system tools and stopzilla just disapeared from my pc ???

View previous topic View next topic Go down

system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Tue Nov 30, 2010 8:30 pm

My downstairs pc was badly infected with ststem tools.I googled removal and found stopzilla,another rip-off.
After joining GeekPolice,and seeing methods to remove System tools I decided to remove it by reading your info.First I went and uninstalled stopzilla. it got uninstalled ,and since I have not seen system tools which is amazing because it was always there blocking everything with their warning messages and you couldnt use the pc because of this. Ive surfed around my favorites ,and still no system tools showing up.. even the little red sheild at the bottom is gone ,just the msn one is there now.What should I do now?? If it is gone I'd like to be sure it cant come back..Meanwhile I'm scared its still here somewhere..
Neil
ps.this probably is not important ,but ill add it incase it is. After being invaded by system tools I sent 19.95 to a site that I thought was Godzilla ( a suposed fix for system tools).it turned out to be "ask.com" charging me 19.95 to steer me to the stopzilla site.once they got paid a window poped up that gave me an authorization number to paste into stopzilla.I pasted it and a window said error ,incorrect number ,but there was a phone number to call in case of this.I called it and was told it would cost 200.00 to have system tools removed , I declined despite his great atempt to make the sale . Today ( a week later or so) I turned on my infected pc thinking I could read what was on GeekPolice ,and clear it .the usual st windows were blocking everything ,but I decided to try and remove the stopzilla logo at the very bottom of my screen.I managed to do so ,and have not seen any sign of system tools since..even the st sheild is gone..
I got my 19.95 back from mastercard,and they said they would have an alert on them.
Meanwhile I'm going to ask on this forum what protection I should have on my 2 non infected pcs..I'm not asking here cause I doubt many will read this far.. Let me think Let me think
Neil

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Wed Dec 01, 2010 12:21 am

Hello.
Please run this tool, I want a closer look at this infection.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Wed Dec 01, 2010 7:47 am

OTL logfile created on: 12/1/2010 12:41:20 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 475.00 Mb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 1.76 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 248.83 Gb Free Space | 83.48% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 00:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/11/16 10:26:34 | 000,061,720 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QueryExplorer\queryexplorer119.exe
PRC - [2010/11/16 10:26:34 | 000,061,720 | ---- | M] () -- C:\Program Files\QueryExplorer\queryexplorer.exe
PRC - [2010/04/05 23:01:06 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/15 12:49:54 | 000,060,928 | RHS- | M] () -- C:\Documents and Settings\Owner\Application Data\ShieldManager.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/11/29 18:10:28 | 000,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/01 00:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/11/16 10:27:16 | 000,577,536 | ---- | M] () -- C:\Program Files\QueryExplorer\queryexplorer.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/16 10:26:34 | 000,061,720 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\QueryExplorer\queryexplorer119.exe -- (QueryExplorer Service)
SRV - [2010/02/11 20:24:40 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/08 18:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/11/29 18:10:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/12/08 18:01:56 | 000,055,136 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2005/05/11 00:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/04/22 21:14:42 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PieAutoUpdater\pgfilter.sys -- (pgfilter)
DRV - [2002/10/02 08:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2002/03/11 10:26:56 | 000,089,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000nt5.sys -- (E1000) Intel(R)
DRV - [2001/12/05 16:48:12 | 000,322,948 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2001/11/29 18:10:32 | 001,432,836 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\v90drv.sys -- (V90drv)
DRV - [2001/11/29 18:10:28 | 000,033,028 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2001/11/29 18:10:26 | 000,175,160 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2001/11/29 18:10:20 | 000,607,732 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2001/11/29 18:10:18 | 002,383,460 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2001/11/29 18:10:14 | 000,172,708 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 13:52:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 12:10:38 | 000,000,000 | ---D | M]

[2010/04/06 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/10/24 16:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/30 12:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xp8te9cp.default\extensions
[2010/09/27 21:37:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xp8te9cp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/17 13:57:50 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xp8te9cp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/17 09:56:56 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xp8te9cp.default\searchplugins\askcom.xml
[2010/10/24 14:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/24 14:01:09 | 000,000,000 | ---D | M] (QueryExplorer) -- C:\Program Files\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}

O1 HOSTS File: ([2010/04/05 10:38:17 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - No CLSID value found.
O2 - BHO: (no name) - {DE50B320-D8D5-46C3-92CC-FC3CC17619F9} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Microsoft Shield Manager] C:\Documents and Settings\Owner\Application Data\ShieldManager.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jpcycles.com ([www] http in Trusted sites)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [You must be registered and logged in to see this link.] (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [You must be registered and logged in to see this link.] (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/19 10:00:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{407dccd5-0331-11dd-bde9-00087431f1d6}\Shell\AutoRun\command - "" = E:\.Autorun\835694854683549385398626893468946\Autorun.exe -- File not found
O33 - MountPoints2\{407dccd5-0331-11dd-bde9-00087431f1d6}\Shell\open\command - "" = E:\.Autorun\835694854683549385398626893468946\Autorun.exe -- File not found
O33 - MountPoints2\{74fc03d1-f724-11de-81f6-00087431f1d6}\Shell\AutoRun\command - "" = H:\.Autorun\835694854683549385398626893468946\Autorun.exe -- File not found
O33 - MountPoints2\{74fc03d1-f724-11de-81f6-00087431f1d6}\Shell\open\command - "" = H:\.Autorun\835694854683549385398626893468946\Autorun.exe -- File not found
O33 - MountPoints2\{c9a7047f-292f-11da-8424-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a7047f-292f-11da-8424-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9a7047f-292f-11da-8424-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRunPro.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 00:40:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/30 12:05:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/23 13:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI1B.tmp
[2010/11/23 13:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI1A.tmp
[2010/11/22 12:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/21 13:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\downloads from azureus
[2010/11/21 11:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine
[2010/11/21 11:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/02 20:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Incomplete
[2010/11/02 19:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2010/11/02 19:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2010/11/02 19:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2009/01/10 20:36:10 | 001,144,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe
[2008/12/12 21:39:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/12/12 21:29:54 | 016,944,264 | ---- | C] (VSO-Software ) -- C:\Program Files\vsoConvertXtoDVD3_setup-avangate_689.exe
[2008/04/25 05:30:38 | 016,500,592 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXInstaller.exe
[2008/04/06 09:14:04 | 007,980,040 | ---- | C] (Azureus, Inc.) -- C:\Program Files\Azureus_3.0.5.0_windows.exe
[2008/02/01 16:02:59 | 007,792,648 | ---- | C] (Azureus, Inc.) -- C:\Program Files\Azureus_3.0.4.2_windows.exe
[2008/01/28 09:42:33 | 058,619,176 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008/01/28 09:37:38 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2008/01/07 12:49:50 | 000,382,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u3-windows-i586-p-iftw.exe
[2001/11/29 18:10:32 | 001,432,836 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\v90drv.sys
[2001/11/29 18:10:26 | 000,175,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 00:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/12/01 00:21:33 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/01 00:21:23 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/01 00:21:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/01 00:12:44 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2010/12/01 00:12:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 14:24:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/11/30 12:21:32 | 000,010,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/30 12:10:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/30 12:00:15 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4326F475-2E73-49F2-80AA-FE247CF805F4}.job
[2010/11/30 11:58:10 | 000,297,053 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2010/11/23 14:26:40 | 000,000,246 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2010/11/22 18:21:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/22 12:34:53 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/21 21:00:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/21 21:00:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/11/21 21:00:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/11/21 17:20:38 | 000,046,592 | ---- | M] () -- C:\WINDOWS\System32\cryptnet32.dll
[2010/11/09 19:22:27 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/07 17:04:31 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk
[2010/11/07 17:04:29 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.1.lnk
[2010/11/07 08:41:08 | 000,337,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:41:08 | 000,051,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 12:08:43 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/30 11:58:22 | 000,010,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/21 17:23:10 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2010/11/21 17:20:38 | 000,297,053 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/11/21 17:20:38 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll
[2010/11/18 20:04:50 | 733,855,744 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Next (Sci-fi-Action) Nicholas Cage, Julianne Moore, Jessica Biel.avi
[2010/11/15 20:21:18 | 000,060,928 | RHS- | C] () -- C:\Documents and Settings\Owner\Application Data\ShieldManager.exe
[2010/11/07 17:04:31 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.1.lnk
[2010/11/07 17:04:29 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FrostWire 4.21.1.lnk
[2009/12/30 13:53:01 | 001,606,064 | ---- | C] () -- C:\Program Files\googletalk-setup.exe
[2009/12/22 13:25:34 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 10:11:24 | 000,221,696 | ---- | C] () -- C:\Program Files\McAfeeActiveProtection.msi
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/16 22:01:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/21 19:32:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/12 21:40:21 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2008/12/12 21:39:49 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2008/12/12 21:39:26 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2008/12/12 21:39:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2008/12/12 21:39:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2008/04/05 15:50:48 | 035,960,792 | ---- | C] () -- C:\Program Files\avg75free_519a1276.exe
[2008/04/01 19:18:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\bteasy.ini
[2008/03/02 14:58:24 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2008/03/02 14:58:24 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/03/02 14:58:24 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2008/02/02 22:17:00 | 000,024,468 | ---- | C] () -- C:\Program Files\Man_on_fire.3321480.TPB.torrent
[2008/02/01 20:37:49 | 002,278,771 | ---- | C] () -- C:\Program Files\BitTorrent-3.4.2.exe
[2008/02/01 16:41:42 | 000,029,518 | ---- | C] () -- C:\Program Files\Man_on_Fire__2004__DvDrip_ENG_.torrent
[2008/02/01 16:36:13 | 000,219,952 | ---- | C] () -- C:\Program Files\utorrent.exe
[2008/02/01 16:34:01 | 000,029,859 | ---- | C] () -- C:\Program Files\[isoHunt]_download.torrent
[2008/02/01 16:16:28 | 000,028,298 | ---- | C] () -- C:\Program Files\O_s_historie..3263434.TPB.torrent
[2008/02/01 16:06:12 | 000,089,463 | ---- | C] () -- C:\Program Files\Man_on_Fire.3314824.TPB.torrent
[2008/02/01 14:27:36 | 000,015,854 | ---- | C] () -- C:\Program Files\Documentary_The.Story.of.O.1975.DVDRip.DivX.FR.-.BG.SUB[[You must be registered and logged in to see this link.]
[2008/01/30 23:28:33 | 003,519,966 | ---- | C] () -- C:\Program Files\TorrentStorm-1.3.exe
[2008/01/07 22:06:43 | 000,062,982 | ---- | C] () -- C:\Program Files\Man.on.Fire.2004.DVDRip.XviD.iNT-PFa.3727267.TPB.torrent
[2008/01/07 19:08:41 | 000,014,780 | ---- | C] () -- C:\Program Files\The.Story.of.O.1975.DVDRip.DivX.FR.-.BG.SUB_-_[TeSTER].torrent
[2008/01/07 01:30:18 | 000,022,447 | ---- | C] () -- C:\Program Files\Man.On.Fire.PAL.NODRiC.DVDR_-_Pitbull.3928947.TPB.torrent
[2008/01/07 00:55:46 | 025,235,178 | ---- | C] () -- C:\Program Files\BitZip-Powered_By_Miro.exe
[2008/01/07 00:50:36 | 000,150,537 | ---- | C] () -- C:\Program Files\CREASY_man_on_fire_special_edition_CBB_DVD_[[You must be registered and logged in to see this link.]
[2008/01/07 00:23:51 | 000,002,858 | ---- | C] () -- C:\Program Files\BitTornado-0.3.17-w32install.exe.torrent
[2008/01/03 23:11:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2007/07/11 18:23:27 | 000,000,246 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/09/19 11:04:32 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/19 10:04:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/19 09:47:52 | 000,000,330 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/19 02:52:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2001/12/05 16:48:12 | 000,322,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys
[2001/11/29 18:10:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2001/11/29 18:10:36 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2001/11/29 18:10:20 | 000,607,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2001/11/29 18:10:18 | 002,383,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2001/11/29 18:10:14 | 000,172,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

< End of report >

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Wed Dec 01, 2010 7:50 am

OTL Extras logfile created on: 12/1/2010 12:41:20 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 475.00 Mb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 1.76 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 248.83 Gb Free Space | 83.48% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- File not found
"C:\Program Files\Get-Torrent\Get-Torrent.exe" = C:\Program Files\Get-Torrent\Get-Torrent.exe:*:Enabled:Torrent P2P application -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Documents and Settings\Owner\My Documents\My Videos\utorrent.exe" = C:\Documents and Settings\Owner\My Documents\My Videos\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\My Downloads\Azureus\Azureus.exe" = C:\My Downloads\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"E:\.Autorun\835694854683549385398626893468946\Autorun.exe" = E:\.Autorun\835694854683549385398626893468946\Autorun.exe:*:Enabled:Microsoft Shield Manager -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"G:\.Autorun\835694854683549385398626893468946\Autorun.exe" = G:\.Autorun\835694854683549385398626893468946\Autorun.exe:*:Enabled:Microsoft Shield Manager -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC509FE5-1445-46C9-827C-6120429CB942}" = Windows Live Family Safety
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CIA" = CIA
"ClueFinders Math Adventures" = ClueFinders Math Adventures
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FrostWire" = FrostWire 4.21.1
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"Lexmark Z600 Series" = Lexmark Z600 Series
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pie Auto Updater_is1" = Pie Auto Updater 1.0
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"QueryExplorer" = QueryExplorer 1.0 build 119
"SLAMRNTV" = 56Kbps Internal Modem
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2010 11:12:02 PM | Computer Name = COMP1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/9/2010 9:48:40 AM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module limewi~1.dll, version 4.1.1.1000, fault address 0x0004baca.

Error - 9/9/2010 10:10:43 AM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module limewi~1.dll, version 4.1.1.1000, fault address 0x0004baca.

Error - 9/9/2010 10:10:49 AM | Computer Name = COMP1 | Source = Application Error | ID = 1001
Description = Fault bucket 1976826191.

Error - 9/9/2010 8:05:16 PM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module limewi~1.dll, version 4.1.1.1000, fault address 0x0004baca.

Error - 9/13/2010 8:38:43 PM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module ieui.dll, version 7.0.5730.13, fault address 0x000061b1.

Error - 9/20/2010 12:12:59 AM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module msidcrl40.dll, version 5.0.810.6, fault address 0x000cbe40.

Error - 9/22/2010 10:45:56 AM | Computer Name = COMP1 | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.1 -- Setup has detected that you already have
a more functional product installed. Setup will now terminate.

Error - 10/24/2010 5:14:18 PM | Computer Name = COMP1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2010 5:14:18 PM | Computer Name = COMP1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ Application Events ]
Error - 8/18/2010 11:12:02 PM | Computer Name = COMP1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/9/2010 9:48:40 AM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module limewi~1.dll, version 4.1.1.1000, fault address 0x0004baca.

Error - 9/9/2010 10:10:43 AM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module limewi~1.dll, version 4.1.1.1000, fault address 0x0004baca.

Error - 9/9/2010 10:10:49 AM | Computer Name = COMP1 | Source = Application Error | ID = 1001
Description = Fault bucket 1976826191.

Error - 9/9/2010 8:05:16 PM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module limewi~1.dll, version 4.1.1.1000, fault address 0x0004baca.

Error - 9/13/2010 8:38:43 PM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module ieui.dll, version 7.0.5730.13, fault address 0x000061b1.

Error - 9/20/2010 12:12:59 AM | Computer Name = COMP1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17055, faulting
module msidcrl40.dll, version 5.0.810.6, fault address 0x000cbe40.

Error - 9/22/2010 10:45:56 AM | Computer Name = COMP1 | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.1 -- Setup has detected that you already have
a more functional product installed. Setup will now terminate.

Error - 10/24/2010 5:14:18 PM | Computer Name = COMP1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2010 5:14:18 PM | Computer Name = COMP1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 11/30/2010 3:22:47 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:47 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:47 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:48 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:48 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:48 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:48 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2010 3:22:48 PM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/1/2010 3:12:48 AM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service
service to connect.

Error - 12/1/2010 3:12:48 AM | Computer Name = COMP1 | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%1053


< End of report >

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Wed Dec 01, 2010 7:58 am

That OTL is amazing.. I hope it finds the problem.. Thank you.
Neil

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Thu Dec 02, 2010 1:10 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/11/16 10:26:34 | 000,061,720 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QueryExplorer\queryexplorer119.exe
    PRC - [2010/11/16 10:26:34 | 000,061,720 | ---- | M] () -- C:\Program Files\QueryExplorer\queryexplorer.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - No CLSID value found.
    O2 - BHO: (no name) - {DE50B320-D8D5-46C3-92CC-FC3CC17619F9} - No CLSID value found.
    O4 - HKLM..\Run: [Microsoft Shield Manager] C:\Documents and Settings\Owner\Application Data\ShieldManager.exe ()
    O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Thu Dec 02, 2010 5:00 am

What I am pasting into this post is not the first information that OTL showed under customscans/fixes...the first log when pasted in didnt show everything the right hand side of this window was only allowing half of what I pasted to be shown. I went back to OTL and re did what you instructed . only this time the top line didnt say something was killed . I is changed to what you see pasted here.. I hope I didnt mess it all up.
Neil
========== OTL ==========
No active process named queryexplorer119.exe was found!
No active process named queryexplorer.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5792AA9-D373-4039-8670-2CDAB6A71F15}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE50B320-D8D5-46C3-92CC-FC3CC17619F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE50B320-D8D5-46C3-92CC-FC3CC17619F9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Shield Manager not found.
File C:\Documents and Settings\Owner\Application Data\ShieldManager.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ not found.
File C:\WINDOWS\System32\cryptnet32.dll not found.

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_215420

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Fri Dec 03, 2010 12:29 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Fri Dec 03, 2010 5:04 am

Thank you ,everything is working just fine..

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Fri Dec 03, 2010 9:42 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Sat Dec 04, 2010 10:22 pm

I dowloaded the link 1 and 2 then combofix as instructed. It all goes ok until the blue window opens that says ...scanning for infected files,this may take 10 minutes or more ,if badly infected could easilly take double that time.
I have had this open several times the last time for 3 hours ,and nothing happens. I find I cant close it or shut down the pc , the curser moves at first then disapears. I have to unplug my power cord to shut the pc off. I have removed my aware and dont have firefox or other virus protection..
BTW I just ran Malware bites quickscan and it showed 0 infections.
Neil

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Sun Dec 05, 2010 11:14 pm

Hello.
Please run both these tools and post both logs in your next post.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Mon Dec 06, 2010 3:39 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000002d

Kernel Drivers (total 109):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7A57000 \WINDOWS\system32\KDCOM.DLL
0xF7967000 \WINDOWS\system32\BOOTVID.dll
0xF7508000 ACPI.sys
0xF7A59000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74F7000 pci.sys
0xF7557000 isapnp.sys
0xF7B1F000 PCIIde.sys
0xF77D7000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7A5B000 intelide.sys
0xF7567000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF77DF000 PartMgr.sys
0xF7577000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7587000 disk.sys
0xF7597000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltMgr.sys
0xF748E000 sr.sys
0xF75A7000 PxHelp20.sys
0xF7477000 KSecDD.sys
0xF73EA000 Ntfs.sys
0xF73BD000 NDIS.sys
0xF73A2000 Mup.sys
0xF6686000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF656F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF655B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6538000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6523000 \SystemRoot\system32\DRIVERS\e1000nt5.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6676000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6666000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A1B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF650F000 \SystemRoot\system32\DRIVERS\parport.sys
0xF78FF000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xF6656000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6646000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF64EC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF646B000 \SystemRoot\system32\drivers\smwdm.sys
0xF6447000 \SystemRoot\system32\drivers\portcls.sys
0xF6636000 \SystemRoot\system32\drivers\drmk.sys
0xF7A7B000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7C2C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6626000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A23000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6430000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6616000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7907000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF641F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7917000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A7D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF63C6000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7627000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7647000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A81000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A8D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C9E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A8F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF792F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7937000 \SystemRoot\System32\drivers\vga.sys
0xF7A91000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A93000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF793F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7947000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6F9F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE15D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE105000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE0DD000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE0BB000 \SystemRoot\System32\drivers\afd.sys
0xF7667000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE090000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE021000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7687000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE000000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7697000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7957000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7727000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDFC0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AC1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A3F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7817000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C9F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF05E000 \SystemRoot\System32\ialmdd5.DLL
0xF7717000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xEDEC0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEDB84000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A5F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDA15000 \SystemRoot\system32\DRIVERS\srv.sys
0xED7A8000 \SystemRoot\system32\drivers\wdmaud.sys
0xED845000 \SystemRoot\system32\drivers\sysaudio.sys
0xED75A000 \SystemRoot\system32\drivers\kmixer.sys
0xED4B9000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
548 C:\WINDOWS\system32\smss.exe
604 csrss.exe
628 C:\WINDOWS\system32\winlogon.exe
672 C:\WINDOWS\system32\services.exe
684 C:\WINDOWS\system32\lsass.exe
836 C:\WINDOWS\system32\svchost.exe
900 svchost.exe
992 C:\WINDOWS\system32\svchost.exe
1040 svchost.exe
1092 svchost.exe
1396 C:\WINDOWS\system32\LEXBCES.EXE
1412 C:\WINDOWS\system32\spoolsv.exe
1428 C:\WINDOWS\system32\LEXPPS.EXE
1556 svchost.exe
1672 C:\Program Files\Java\jre6\bin\jqs.exe
1720 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1820 C:\WINDOWS\system32\slserv.exe
1876 C:\WINDOWS\system32\svchost.exe
204 C:\WINDOWS\system32\wuauclt.exe
504 alg.exe
588 C:\WINDOWS\system32\wscntfy.exe
1808 C:\WINDOWS\explorer.exe
1648 C:\WINDOWS\system32\hkcmd.exe
1640 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1608 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1048 C:\WINDOWS\system32\ctfmon.exe
1064 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
544 C:\WINDOWS\system32\wuauclt.exe
1140 C:\Program Files\Internet Explorer\iexplore.exe
984 C:\WINDOWS\system32\wuauclt.exe
1588 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe
2132 C:\Program Files\Windows Live\Toolbar\wltuser.exe
2536 C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RYITASZD\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST320011A, Rev: 3.75
PhysicalDrive1 Model Number: STECHSimple Drive, Rev: 8.59

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
298 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


D

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Mon Dec 06, 2010 3:44 am

This is the report from TDSSKiller...........

2010/12/05 20:41:48.0937 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 20:41:48.0937 ================================================================================
2010/12/05 20:41:48.0937 SystemInfo:
2010/12/05 20:41:48.0937
2010/12/05 20:41:48.0937 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/05 20:41:48.0937 Product type: Workstation
2010/12/05 20:41:48.0937 ComputerName: COMP1
2010/12/05 20:41:48.0953 UserName: Owner
2010/12/05 20:41:48.0953 Windows directory: C:\WINDOWS
2010/12/05 20:41:48.0953 System windows directory: C:\WINDOWS
2010/12/05 20:41:48.0953 Processor architecture: Intel x86
2010/12/05 20:41:48.0953 Number of processors: 1
2010/12/05 20:41:48.0953 Page size: 0x1000
2010/12/05 20:41:48.0953 Boot type: Normal boot
2010/12/05 20:41:48.0953 ================================================================================
2010/12/05 20:41:49.0843 Initialize success
2010/12/05 20:41:56.0906 ================================================================================
2010/12/05 20:41:56.0906 Scan started
2010/12/05 20:41:56.0906 Mode: Manual;
2010/12/05 20:41:56.0906 ================================================================================
2010/12/05 20:41:59.0734 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/05 20:42:00.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/05 20:42:01.0453 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/05 20:42:02.0203 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/05 20:42:02.0703 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/12/05 20:42:04.0156 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/05 20:42:04.0296 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/05 20:42:04.0640 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/05 20:42:04.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/05 20:42:05.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/05 20:42:05.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/05 20:42:05.0593 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/05 20:42:05.0984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/05 20:42:06.0203 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/05 20:42:06.0421 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/12/05 20:42:06.0671 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/05 20:42:07.0718 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/05 20:42:08.0062 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/05 20:42:08.0421 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/05 20:42:08.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/05 20:42:08.0843 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/05 20:42:09.0250 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/05 20:42:09.0531 E1000 (4754eb9f8a40d6be6a009622fe2530e8) C:\WINDOWS\system32\DRIVERS\e1000nt5.sys
2010/12/05 20:42:09.0750 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/05 20:42:09.0984 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/05 20:42:10.0281 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/05 20:42:10.0578 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/05 20:42:10.0796 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/05 20:42:11.0031 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/05 20:42:11.0281 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/05 20:42:11.0515 fssfltr (eda991753af03e5b06935be114ba9640) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/12/05 20:42:11.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/05 20:42:11.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/05 20:42:12.0203 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/05 20:42:12.0500 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/05 20:42:12.0875 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/05 20:42:13.0421 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/05 20:42:13.0718 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/05 20:42:14.0031 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/05 20:42:14.0437 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/05 20:42:14.0671 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/05 20:42:14.0875 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/05 20:42:15.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/05 20:42:15.0281 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/05 20:42:15.0546 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/05 20:42:15.0781 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/05 20:42:16.0031 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/05 20:42:16.0250 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/05 20:42:16.0468 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/05 20:42:16.0703 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/05 20:42:16.0953 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/05 20:42:17.0250 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/05 20:42:17.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/05 20:42:17.0859 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/05 20:42:18.0046 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/05 20:42:18.0281 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/05 20:42:18.0500 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/05 20:42:18.0906 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/05 20:42:19.0218 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/05 20:42:19.0546 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/05 20:42:19.0765 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/05 20:42:20.0000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/05 20:42:20.0171 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/05 20:42:20.0421 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/05 20:42:20.0609 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/05 20:42:20.0843 Mtlmnt5 (d7ecb8feb68e6d93a2d3c6e298f77e3d) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2010/12/05 20:42:21.0437 Mtlstrm (4b422cbca2c528dc0a7e48a14bf0e487) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2010/12/05 20:42:22.0093 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/05 20:42:22.0328 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/05 20:42:22.0531 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/05 20:42:22.0718 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/05 20:42:22.0937 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/05 20:42:23.0328 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/05 20:42:23.0515 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/05 20:42:23.0750 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/05 20:42:23.0953 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/05 20:42:24.0250 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/05 20:42:24.0546 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/05 20:42:24.0875 NtMtlFax (c647b107685d6f8a7a6d4f41365fc2ef) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/12/05 20:42:25.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/05 20:42:25.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/05 20:42:25.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/05 20:42:25.0875 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/05 20:42:26.0093 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/05 20:42:26.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/05 20:42:26.0562 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/05 20:42:26.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/05 20:42:27.0250 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/05 20:42:27.0406 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/05 20:42:28.0859 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2010/12/05 20:42:29.0328 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/05 20:42:29.0500 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/05 20:42:29.0734 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/05 20:42:29.0968 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/05 20:42:30.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/05 20:42:30.0953 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/05 20:42:31.0265 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/05 20:42:31.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/05 20:42:31.0687 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/05 20:42:31.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/05 20:42:32.0234 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/05 20:42:32.0453 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/05 20:42:32.0906 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/05 20:42:33.0187 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/05 20:42:33.0406 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/05 20:42:33.0625 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/05 20:42:34.0015 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
2010/12/05 20:42:34.0265 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/05 20:42:34.0593 Slntamr (360818a7d42cf54fe2a5eda3b57b7304) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2010/12/05 20:42:34.0890 SlNtHal (facf8683e67f9f048c537ab82c31c193) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2010/12/05 20:42:35.0156 SlWdmSup (a7bca2b23ad739d487a3c7e4dfb39696) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2010/12/05 20:42:35.0421 smwdm (9c1b44c407f7441e84f90c2524409c2e) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/05 20:42:35.0890 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/05 20:42:36.0078 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/05 20:42:36.0390 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/05 20:42:36.0703 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/05 20:42:36.0968 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/05 20:42:37.0687 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/05 20:42:37.0953 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/05 20:42:38.0234 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/05 20:42:38.0453 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/05 20:42:38.0671 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/05 20:42:38.0984 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/05 20:42:39.0359 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/05 20:42:39.0640 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/05 20:42:39.0890 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/05 20:42:40.0078 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/05 20:42:40.0328 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/05 20:42:40.0546 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/05 20:42:40.0750 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/05 20:42:40.0937 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/05 20:42:41.0468 V90drv (4a55bdd4a1ffe650c3c2f8687c2ea4c2) C:\WINDOWS\system32\DRIVERS\v90drv.sys
2010/12/05 20:42:42.0015 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/05 20:42:42.0343 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/05 20:42:42.0609 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/05 20:42:42.0984 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/05 20:42:43.0359 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/05 20:42:43.0515 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/05 20:42:43.0734 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/05 20:42:45.0218 ================================================================================
2010/12/05 20:42:45.0218 Scan finished
2010/12/05 20:42:45.0218 ================================================================================

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Mon Dec 06, 2010 8:52 pm

Looks good.
Please re-run MBAM 1 more time and post the log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Mon Dec 06, 2010 9:19 pm

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5236

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/6/2010 2:14:49 PM
mbam-log-2010-12-06 (14-14-49).txt

Scan type: Quick scan
Objects scanned: 123674
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Tue Dec 07, 2010 12:25 am

Hello.

I see that you are running FrostWire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.1
    Java(TM) 6 Update 19
    FrostWire 4.21.1
    Vuze_Remote Toolbar

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by xcaret on Tue Dec 07, 2010 2:31 am

Thank you for all your help cleaning my pc. I ordered your book on pc tricks earlier today,and would like to order the Malware protection you are linked to on your donation page. The question I have is ... I would like to keep Frostwire on my pc ( I deleted the others and downloaded what you said to ). If I have the malware protection will I not be protected from viruses etc.coming through something I'm downloading from Frostwire?
Neil

xcaret
Intermediate
Intermediate

Status :
Online
Offline

Posts : 59
Joined : 2010-11-27
Gender : Male
OS : xp

View user profile

Back to top Go down

Re: system tools and stopzilla just disapeared from my pc ???

Post by Belahzur on Tue Dec 07, 2010 11:59 pm

What you download through Frostwire maybe disguised as something else, so you could be downloading malware.

But, that is your option.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum