Help
This topic is locked
I've used this site several times & everytime I have had great success. Yesterday my old computer (windows XP) was hit with one of the fake anti virus programs. I started to get popups to which I immediately ran rkill to stop these processes. After running rkill I ran malwarebytes & 4 infections were found. It asked me to reboot which I did & now my computer won't boot. The computer shows a flashing underline prompt also I am unable to do any type of safe start. I do not have the original Windows XP disks or any emergency disks. I've looked online to see if I can find somewhere to download an emergency disk for Windows XP. I suspect that something is messed up with the registry? I'm hoping that if I can get it to boot that I could run a recovery or roll back to a good boot.
Thanks in advance!
Tim
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Computer won't boot after using Malwarebytes
Back to top
#2
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 05 April 2011 - 02:11 AM
Hello, lets see if we can find the cause of this problem.
Try this please. You will need a USB drive.
Download GETxPUD.exe to the desktop of your clean computer
This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
Try this please. You will need a USB drive.
Download GETxPUD.exe to the desktop of your clean computer
- Run GETxPUD.exe
- A new folder will appear on the desktop.
- Open the GETxPUD folder and click on the get&burn.bat
- The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
- Click on Start and follow the prompts to burn the image to a CD.
- Remove the USB & CD and insert it in the sick computer
- Boot the Sick computer with the CD you just burned
- The computer must be set to boot from the CD
- Gently tap F12 and choose to boot from the CD
- Follow the prompts
- A Welcome to xPUD screen will appear
- Press File
- Expand mnt
- sda1,2...usually corresponds to your HDD
- sdb1 is likely your USB
- Click on the folder that represents your USB drive (sdb1 ?)
- Press Tool at the top
- Choose Open Terminal
- Type the following and press enter:
dd if=/dev/sda of=mbr.bin bs=512 count=1
- Press Enter
- After it has finished a file will be located on your USB drive named mbr.bin
- Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
#4
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 06 April 2011 - 01:50 AM
#5
- Member
-
- Group: Members
- Posts: 16
- Joined: 10-August 10
Posted 07 April 2011 - 01:23 AM
Attached are the screen shots of what I get in order they appear. I have tried taping F8 during all of them & do not get the menu options for a safe start
Attached File(s)
-
1st.jpg (508.95K)
Number of downloads: 6
This post has been edited by tsto72: 07 April 2011 - 01:26 AM
#6
- Member
-
- Group: Members
- Posts: 16
- Joined: 10-August 10
Posted 07 April 2011 - 01:25 AM
apparently I can't attach any more than 1 file as it says I have used up my quota. The last screen image shows a curser flashing like this _
#7
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 07 April 2011 - 03:18 AM
Thank you, that is clear enough. 
Try this please. You will need a USB drive.
Note, if you still have the xPUD CD, no need to recreate it.
Download GETxPUD.exe to the desktop of your clean computer
The first screen will present log options - press Enter to continue.
TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.
Select [Intel] partiton and press Enter to continue.
Select [MBR Code] and press Enter to continue.
Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.
Press Q repeatedly until TestDisk exits then reboot.
Try this please. You will need a USB drive.
Note, if you still have the xPUD CD, no need to recreate it.
Download GETxPUD.exe to the desktop of your clean computer
- Run GETxPUD.exe
- A new folder will appear on the desktop.
- Open the GETxPUD folder and click on the get&burn.bat
- The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
- Click on Start and follow the prompts to burn the image to a CD.
- Download xPUDtestdisk.exe and save it to the USB device
- Double click xPUDtestdisk.exe to extract the contents to your USB device
- Remove the USB & CD and insert it in the sick computer
- Boot the Sick computer with the CD you just burned
- The computer must be set to boot from the CD
- Gently tap F12 and choose to boot from the CD
- Follow the prompts
- A Welcome to xPUD screen will appear
- Press File
- Expand mnt
- sda1,2...usually corresponds to your HDD
- sdb1 is likely your USB
- Click on the folder that represents your USB drive (sdb1 ?)
- Press Tool at the top
- Choose Open Terminal
- Type testdisk/testdisk_static
- Press Enter
The first screen will present log options - press Enter to continue.
TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.
Select [Intel] partiton and press Enter to continue.
Select [MBR Code] and press Enter to continue.
Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.
Press Q repeatedly until TestDisk exits then reboot.
#8
- Member
-
- Group: Members
- Posts: 16
- Joined: 10-August 10
Posted 07 April 2011 - 01:21 PM
IT'S ALIVE! I did as requested & rebooted the computer normally. Once the computer booted up I noticed I got a few Windows Explorer Pop-ups for some reandom stuff. I didn;t start Internet explorer they just appeared. I then ran task manager to see what process could possible be causing this & noticed 2 zpinib.exe & zmo.exe. Both of these process were sucking a lot of computer resources. I was tempted to run Rkill & then malwarebytes but didn;t want to do anything without direction. Please advise.
Thank you so much for breathing life into my old piece of junk.
PS can you please briefly explain what the original problem was that was causing my computer to hang up during booting?
Thank you so much for breathing life into my old piece of junk.
PS can you please briefly explain what the original problem was that was causing my computer to hang up during booting?
This post has been edited by tsto72: 07 April 2011 - 01:23 PM
#9
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 07 April 2011 - 02:04 PM
Hi, I'm glad to hear that.
The problem was that malware had altered your harddisk's Master Boot Record, but something went wrong, which caused it no longer to boot. We wrote a new MBR to the disk which allows it to boot again.
Lets see what else needs done here.
We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE
The problem was that malware had altered your harddisk's Master Boot Record, but something went wrong, which caused it no longer to boot. We wrote a new MBR to the disk which allows it to boot again.
Lets see what else needs done here.
We need to see some information about what is happening in your machine. Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explaination about the tool. No input is needed, the scan is running.
- Notepad will open with the results.
- Follow the instructions that pop up for posting the results.
- Close the program window, and delete the program from your desktop.
Information on A/V control HERE
#10
- Member
-
- Group: Members
- Posts: 16
- Joined: 10-August 10
Posted 07 April 2011 - 03:14 PM
I tried to use both programs & neither of them worked. When I ran them they would immediately open a notepad with a bunch of jumbled text. My old machine is running an outdated Windows XP. Could this be the problem or is there some mailware blocking the operation of running this file?
#11
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 07 April 2011 - 03:51 PM
No problem, please run OTL instead.
OTL
-----
Please download OTL from one of the following mirrors:
OTL
-----
Please download OTL from one of the following mirrors:
- Save it to your desktop.
- Double click on the
icon on your desktop. - Click the "Scan All Users" checkbox.
- Push the Quick Scan button.
- Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- OTListIt.txt <-- Will be opened
#12
- Member
-
- Group: Members
- Posts: 16
- Joined: 10-August 10
Posted 07 April 2011 - 06:41 PM
OTL Extras logfile created on: 4/7/2011 7:20:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 199.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 6.27 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.80 Gb Total Space | 7.79 Gb Free Space | 99.82% Space Free | Partition Type: FAT32
Computer Name: STO-OEHZ6PMJ1GH | User Name: Sto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1013:TCP" = 1013:TCP:*:Enabled:BS
"9999:TCP" = 9999:TCP:*:Enabled:PORT1
"9991:TCP" = 9991:TCP:*:Enabled:PORT2
"46812:TCP" = 46812:TCP:*:Enabled:FD
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Sto\Local Settings\Temp\alg.exe" = C:\Documents and Settings\Sto\Local Settings\Temp\alg.exe:*:Enabled:Application Layer Gateway Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EFC79A-2079-41B5-9FB7-EB0CA7463936}" = e-Watch Camera Viewer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{C0CF1841-ABED-41F4-B818-A9E60B607DD9}" = DWGgateway
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AnswerWorks" = AnswerWorks Runtime
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"AviFiXP_is1" = AviFiXP 0.2.2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cool MP3 Splitter" = Cool MP3 Splitter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"Easy Video Splitter_is1" = Easy Video Splitter 1.26
"EPSON Printer and Utilities" = EPSON Printer Software
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"NVIDIA Display Driver" = NVIDIA Display Driver
"QuicktimeAlt_is1" = QuickTime Alternative 2.6.0
"Silent Package Run-Time Sample" = EPSON ES CX6400 Manual
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"VuePrint" = VuePrint
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MXpie Patch" = MXpie Patch for WinMX Network/WPNP 3.6.3.6
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/29/2011 7:53:24 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/29/2011 8:18:23 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/29/2011 8:42:45 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/31/2011 5:04:39 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/31/2011 5:59:06 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 4/3/2011 4:13:29 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Error - 4/3/2011 4:25:18 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
Error - 4/7/2011 1:22:24 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
Error - 4/7/2011 3:37:19 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
Error - 4/7/2011 7:19:42 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
[ System Events ]
Error - 3/31/2011 5:57:38 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 3/31/2011 5:57:38 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 3/31/2011 6:01:19 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 4/1/2011 4:48:17 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaraid
Error - 4/1/2011 4:53:02 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/2/2011 11:42:11 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/7/2011 1:23:21 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio
Error - 4/7/2011 1:31:14 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/7/2011 3:42:05 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/7/2011 7:24:23 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
< End of report >
OTL logfile created on: 4/7/2011 7:20:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 199.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 6.27 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.80 Gb Total Space | 7.79 Gb Free Space | 99.82% Space Free | Partition Type: FAT32
Computer Name: STO-OEHZ6PMJ1GH | User Name: Sto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/07 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/01/09 06:44:20 | 006,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2011/04/07 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/03/02 14:09:30 | 000,377,856 | ---- | M] () -- C:\WINDOWS\oruduqiy.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2010/01/24 06:42:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/12/14 19:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/11/28 22:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/25 04:24:30 | 001,149,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/21 12:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL6.SYS -- (NTSTPL6)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL5.SYS -- (NTSTPL5)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL4.SYS -- (NTSTPL4)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL3.SYS -- (NTSTPL3)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL2.SYS -- (NTSTPL2)
DRV - [2003/07/16 22:22:10 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2003/05/20 13:20:00 | 000,070,272 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaraid.sys -- (viaraid)
DRV - [2002/09/19 22:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [1998/11/27 16:57:18 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-117609710-823518204-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-823518204-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\software\mozilla\Firefox\extensions\\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}: C:\Documents and Settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73} [2011/03/28 19:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 13:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 13:45:55 | 000,000,000 | ---D | M]
[2010/10/01 17:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sto\Application Data\Mozilla\Extensions
[2010/10/01 17:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sto\Application Data\Mozilla\Firefox\Profiles\tstothers@toast.net\extensions
[2011/04/07 15:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 12:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 14:20:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/02/05 17:24:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (NOW!Imaging) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - Reg Error: Value error. File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-117609710-823518204-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Ccikabimonus] C:\WINDOWS\oruduqiy.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-117609710-823518204-839522115-1003..\Run: [Esovevozujitif] C:\WINDOWS\poemsol.dll (Progressive Networks)
O4 - HKU\S-1-5-21-117609710-823518204-839522115-1003..\Run: [IKXGVMFZHI] C:\Documents and Settings\Sto\Local Settings\temp\Zml.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com (MetaStreamCtl Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125882354419 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125882346873 (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://72.32.179.44/filter/cameraviewer/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD 2002\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD 2002\AcPreview.ocx (AcPreview Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.lawnbeltusa.com/images/bck.gif
O24 - Desktop Components:1 () - http://www.iboats.com/images/homepage/new/main_bg.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/04 20:54:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-117609710-823518204-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/07 19:20:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/03/31 18:09:24 | 000,000,000 | --SD | C] -- C:\Comboix
[2011/03/29 19:54:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/03/28 19:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}
[2011/03/23 11:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sto\Application Data\mvvlvolrg
[2006/11/18 21:14:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sto\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/07 19:22:02 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/07 19:19:45 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Nsnmhrcte.job
[2011/04/07 19:19:42 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/07 19:19:42 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/07 19:19:33 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\XHYYDFKBR.job
[2011/04/07 19:19:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/04/07 15:52:40 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Sto\Desktop\dds.scr
[2011/04/07 15:46:11 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Sto\Desktop\Shortcut (3) to dds.scr.lnk
[2011/04/07 13:30:16 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/07 13:30:16 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/07 13:26:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Icivukifurizevul.bin
[2011/04/07 13:21:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/03 16:40:53 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Zpinib.exe
[2011/04/03 16:25:48 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qruwihev.dat
[2011/04/03 16:24:51 | 000,091,136 | RHS- | M] () -- C:\WINDOWS\System32\dllhst3gb.dll
[2011/04/03 16:24:50 | 000,091,136 | RHS- | M] () -- C:\WINDOWS\System32\dhcpcsvcl.dll
[2011/04/03 16:24:33 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Zpinia.exe
[2011/04/03 16:13:35 | 000,002,068 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:13:35 | 000,002,068 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:12:59 | 000,339,968 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\ars.exe
[2011/04/03 15:59:56 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 15:54:25 | 000,004,108 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/04/01 15:54:25 | 000,004,108 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/04/01 15:53:25 | 000,327,680 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\hyi.exe
[2011/03/31 17:35:19 | 000,000,418 | ---- | M] () -- C:\Documents and Settings\Sto\Desktop\Shortcut to Comboix.exe.lnk
[2011/03/31 17:23:54 | 004,310,832 | R--- | M] () -- C:\Comboix.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/07 15:52:39 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Sto\Desktop\dds.scr
[2011/04/07 15:46:11 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Sto\Desktop\Shortcut (3) to dds.scr.lnk
[2011/04/03 16:41:11 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Zpinib.exe
[2011/04/03 16:24:54 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\XHYYDFKBR.job
[2011/04/03 16:24:54 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\Nsnmhrcte.job
[2011/04/03 16:24:53 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/03 16:24:52 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Zpinia.exe
[2011/04/03 16:24:51 | 000,091,136 | RHS- | C] () -- C:\WINDOWS\System32\dllhst3gb.dll
[2011/04/03 16:24:50 | 000,091,136 | RHS- | C] () -- C:\WINDOWS\System32\dhcpcsvcl.dll
[2011/04/03 16:24:39 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/03 16:24:36 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/03 16:13:01 | 000,002,068 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:13:01 | 000,002,068 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:12:58 | 000,339,968 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\ars.exe
[2011/04/01 15:53:25 | 000,327,680 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\hyi.exe
[2011/04/01 15:53:25 | 000,004,108 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/04/01 15:53:25 | 000,004,108 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/03/31 17:35:19 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\Sto\Desktop\Shortcut to Comboix.exe.lnk
[2011/03/28 19:22:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qruwihev.dat
[2011/03/28 19:22:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Icivukifurizevul.bin
[2011/02/05 16:49:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/05 16:49:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/05 16:49:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/05 16:49:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/05 16:49:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 13:23:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/03 21:25:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/19 23:06:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/10 14:45:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/09/21 23:12:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/02/10 03:26:17 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\sk98nt4.ini
[2007/02/10 03:26:17 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\InstInfo.ini
[2007/02/10 01:14:12 | 000,001,226 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/12/09 17:22:53 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Syskernel12.dll
[2006/11/18 21:14:45 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\ezpinst.exe
[2006/11/18 21:14:45 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\pcouffin.cat
[2006/11/18 21:14:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\pcouffin.inf
[2006/11/18 21:06:59 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Sto\Application Data\.zreglib
[2006/11/18 18:11:32 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\FixVTS.ini
[2006/09/21 18:28:25 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/27 00:10:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\realbap1.dll
[2006/08/27 00:10:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\realbsf1.dll
[2006/06/20 23:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/07 19:33:04 | 000,000,334 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2006/05/19 15:45:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/26 00:32:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2006/03/26 00:32:40 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2006/03/23 23:26:33 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/10/21 20:40:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/09/11 21:30:07 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/09/11 21:30:07 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/09/11 21:30:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2005/09/08 22:25:09 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/09/08 22:25:09 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2005/09/08 22:25:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/09/08 20:12:52 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2005/09/08 19:28:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/08 18:34:47 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2005/09/07 22:23:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/09/04 23:09:35 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/09/04 23:07:33 | 000,003,366 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/09/04 23:07:32 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/09/04 23:07:00 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/09/04 22:49:08 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2005/09/04 22:48:57 | 000,027,136 | R--- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2005/09/04 21:50:29 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/04 21:26:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/09/04 20:56:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/04 20:52:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/04 16:47:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/04 16:46:39 | 000,239,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,377,856 | ---- | C] () -- C:\WINDOWS\oruduqiy.dll
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2007/01/25 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/21 19:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/04 18:11:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
[2005/09/08 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Autodesk
[2011/02/23 12:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\ddbvemhwv
[2010/05/13 10:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\EDrawings
[2007/09/15 15:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\EPSON
[2010/08/14 12:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Fikais
[2011/02/22 15:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\hcyxvukol
[2005/09/04 23:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Leadertech
[2011/03/23 11:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\mvvlvolrg
[2006/04/11 23:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\PgcEdit
[2008/06/02 22:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\RipIt4Me
[2010/03/05 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\SlipStream
[2006/11/18 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\SlySoft
[2005/10/21 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Smart Panel
[2007/09/21 23:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Thunderbird
[2010/12/04 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Uniblue
[2007/01/27 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Viewpoint
[2010/06/08 20:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Vso
[2010/08/28 12:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Waxex
[2011/04/07 19:19:45 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\Nsnmhrcte.job
[2010/12/04 18:11:46 | 000,000,212 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2011/04/07 19:19:33 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\XHYYDFKBR.job
[2011/04/07 19:22:02 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/07 19:19:42 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/07 19:19:42 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.22.3 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 199.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 6.27 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.80 Gb Total Space | 7.79 Gb Free Space | 99.82% Space Free | Partition Type: FAT32
Computer Name: STO-OEHZ6PMJ1GH | User Name: Sto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1013:TCP" = 1013:TCP:*:Enabled:BS
"9999:TCP" = 9999:TCP:*:Enabled:PORT1
"9991:TCP" = 9991:TCP:*:Enabled:PORT2
"46812:TCP" = 46812:TCP:*:Enabled:FD
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Sto\Local Settings\Temp\alg.exe" = C:\Documents and Settings\Sto\Local Settings\Temp\alg.exe:*:Enabled:Application Layer Gateway Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EFC79A-2079-41B5-9FB7-EB0CA7463936}" = e-Watch Camera Viewer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{C0CF1841-ABED-41F4-B818-A9E60B607DD9}" = DWGgateway
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AnswerWorks" = AnswerWorks Runtime
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"AviFiXP_is1" = AviFiXP 0.2.2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cool MP3 Splitter" = Cool MP3 Splitter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"Easy Video Splitter_is1" = Easy Video Splitter 1.26
"EPSON Printer and Utilities" = EPSON Printer Software
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"NVIDIA Display Driver" = NVIDIA Display Driver
"QuicktimeAlt_is1" = QuickTime Alternative 2.6.0
"Silent Package Run-Time Sample" = EPSON ES CX6400 Manual
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"VuePrint" = VuePrint
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MXpie Patch" = MXpie Patch for WinMX Network/WPNP 3.6.3.6
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/29/2011 7:53:24 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/29/2011 8:18:23 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/29/2011 8:42:45 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/31/2011 5:04:39 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 3/31/2011 5:59:06 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.
Error - 4/3/2011 4:13:29 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Error - 4/3/2011 4:25:18 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
Error - 4/7/2011 1:22:24 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
Error - 4/7/2011 3:37:19 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
Error - 4/7/2011 7:19:42 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting
module rundll32.exe, version 5.1.2600.2180, fault address 0x000017f1.
[ System Events ]
Error - 3/31/2011 5:57:38 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 3/31/2011 5:57:38 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 3/31/2011 6:01:19 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056
Error - 4/1/2011 4:48:17 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaraid
Error - 4/1/2011 4:53:02 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/2/2011 11:42:11 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/7/2011 1:23:21 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio
Error - 4/7/2011 1:31:14 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/7/2011 3:42:05 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 4/7/2011 7:24:23 PM | Computer Name = STO-OEHZ6PMJ1GH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
< End of report >
OTL logfile created on: 4/7/2011 7:20:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 199.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 6.27 Gb Free Space | 6.73% Space Free | Partition Type: NTFS
Drive D: | 63.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.80 Gb Total Space | 7.79 Gb Free Space | 99.82% Space Free | Partition Type: FAT32
Computer Name: STO-OEHZ6PMJ1GH | User Name: Sto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/07 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/01/09 06:44:20 | 006,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (SafeList) ==========
MOD - [2011/04/07 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/03/02 14:09:30 | 000,377,856 | ---- | M] () -- C:\WINDOWS\oruduqiy.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2010/01/24 06:42:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/12/14 19:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/11/28 22:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/25 04:24:30 | 001,149,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/21 12:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL6.SYS -- (NTSTPL6)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL5.SYS -- (NTSTPL5)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL4.SYS -- (NTSTPL4)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL3.SYS -- (NTSTPL3)
DRV - [2003/08/05 13:56:24 | 000,016,736 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\NTSTPL2.SYS -- (NTSTPL2)
DRV - [2003/07/16 22:22:10 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2003/05/20 13:20:00 | 000,070,272 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaraid.sys -- (viaraid)
DRV - [2002/09/19 22:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [1998/11/27 16:57:18 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\IOPORT.SYS -- (IOPort)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-117609710-823518204-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-823518204-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\software\mozilla\Firefox\extensions\\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}: C:\Documents and Settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73} [2011/03/28 19:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 13:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 13:45:55 | 000,000,000 | ---D | M]
[2010/10/01 17:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sto\Application Data\Mozilla\Extensions
[2010/10/01 17:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sto\Application Data\Mozilla\Firefox\Profiles\tstothers@toast.net\extensions
[2011/04/07 15:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 12:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 14:20:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/02/05 17:24:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (NOW!Imaging) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - Reg Error: Value error. File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-117609710-823518204-839522115-1003\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Ccikabimonus] C:\WINDOWS\oruduqiy.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-117609710-823518204-839522115-1003..\Run: [Esovevozujitif] C:\WINDOWS\poemsol.dll (Progressive Networks)
O4 - HKU\S-1-5-21-117609710-823518204-839522115-1003..\Run: [IKXGVMFZHI] C:\Documents and Settings\Sto\Local Settings\temp\Zml.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-823518204-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com&6&&unknown&unknown&www.viewpoint.com (MetaStreamCtl Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125882354419 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125882346873 (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://72.32.179.44/filter/cameraviewer/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD 2002\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD 2002\AcPreview.ocx (AcPreview Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.lawnbeltusa.com/images/bck.gif
O24 - Desktop Components:1 () - http://www.iboats.com/images/homepage/new/main_bg.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/04 20:54:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-117609710-823518204-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/07 19:20:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/03/31 18:09:24 | 000,000,000 | --SD | C] -- C:\Comboix
[2011/03/29 19:54:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/03/28 19:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}
[2011/03/23 11:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sto\Application Data\mvvlvolrg
[2006/11/18 21:14:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sto\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/07 19:22:02 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/07 19:19:45 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Nsnmhrcte.job
[2011/04/07 19:19:42 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/07 19:19:42 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/07 19:19:33 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\XHYYDFKBR.job
[2011/04/07 19:19:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/04/07 15:52:40 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Sto\Desktop\dds.scr
[2011/04/07 15:46:11 | 000,000,469 | ---- | M] () -- C:\Documents and Settings\Sto\Desktop\Shortcut (3) to dds.scr.lnk
[2011/04/07 13:30:16 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/07 13:30:16 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/07 13:26:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Icivukifurizevul.bin
[2011/04/07 13:21:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/03 16:40:53 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Zpinib.exe
[2011/04/03 16:25:48 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qruwihev.dat
[2011/04/03 16:24:51 | 000,091,136 | RHS- | M] () -- C:\WINDOWS\System32\dllhst3gb.dll
[2011/04/03 16:24:50 | 000,091,136 | RHS- | M] () -- C:\WINDOWS\System32\dhcpcsvcl.dll
[2011/04/03 16:24:33 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Zpinia.exe
[2011/04/03 16:13:35 | 000,002,068 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:13:35 | 000,002,068 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:12:59 | 000,339,968 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\ars.exe
[2011/04/03 15:59:56 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 15:54:25 | 000,004,108 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/04/01 15:54:25 | 000,004,108 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/04/01 15:53:25 | 000,327,680 | -HS- | M] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\hyi.exe
[2011/03/31 17:35:19 | 000,000,418 | ---- | M] () -- C:\Documents and Settings\Sto\Desktop\Shortcut to Comboix.exe.lnk
[2011/03/31 17:23:54 | 004,310,832 | R--- | M] () -- C:\Comboix.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/07 15:52:39 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Sto\Desktop\dds.scr
[2011/04/07 15:46:11 | 000,000,469 | ---- | C] () -- C:\Documents and Settings\Sto\Desktop\Shortcut (3) to dds.scr.lnk
[2011/04/03 16:41:11 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Zpinib.exe
[2011/04/03 16:24:54 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\XHYYDFKBR.job
[2011/04/03 16:24:54 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\Nsnmhrcte.job
[2011/04/03 16:24:53 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/03 16:24:52 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Zpinia.exe
[2011/04/03 16:24:51 | 000,091,136 | RHS- | C] () -- C:\WINDOWS\System32\dllhst3gb.dll
[2011/04/03 16:24:50 | 000,091,136 | RHS- | C] () -- C:\WINDOWS\System32\dhcpcsvcl.dll
[2011/04/03 16:24:39 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/03 16:24:36 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/03 16:13:01 | 000,002,068 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:13:01 | 000,002,068 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e6d571031he03p0h7blm0cx
[2011/04/03 16:12:58 | 000,339,968 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\ars.exe
[2011/04/01 15:53:25 | 000,327,680 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\hyi.exe
[2011/04/01 15:53:25 | 000,004,108 | -HS- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/04/01 15:53:25 | 000,004,108 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s8ill4615guhv6nkf336uaa624c
[2011/03/31 17:35:19 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\Sto\Desktop\Shortcut to Comboix.exe.lnk
[2011/03/28 19:22:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qruwihev.dat
[2011/03/28 19:22:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Icivukifurizevul.bin
[2011/02/05 16:49:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/05 16:49:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/05 16:49:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/05 16:49:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/05 16:49:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 13:23:03 | 000,000,086 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/03 21:25:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/19 23:06:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/10 14:45:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/09/21 23:12:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2007/02/10 03:26:17 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\sk98nt4.ini
[2007/02/10 03:26:17 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\InstInfo.ini
[2007/02/10 01:14:12 | 000,001,226 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/12/09 17:22:53 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Syskernel12.dll
[2006/11/18 21:14:45 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\ezpinst.exe
[2006/11/18 21:14:45 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\pcouffin.cat
[2006/11/18 21:14:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\pcouffin.inf
[2006/11/18 21:06:59 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Sto\Application Data\.zreglib
[2006/11/18 18:11:32 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Sto\Application Data\FixVTS.ini
[2006/09/21 18:28:25 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/27 00:10:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\realbap1.dll
[2006/08/27 00:10:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\realbsf1.dll
[2006/06/20 23:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/06/07 19:33:04 | 000,000,334 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2006/05/19 15:45:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/26 00:32:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2006/03/26 00:32:40 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2006/03/23 23:26:33 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/10/21 20:40:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/09/11 21:30:07 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/09/11 21:30:07 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/09/11 21:30:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2005/09/08 22:25:09 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/09/08 22:25:09 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2005/09/08 22:25:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/09/08 20:12:52 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2005/09/08 19:28:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/08 18:34:47 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2005/09/07 22:23:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/09/04 23:09:35 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2005/09/04 23:07:33 | 000,003,366 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/09/04 23:07:32 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/09/04 23:07:00 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/09/04 22:49:08 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2005/09/04 22:48:57 | 000,027,136 | R--- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2005/09/04 21:50:29 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Sto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/04 21:26:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/09/04 20:56:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/04 20:52:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/04 16:47:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/04 16:46:39 | 000,239,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 03:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,377,856 | ---- | C] () -- C:\WINDOWS\oruduqiy.dll
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2007/01/25 21:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/21 19:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/04 18:11:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
[2005/09/08 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Autodesk
[2011/02/23 12:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\ddbvemhwv
[2010/05/13 10:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\EDrawings
[2007/09/15 15:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\EPSON
[2010/08/14 12:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Fikais
[2011/02/22 15:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\hcyxvukol
[2005/09/04 23:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Leadertech
[2011/03/23 11:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\mvvlvolrg
[2006/04/11 23:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\PgcEdit
[2008/06/02 22:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\RipIt4Me
[2010/03/05 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\SlipStream
[2006/11/18 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\SlySoft
[2005/10/21 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Smart Panel
[2007/09/21 23:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Thunderbird
[2010/12/04 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Uniblue
[2007/01/27 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Viewpoint
[2010/06/08 20:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Vso
[2010/08/28 12:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sto\Application Data\Waxex
[2011/04/07 19:19:45 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\Nsnmhrcte.job
[2010/12/04 18:11:46 | 000,000,212 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2011/04/07 19:19:33 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\XHYYDFKBR.job
[2011/04/07 19:22:02 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/07 19:19:42 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/07 19:19:42 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
========== Purity Check ==========
< End of report >
#13
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 08 April 2011 - 04:15 AM
Hi again,
COMBOFIX
---------------
Please download ComboFix from one of these locations:
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
COMBOFIX
---------------
Please download ComboFix from one of these locations:
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
#14
- Member
-
- Group: Members
- Posts: 16
- Joined: 10-August 10
Posted 08 April 2011 - 09:07 AM
I have run combowfix previously so there was no need to install the recovery portion. I did however notice that the program rebooted my computer during the process. Is this normal?
ComboFix 11-04-07.08 - Sto 04/08/2011 9:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.202 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {81A8F984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {81BABC1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {81EA1614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81BEB63C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81C596F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DBB96C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DD7984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DE050C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DE3554-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DE7874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DEC32C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DF2364-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DFCDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E0267C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E1AA24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E2497C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E2E684-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E35054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E35694-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E3C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E4A054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E4B444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E54B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E5B5FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E5D83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E61DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E621A4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E62DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E65DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E66B60-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E68A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E6C96C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E6E26C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E71974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E75C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E75C14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E77A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E7896C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E7FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E88DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8A794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8D29C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8D604-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8EA84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E90794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E91A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E92504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E93194-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9418C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E947AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E95DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9650C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9685C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9860C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E99054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E995FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9A18C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9ADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9B5FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9F1B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9F7DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9FA6C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA450C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA4A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA6C04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA9DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EAAA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EAC50C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EB55FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F0F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F2E92C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F3DDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F737D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F87AD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F8A054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F908DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F91C14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F96A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F9796C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FA2A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FA6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FA85D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FAB054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FAEBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FB477C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FB8DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FBADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FC65FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCA50C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCA974-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCB054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCFC04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FD16E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FD2DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FD8A6C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDAA74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDB404-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDC604-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDDDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDF794-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDFA7C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE0C04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE3A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE4DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE5DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE7A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE8614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE8A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FEA324-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FEADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FECDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FED36C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FF9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FFA894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82000DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820039C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82004DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820075FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820BADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820C0DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820DBDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820DCC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820FA7BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82104C4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8210E5FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8211047C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82112CFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8211695C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82116DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821BBBA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821C565C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821D1DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821D2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821DC65C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821F42FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8220D86C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82218DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82265DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8227865C-FFA4-00CC-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\e6d571031he03p0h7blm0cx
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\chrome.manifest
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\chrome\content\_cfg.js
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\chrome\content\overlay.xul
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\install.rdf
c:\documents and settings\Sto\Local Settings\Application Data\ars.exe
c:\documents and settings\Sto\Local Settings\Application Data\hyi.exe
c:\documents and settings\Sto\Templates\e6d571031he03p0h7blm0cx
c:\documents and settings\Sto\WINDOWS
c:\windows\oruduqiy.dll
c:\windows\poemsol.dll
c:\windows\system32\rnaph.dll
c:\windows\Zpinia.exe
c:\windows\Zpinib.exe
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-07 23:20 . 2011-04-07 23:17 580608 ----a-w- C:\OTL.exe
2011-04-03 20:24 . 2011-04-03 20:24 91136 --sha-r- c:\windows\system32\dllhst3gb.dll
2011-04-03 20:24 . 2011-04-03 20:24 91136 --sha-r- c:\windows\system32\dhcpcsvcl.dll
2011-03-29 23:54 . 2011-03-29 23:54 -------- d-----w- C:\spoolerlogs
2011-03-28 23:22 . 2011-04-08 13:32 0 ----a-w- c:\windows\Icivukifurizevul.bin
2011-03-23 15:01 . 2011-03-23 15:01 -------- d-----w- c:\documents and settings\Sto\Application Data\mvvlvolrg
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 21:23 . 2011-02-05 20:45 4310832 ----a-r- C:\Comboix.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1013:TCP"= 1013:TCP:BS
"9999:TCP"= 9999:TCP:PORT1
"9991:TCP"= 9991:TCP:PORT2
"46812:TCP"= 46812:TCP:FD
.
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2/10/2007 1:04 AM 70272]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2010 6:42 AM 108289]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 4:57 PM 6144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:21 PM 24652]
S3 ENDETECT;ENDETECT; [x]
S3 L2XPSR;L2XPSR; [x]
S3 NTSTPL1;NTSTPL1; [x]
S3 NTSTPL2;NTSTPL2;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2/10/2007 1:06 AM 16736]
S3 NTSTPL3;NTSTPL3;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2/10/2007 2:47 AM 16736]
S3 NTSTPL4;NTSTPL4;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2/10/2007 2:56 AM 16736]
S3 NTSTPL5;NTSTPL5;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL5.SYS [2/10/2007 3:27 AM 16736]
S3 NTSTPL6;NTSTPL6;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL6.SYS [2/10/2007 3:31 AM 16736]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/7/2010 4:07 PM 14424]
S3 TAPBIND;TAPBIND; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-29 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.toast.net/start/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://home.frontiernet.net/WelcomeCD.asp
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Sto\Application Data\Mozilla\Firefox\Profiles\tstothers@toast.net\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Esovevozujitif - c:\windows\poemsol.dll
HKLM-Run-Ccikabimonus - c:\windows\oruduqiy.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 09:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2011-04-08 09:54:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-08 13:54
ComboFix2.txt 2011-02-05 21:31
.
Pre-Run: 6,729,953,280 bytes free
Post-Run: 7,345,750,016 bytes free
.
- - End Of File - - FBB8E5D076C6BC16FDD3D71695BB6416
ComboFix 11-04-07.08 - Sto 04/08/2011 9:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.202 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {81A8F984-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {81BABC1C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {81EA1614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81BEB63C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81C596F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DBB96C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DD7984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DE050C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DE3554-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DE7874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DEC32C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DF2364-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81DFCDDC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E0267C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E1AA24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E2497C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E2E684-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E35054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E35694-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E3C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E4A054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E4B444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E54B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E5B5FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E5D83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E61DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E621A4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E62DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E65DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E66B60-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E68A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E6C96C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E6E26C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E71974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E75C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E75C14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E77A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E7896C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E7FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E88DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8A794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8D29C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8D604-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E8EA84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E90794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E91A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E92504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E93194-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9418C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E947AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E95DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9650C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9685C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9860C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98794-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E98DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E99054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E995FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9A18C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9ADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9B5FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9F1B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9F7DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81E9FA6C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA450C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA4A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA6C04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EA9DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EAAA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EAC50C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EB55FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81EB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F0F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F2E92C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F3DDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F737D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F87AD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F8A054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F908DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F91C14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F96A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F9796C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FA2A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FA6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FA85D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FAB054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FAEBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FB477C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FB8DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FBADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FC65FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCA50C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCA974-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCB054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FCFC04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FD16E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FD2DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FD8A6C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDAA74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDB404-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDC604-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDDDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDF794-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FDFA7C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE0C04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE3A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE4DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE5DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE7A74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE8614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FE8A6C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FEA324-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FEADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FECDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FED36C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FF9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81FFA894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82000DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820039C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82004DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820075FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820BADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820C0DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820DBDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820DCC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {820FA7BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82104C4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8210E5FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8211047C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82112CFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8211695C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82116DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821BBBA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821C565C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821D1DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821D2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821DC65C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {821F42FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8220D86C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82218DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82265DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8227865C-FFA4-00CC-0D24-347CA8A3377C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\e6d571031he03p0h7blm0cx
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\chrome.manifest
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\chrome\content\_cfg.js
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\chrome\content\overlay.xul
c:\documents and settings\Sto\Local Settings\Application Data\{FC47D9BB-2324-4CE5-B9A9-DA935858FB73}\install.rdf
c:\documents and settings\Sto\Local Settings\Application Data\ars.exe
c:\documents and settings\Sto\Local Settings\Application Data\hyi.exe
c:\documents and settings\Sto\Templates\e6d571031he03p0h7blm0cx
c:\documents and settings\Sto\WINDOWS
c:\windows\oruduqiy.dll
c:\windows\poemsol.dll
c:\windows\system32\rnaph.dll
c:\windows\Zpinia.exe
c:\windows\Zpinib.exe
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-07 23:20 . 2011-04-07 23:17 580608 ----a-w- C:\OTL.exe
2011-04-03 20:24 . 2011-04-03 20:24 91136 --sha-r- c:\windows\system32\dllhst3gb.dll
2011-04-03 20:24 . 2011-04-03 20:24 91136 --sha-r- c:\windows\system32\dhcpcsvcl.dll
2011-03-29 23:54 . 2011-03-29 23:54 -------- d-----w- C:\spoolerlogs
2011-03-28 23:22 . 2011-04-08 13:32 0 ----a-w- c:\windows\Icivukifurizevul.bin
2011-03-23 15:01 . 2011-03-23 15:01 -------- d-----w- c:\documents and settings\Sto\Application Data\mvvlvolrg
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 21:23 . 2011-02-05 20:45 4310832 ----a-r- C:\Comboix.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1013:TCP"= 1013:TCP:BS
"9999:TCP"= 9999:TCP:PORT1
"9991:TCP"= 9991:TCP:PORT2
"46812:TCP"= 46812:TCP:FD
.
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [2/10/2007 1:04 AM 70272]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/24/2010 6:42 AM 108289]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 4:57 PM 6144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:21 PM 24652]
S3 ENDETECT;ENDETECT; [x]
S3 L2XPSR;L2XPSR; [x]
S3 NTSTPL1;NTSTPL1; [x]
S3 NTSTPL2;NTSTPL2;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2/10/2007 1:06 AM 16736]
S3 NTSTPL3;NTSTPL3;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2/10/2007 2:47 AM 16736]
S3 NTSTPL4;NTSTPL4;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2/10/2007 2:56 AM 16736]
S3 NTSTPL5;NTSTPL5;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL5.SYS [2/10/2007 3:27 AM 16736]
S3 NTSTPL6;NTSTPL6;c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL6.SYS [2/10/2007 3:31 AM 16736]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/7/2010 4:07 PM 14424]
S3 TAPBIND;TAPBIND; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-11-29 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.toast.net/start/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://home.frontiernet.net/WelcomeCD.asp
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Sto\Application Data\Mozilla\Firefox\Profiles\tstothers@toast.net\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Esovevozujitif - c:\windows\poemsol.dll
HKLM-Run-Ccikabimonus - c:\windows\oruduqiy.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 09:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2011-04-08 09:54:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-08 13:54
ComboFix2.txt 2011-02-05 21:31
.
Pre-Run: 6,729,953,280 bytes free
Post-Run: 7,345,750,016 bytes free
.
- - End Of File - - FBB8E5D076C6BC16FDD3D71695BB6416
#15
- Bleepin' Blonde
-
- Group: Malware Study Hall Admin
- Posts: 38,999
- Joined: 05-October 07
- Gender:Female
- Location:Romania
Posted 21 April 2011 - 01:19 PM
I'm terribly sorry for the delay. I only now noticed I had not replied to this topic.
Since some time has passed, please let me know how things are running and if you still need help.
Once again, my apologies!
Since some time has passed, please let me know how things are running and if you still need help.
Once again, my apologies!
