer Name = ARTISTS-7B481E5 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 21/04/2012 3:00:00 AM | Computer Name = ARTISTS-7B481E5 | Source = Schedule | ID = 7901
Description = The At42.job command failed to start due to the following error: %%2147942402

Error - 21/04/2012 3:02:52 AM | Computer Name = ARTISTS-7B481E5 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 21/04/2012 3:04:57 AM | Computer Name = ARTISTS-7B481E5 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 21/04/2012 3:05:04 AM | Computer Name = ARTISTS-7B481E5 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 21/04/2012 3:52:12 AM | Computer Name = ARTISTS-7B481E5 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 21/04/2012 4:00:00 AM | Computer Name = ARTISTS-7B481E5 | Source = Schedule | ID = 7901
Description = The At43.job command failed to start due to the following error: %%2147942402

Error - 21/04/2012 5:00:00 AM | Computer Name = ARTISTS-7B481E5 | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402

Error - 21/04/2012 5:46:20 AM | Computer Name = ARTISTS-7B481E5 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 21/04/2012 6:00:00 AM | Computer Name = ARTISTS-7B481E5 | Source = Schedule | ID = 7901
Description = The At45.job command failed to start due to the following error: %%2147942402

< End of report >

Re: Unknown infection21st April 2012, 12:50 pm

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-21 22:02:03
-----------------------------
22:02:03.656 OS Version: Windows 5.1.2600 Service Pack 2
22:02:03.656 Number of processors: 2 586 0xF06
22:02:03.656 ComputerName: ARTISTS-7B481E5 UserName: rafal
22:03:21.828 Initialize success
22:04:00.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:04:00.375 Disk 0 Vendor: Intel___ 1.0. Size: 305243MB BusType: 3
22:04:00.390 Disk 0 MBR read successfully
22:04:00.390 Disk 0 MBR scan
22:04:00.390 Disk 0 Windows XP default MBR code
22:04:00.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
22:04:00.406 Disk 0 scanning sectors +625121280
22:04:00.484 Disk 0 scanning C:\WINDOWS\system32\drivers
22:04:05.343 File: C:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
22:04:07.015 Disk 0 trace - called modules:
22:04:07.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8893efd0]<<
22:04:07.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ed030]
22:04:07.031 3 CLASSPNP.SYS[ba12905b] -> nt!IofCallDriver -> [0x89748920]
22:04:07.031 \Driver\00001393[0x89758360] -> IRP_MJ_CREATE -> 0x8893efd0
22:04:07.375 Scan finished successfully
22:11:47.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\rafal.ARTISTS-7B481E5\My Documents\Downloads\VirusRemTools\MBR.dat"
22:11:47.109 The log file has been saved successfully to "C:\Documents and Settings\rafal.ARTISTS-7B481E5\My Documents\Downloads\VirusRemTools\aswMBR.txt"

Re: Unknown infection21st April 2012, 2:30 pm

Hello. We'll have this scanner be run at this time, please...

Visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: Unknown infection21st April 2012, 11:25 pm

Hi
Is there anything you can tell me from the test results posted above?

Re: Unknown infection22nd April 2012, 11:24 am

Hi I'm back here are combofix results

ComboFix 12-04-20.03 - rafal 22/04/2012 20:18:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.2046.1240 [GMT 10:00]
Running from: c:\documents and settings\rafal.ARTISTS-7B481E5\My Documents\Downloads\VirusRemTools\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\documents and settings\rafal.ARTISTS-7B481E5\Application Data\Etyv
c:\documents and settings\rafal.ARTISTS-7B481E5\Application Data\Etyv\obavi.exe
c:\documents and settings\rafal.ARTISTS-7B481E5\Local Settings\Application Data\assembly\tmp
c:\windows\$NtUninstallKB9683$\1994641691
c:\windows\$NtUninstallKB9683$\3516527690\@
c:\windows\$NtUninstallKB9683$\3516527690\cfg.ini
c:\windows\$NtUninstallKB9683$\3516527690\Desktop.ini
c:\windows\$NtUninstallKB9683$\3516527690\L\xnoxgpyb
c:\windows\$NtUninstallKB9683$\3516527690\oemid
c:\windows\$NtUninstallKB9683$\3516527690\U\00000001.@
c:\windows\$NtUninstallKB9683$\3516527690\U\00000002.@
c:\windows\$NtUninstallKB9683$\3516527690\U\00000004.@
c:\windows\$NtUninstallKB9683$\3516527690\U\80000000.@
c:\windows\$NtUninstallKB9683$\3516527690\U\80000004.@
c:\windows\$NtUninstallKB9683$\3516527690\U\80000032.@
c:\windows\$NtUninstallKB9683$\3516527690\version
c:\windows\system32\Cache
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET127.tmp
c:\windows\$NtUninstallKB9683$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-20 13:45 . 2012-04-20 13:45 -------- d-----w- c:\program files\Trend Micro
2012-04-19 11:57 . 2012-04-19 11:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-04-12 11:09 . 2012-04-20 14:16 -------- d-----w- c:\documents and settings\rafal.ARTISTS-7B481E5\Application Data\Piqya
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 22:05 . 2011-06-13 07:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 06:53 . 2011-10-05 10:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-04-23 2165520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2006-02-28 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-09 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-19 340520]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-25 385024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\ARTISTS-7B481E5\ASPNET\Start Menu\Programs\Startup\
eslaib.exe [2012-4-12 141824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-6-15 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-15 110592]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-3-20 1537064]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-19 671744]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-12-5 81920]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\Microsoft Visual Studio .NET 2003\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"=
"c:\\kav\\kis\\setup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 7:18 PM 36880]
R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [15/06/2007 5:20 PM 14592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [19/06/2007 8:47 AM 3712]
R2 MediaConverterService;MediaConverterService;c:\program files\AT2\AT2 Media Server\AT2.Media.Server.exe [5/11/2007 8:38 AM 20480]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/03/2007 3:58 PM 206192]
R2 msftesql$SQL2005;SQL Server FullText Search (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [14/02/2006 2:50 AM 92880]
R2 MSSQL$SQL2000;MSSQL$SQL2000;c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sSQL2000 --> c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sSQL2000 [?]
R2 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [14/02/2007 3:33 PM 28935592]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14/10/2005 3:44 AM 14552]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 10:21 PM 92592]
R2 WebTool;WebTool;c:\progra~1\MI4F93~1\webtool.exe [3/08/2007 12:26 PM 705024]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 12:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 5:39 PM 19472]
S3 11355857-31c8-413a-bff0-c1b91ae7271d;11355857-31c8-413a-bff0-c1b91ae7271d;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 SQLAgent$SQL2000;SQLAgent$SQL2000;c:\program files\Microsoft SQL Server\MSSQL$SQL2000\binn\sqlagent.exe -i SQL2000 --> c:\program files\Microsoft SQL Server\MSSQL$SQL2000\binn\sqlagent.exe -i SQL2000 [?]
S3 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE [14/04/2006 10:06 AM 319776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2/12/2006 6:17 AM 2805000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mwspollserver
MpFilter
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_AT2_jin.job
- c:\windows\system32\mobsync.exe [2006-02-28 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Display Toolbar and Menubar - c:\program files\IEInspector\IEWebDeveloperV2\cmd_display.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{7615B973-F400-420F-8667-F1C91300760E}: NameServer = 172.16.100.130
TCP: Interfaces\{9838C503-CDB3-4ACB-A4A3-4090868E939E}: NameServer = 172.16.100.130
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10212.cab
DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} - hxxp://app.ipop.co.kr/gogsweb/gogsweb.cab
DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} - hxxp://dl.ipop.co.kr/ipop/ipopx.cab
FF - ProfilePath - c:\documents and settings\rafal.ARTISTS-7B481E5\Application Data\Mozilla\Firefox\Profiles\qq4lvrxg.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{9D539AB8-D253-75A2-7908-29B662AE1D6A} - c:\documents and settings\rafal.ARTISTS-7B481E5\Application Data\Etyv\obavi.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 20:45
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:SQL2005"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5328)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-04-22 21:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-22 10:53
.
Pre-Run: 91,886,039,040 bytes free
Post-Run: 100,657,930,240 bytes free
.
- - End Of File - - B35ED0B9491D632B2B3ADA024C81EA09

Re: Unknown infection22nd April 2012, 6:37 pm

From the test results, it was hard to tell exactly the cause...

Please re-run aswMBR and post a new log...

Unknown infection

descriptionUnknown infection21st April 2012, 12:45 pm

descriptionRe: Unknown infection21st April 2012, 12:47 pm

descriptionRe: Unknown infection21st April 2012, 12:48 pm

descriptionRe: Unknown infection21st April 2012, 12:49 pm

descriptionRe: Unknown infection21st April 2012, 12:50 pm

descriptionRe: Unknown infection21st April 2012, 2:30 pm

descriptionRe: Unknown infection21st April 2012, 11:25 pm

descriptionRe: Unknown infection22nd April 2012, 11:24 am

descriptionRe: Unknown infection22nd April 2012, 6:37 pm

descriptionRe: Unknown infection