GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Blue Screen

View previous topic View next topic Go down

Blue Screen

Post by svoboda on Sat Jan 08, 2011 3:07 pm

My computer has had a continually reoccurring blue screen for the past few weeks, its so bad now that whenever I regularly start my computer and log in it almost automatically goes to the blue screen. I have run Malwarbytes numerous times, here are the most recent results

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5480

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

1/8/2011 9:10:48 AM
mbam-log-2011-01-08 (09-10-48).txt

Scan type: Quick scan
Objects scanned: 170832
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have also run Spybot and they were unable to fix two things labeled as Fraud.windowsProtectionSuite with 15 entries of Malware and Microsoft.Windows.RedirectedHosts with 3 entries of security center, when I try to fix it, it says unexpected error C:\windows\system32\drivers\etc\hosts for both of them and says access is denied.

While my blue screen suggests to disable Bios memroy options like caching and shadowing, and to uninstall new software and hardware, and at the bottom it says it's dumping physical memory.

I have also run combofix and it has only temporarily fixed the blue screen problem.

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by Belahzur on Sat Jan 08, 2011 11:10 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Sun Jan 09, 2011 4:35 am

Here are the results:

OTL logfile created on: 1/8/2011 11:22:43 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\John\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 42.39 Gb Free Space | 59.71% Space Free | Partition Type: NTFS

Computer Name: UKRAINE | User Name: John | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 23:13:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/08 23:13:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/18 09:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/01/26 14:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 14:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 14:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 17:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2004/10/25 16:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/08/04 05:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\P2PGASVC.DLL -- (p2pgasvc)
SRV - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Verizon Games on Demand Player\X4HSX32.Sys -- (X4HSX32)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Verizon Games on Demand Player\X4HS32Ex.Sys -- (X4HS32Ex)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\John\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/02/11 07:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/02/24 09:23:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/02/05 21:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 21:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/02/05 21:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 21:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/08/08 01:37:37 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 06:10:35 | 000,303,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\eccxxxx.sys -- (eccxxxx)
DRV - [2006/12/12 10:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/03 08:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbSer.sys -- (BrUsbSer)
DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:59:42 | 000,005,504 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://blekko.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 23:33:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 10:34:25 | 000,000,000 | ---D | M]

[2009/01/14 18:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2011/01/08 21:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\extensions
[2010/08/01 22:24:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/12 10:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/06/23 12:12:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/02/15 12:02:47 | 000,001,983 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.com
O1 - Hosts: 94.75.207.105 google.com.au
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.be
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.com.br
O1 - Hosts: 94.75.207.105 [You must be registered and logged in to see this link.]
O1 - Hosts: 94.75.207.105 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\DOCUME~1\John\LOCALS~1\Temp\cpes_clean_launcher.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (stera) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 17:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles
[2011/01/07 17:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\ZoneAlarm_Security
[2011/01/07 17:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/01/04 17:43:02 | 000,000,000 | ---D | C] -- C:\Combo-Fix12841C
[2011/01/03 17:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster
[2011/01/03 17:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag
[2011/01/03 17:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2011/01/03 17:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/02 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\My PaperPort Documents
[2010/12/27 10:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\ForceField Shared Files
[2010/12/27 10:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\CheckPoint
[2010/12/26 23:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/26 23:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/26 23:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/26 23:23:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\John\My Documents\spybotsd162.exe
[2010/12/26 23:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/26 23:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/12/19 14:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\DOSBox
[2010/12/19 14:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2010/12/18 14:52:34 | 000,000,000 | --SD | C] -- C:\Combo-Fix7987C
[2010/12/18 14:41:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/18 13:47:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/18 13:03:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/18 10:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG10
[2010/12/18 10:39:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/18 10:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/18 10:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/18 08:44:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/12 10:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/08 21:07:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/08 16:05:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/01/08 16:05:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/08 09:50:49 | 060,944,384 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/01/02 09:54:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/01/02 09:54:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/12/31 18:53:38 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Week 16 Notes.doc
[2010/12/31 17:39:35 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Office Word 2003.lnk
[2010/12/29 16:58:34 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/12/29 13:15:06 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Delaware grade.doc
[2010/12/27 14:03:02 | 000,250,880 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Kapcom Note1.doc
[2010/12/26 23:25:29 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/26 23:25:29 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 23:23:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\John\My Documents\spybotsd162.exe
[2010/12/26 23:12:33 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/12/26 23:10:51 | 046,947,840 | ---- | M] () -- C:\Documents and Settings\John\My Documents\zaSetup_92_102_000_en.exe
[2010/12/26 22:26:33 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/26 22:26:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/22 21:48:23 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\John\My Documents\The state and capitalism.doc
[2010/12/21 19:39:19 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Sociology data 2.doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 21:24:25 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Sociology data.doc
[2010/12/16 18:56:33 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Psych Journal1.doc
[2010/12/14 20:39:53 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Week 15 notes.doc
[2010/12/14 18:45:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\John\My Documents\week 15 disscussion.doc
[2010/12/13 16:19:50 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/12/13 16:02:54 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Sociology survey.doc
[2010/12/12 10:34:43 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/12 10:34:43 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/29 16:58:34 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/12/29 13:15:05 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Delaware grade.doc
[2010/12/27 14:08:24 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Week 16 Notes.doc
[2010/12/26 23:25:29 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/26 23:25:29 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk
[2010/12/26 23:12:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/12/26 23:10:36 | 046,947,840 | ---- | C] () -- C:\Documents and Settings\John\My Documents\zaSetup_92_102_000_en.exe
[2010/12/21 19:39:19 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Sociology data 2.doc
[2010/12/19 21:24:22 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Sociology data.doc
[2010/12/14 18:34:29 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\John\My Documents\week 15 disscussion.doc
[2010/12/12 19:23:15 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Psych Journal1.doc
[2010/12/12 10:34:43 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/12 00:01:09 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Week 15 notes.doc
[2010/10/27 19:00:36 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\John\Application Data\start
[2010/05/14 18:21:50 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\John\Application Data\setup_ldm.iss
[2009/08/13 11:03:55 | 000,000,329 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2009/04/14 18:29:35 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/04/14 18:05:13 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/31 19:35:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/01/24 19:52:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/31 21:43:57 | 000,000,187 | ---- | C] () -- C:\WINDOWS\FE.INI
[2008/10/11 20:53:55 | 000,002,658 | ---- | C] () -- C:\Documents and Settings\John\Application Data\electiongametwo
[2008/08/20 06:59:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\WinSysPID32.dll
[2008/04/06 17:57:35 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/03/04 17:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/01/19 20:17:24 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/19 20:17:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/13 22:04:34 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/31 08:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/27 16:12:32 | 000,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2007/10/27 16:12:32 | 000,007,008 | ---- | C] () -- C:\WINDOWS\SETUPKIT.DLL
[2007/09/09 20:36:25 | 000,000,347 | ---- | C] () -- C:\WINDOWS\Warpath.ini
[2007/07/03 17:47:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/07/03 17:47:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/07/03 16:55:00 | 000,001,008 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/07/03 16:55:00 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/07/03 16:52:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/06/29 20:13:00 | 000,005,035 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/05/17 12:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/10 22:28:50 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2007/02/10 12:15:32 | 000,001,069 | ---- | C] () -- C:\WINDOWS\oregon.ini
[2007/01/24 19:20:44 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 14:45:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Beer!.ini
[2006/10/20 15:32:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/04/05 20:29:00 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/21 14:09:12 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2006/01/21 14:09:12 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/12/11 20:45:51 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\hluninst.dll
[2005/12/11 20:45:20 | 000,001,090 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/09/12 15:12:57 | 000,001,379 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/25 19:52:23 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2005/08/20 13:35:06 | 000,000,771 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/16 13:55:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/16 13:44:43 | 000,000,198 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/16 13:35:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/16 13:06:10 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/09 13:11:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 13:10:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 13:05:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 12:59:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 05:00:00 | 000,303,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\eccxxxx.sys
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 22:59:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\INTELIDE.SYS
[2003/10/08 09:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/27 05:49:26 | 000,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 16:50:00 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2001/10/24 15:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1998/08/31 09:40:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\vbcrc.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE480C3E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0664ADFC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436DEE1E
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F5FF8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBF1147B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F

< End of report >

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Sun Jan 09, 2011 4:37 am

The extras log was not on my desktop

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by Belahzur on Sun Jan 09, 2011 11:08 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Sun Jan 09, 2011 11:51 pm

My computer restarted and I don't know how to get the results now...

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by Belahzur on Sun Jan 09, 2011 11:55 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Tue Jan 11, 2011 3:17 am

Here are the results

ComboFix 11-01-10.05 - John 01/10/2011 21:47:41.10.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.145 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\eccxxxx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_eccxxxx
-------\Service_eccxxxx


((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-09 23:31 . 2011-01-09 23:31 -------- dc----w- C:\_OTL
2011-01-07 22:34 . 2011-01-07 22:34 -------- dc----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2011-01-07 22:25 . 2011-01-07 22:25 -------- dc----w- c:\windows\system32\wbem\Repository
2011-01-07 22:25 . 2011-01-07 22:25 -------- dc----w- c:\documents and settings\John\Local Settings\Application Data\ZoneAlarm_Security
2011-01-07 22:25 . 2011-01-07 22:25 -------- dc----w- c:\program files\ZoneAlarm_Security
2011-01-03 22:54 . 2011-01-07 22:24 -------- dc----w- c:\documents and settings\All Users\Application Data\FreeApp
2011-01-03 22:54 . 2011-01-03 22:54 -------- dc----w- c:\documents and settings\All Users\Application Data\IObit
2010-12-27 15:35 . 2010-12-27 15:35 -------- dc----w- c:\documents and settings\John\Application Data\CheckPoint
2010-12-27 04:25 . 2010-12-27 05:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-27 04:25 . 2010-12-27 04:31 -------- dc----w- c:\program files\Spybot - Search & Destroy
2010-12-27 04:12 . 2010-12-27 04:12 -------- dc----w- c:\program files\Conduit
2010-12-27 04:12 . 2010-12-27 04:12 -------- dc----w- c:\program files\CheckPoint
2010-12-19 19:39 . 2010-12-19 19:39 -------- dc----w- c:\documents and settings\John\Local Settings\Application Data\DOSBox
2010-12-19 19:39 . 2010-12-19 20:55 -------- dc----w- c:\program files\DOSBox-0.74
2010-12-18 18:03 . 2010-12-18 18:03 -------- dc----w- C:\$AVG
2010-12-18 15:43 . 2010-12-18 15:43 -------- dc----w- c:\documents and settings\John\Application Data\AVG10
2010-12-18 15:39 . 2010-12-18 15:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-18 15:34 . 2010-12-18 19:42 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-18 15:20 . 2010-12-18 15:30 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-02-15 20:19 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-02-15 20:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 02:41 . 2010-10-31 02:43 388608 -c--a-w- c:\windows\system32\CF2234.exe
2010-10-31 02:32 . 2010-10-31 02:36 388608 -c--a-w- c:\windows\system32\CF522.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 16:27 2735200 -c--a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ stera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\SYSTEM32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 18:06 2196240 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 -c--a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 -c--a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-07-03 19:32 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2009-11-18 14:50 4269296 -c--a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GameConsoleService"=3 (0x3)
"SSScsiSV"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Paradox Entertainment\\Europa Universalis 2\\eu2.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"c:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2007\\fm.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [5/27/2010 12:41 PM 668912]
S2 X4HS32Ex;X4HS32Ex;\??\c:\program files\Verizon Games on Demand Player\X4HS32Ex.Sys --> c:\program files\Verizon Games on Demand Player\X4HS32Ex.Sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\n11iic3e.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-10 22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\l3codeca.acm
c:\windows\system32\scg726.acm

- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WININET.dll
.
Completion time: 2011-01-10 22:15:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 03:15
ComboFix2.txt 2010-12-15 22:30
ComboFix3.txt 2010-12-13 20:19
ComboFix4.txt 2010-12-12 15:30
ComboFix5.txt 2010-12-18 13:17

Pre-Run: 45,785,481,216 bytes free
Post-Run: 45,721,300,992 bytes free

- - End Of File - - 5810FE8ACF6457ABA570158A18FED9EE

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by Belahzur on Tue Jan 11, 2011 11:02 pm

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Wed Jan 12, 2011 3:22 am

Here is what they found

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0030551.dll a variant of Win32/Olmarik.AKC trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0036237.dll a variant of Win32/Olmarik.AKC trojan cleaned by deleting - quarantined

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by Belahzur on Wed Jan 12, 2011 6:38 pm

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Thu Jan 13, 2011 2:54 am

ok I did that.

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

Re: Blue Screen

Post by Belahzur on Fri Jan 14, 2011 1:11 am

Hello.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Blue Screen

Post by svoboda on Fri Jan 14, 2011 11:07 pm

It's running well, thanks.

svoboda
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2010-10-27
OS : Windows
Points : 22511
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum