WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Fast Windows AntiVirus 2011

2 posters

descriptionFast Windows AntiVirus 2011 EmptyFast Windows AntiVirus 2011 12th April 2011, 12:35 am

more_horiz
I picked up "Fast Windows Antivirus 2011" somewhere. Fast Windows Antivirus 2011 is one of those fake virus scanners that wants you credit card number to remove stuff the viruses found, etc. I found lots of complicated manual removal instructions. Do you have a free removal program/tool?

This site helped me out with a similiar problem in 2009, i.e. Antivirus Pro 2010

thank you

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 12th April 2011, 9:53 pm

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Fast Windows AntiVirus 2011 DXwU4
Fast Windows AntiVirus 2011 VvYDg

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 12th April 2011, 10:32 pm

more_horiz
OTL.txt - Notepad:

OTL logfile created on: 12-Apr-11 6:21:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Joe Rogers\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

958.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.31 Gb Total Space | 33.39 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive D: | 120.09 Gb Total Space | 120.08 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: Joe Rogers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-12 18:19:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe Rogers\Desktop\OTL.com
PRC - [2011-02-23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-02-23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008-04-13 20:12:35 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2008-04-13 20:12:35 | 000,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slrundll.exe
PRC - [2008-04-13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-09-22 12:42:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-04-05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004-11-19 14:34:00 | 000,425,984 | ---- | M] () -- C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe


========== Modules (SafeList) ==========

MOD - [2011-04-12 18:19:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe Rogers\Desktop\OTL.com
MOD - [2011-02-23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010-08-23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-02-23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008-04-13 20:12:35 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2005-04-05 15:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - [2011-02-23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-02-23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-02-23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-02-23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-02-23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-02-23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-02-23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008-04-24 08:42:30 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2006-01-31 18:35:34 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005-09-22 12:34:00 | 003,727,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-07-29 13:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-07-29 13:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-04-05 15:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005-04-05 15:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005-04-05 15:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005-04-05 15:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005-04-05 15:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005-04-05 15:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005-03-09 19:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004-09-29 15:00:00 | 000,247,296 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2004-08-10 16:00:00 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004-08-10 16:00:00 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004-08-10 16:00:00 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004-08-10 16:00:00 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004-08-10 16:00:00 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004-08-10 16:00:00 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004-08-10 16:00:00 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004-01-14 15:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2001-08-17 09:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bluelight.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011-04-10 12:48:08 | 000,000,848 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKCU..\Run: [20755380838980909244061291810864] File not found
O4 - HKCU..\Run: [f3sdlcusuvwm] File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKLM..\RunServices: [0.4705539698089086] File not found
O4 - HKLM..\RunServices: [confmrslWindows3.01] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra 'Tools' menuitem : Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra Button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: bareharbor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buckeyeplanet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([bluelight.my] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://camera1.jupiterfoundation.org/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/event/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-01-15 23:58:20 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{db5a6efa-97f4-11dd-ad72-0015580815c0}\Shell\AutoRun\command - "" = J:\PortableVault.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-04-12 18:19:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe Rogers\Desktop\OTL.com
[2011-04-10 12:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe Rogers\Start Menu\Programs\HiJackThis
[2011-04-10 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-04-01 07:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\PackageAware
[2011-03-31 11:59:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe Rogers\My Documents\cache
[2011-03-31 11:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe Rogers\Application Data\webex
[2011-03-29 12:02:36 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011-03-25 19:48:06 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-04-12 18:19:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe Rogers\Desktop\OTL.com
[2011-04-12 17:09:13 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011-04-12 06:50:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-12 06:50:01 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-04-12 06:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-12 06:49:41 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011-04-10 12:48:08 | 000,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-04-10 10:54:05 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-04-06 10:16:36 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Joe Rogers\My Documents\Bond Interest.xlr
[2011-03-28 15:03:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-28 05:31:32 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-28 05:31:32 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-25 19:48:06 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-09-20 16:23:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-07-23 09:58:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009-09-25 08:01:41 | 000,018,974 | ---- | C] () -- C:\Program Files\Common Files\tutylibewy.inf
[2009-09-25 08:01:41 | 000,018,537 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\vuxejicof.ban
[2009-09-25 08:01:41 | 000,018,309 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\fevynoga.lib
[2009-09-25 08:01:41 | 000,017,401 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\zumoq.exe
[2009-09-25 08:01:41 | 000,017,389 | ---- | C] () -- C:\WINDOWS\yrozojusu.dll
[2009-09-25 08:01:41 | 000,016,050 | ---- | C] () -- C:\WINDOWS\jewurazo.dll
[2009-09-25 08:01:41 | 000,016,003 | ---- | C] () -- C:\WINDOWS\ejezapupir.sys
[2009-09-25 08:01:41 | 000,015,817 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\jalojetis.scr
[2009-09-25 08:01:41 | 000,015,258 | ---- | C] () -- C:\WINDOWS\ciqefubamy.com
[2009-09-25 08:01:41 | 000,015,011 | ---- | C] () -- C:\WINDOWS\System32\azidobicy.dll
[2009-09-25 08:01:41 | 000,012,408 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\foziqa.exe
[2009-09-25 08:01:41 | 000,012,279 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\nobe.bat
[2009-09-25 07:22:28 | 000,019,620 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\uxede.db
[2009-09-25 07:22:28 | 000,019,530 | ---- | C] () -- C:\WINDOWS\System32\oxox.dat
[2009-09-25 07:22:28 | 000,018,865 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quzol.inf
[2009-09-25 07:22:28 | 000,018,280 | ---- | C] () -- C:\WINDOWS\System32\qenypu.com
[2009-09-25 07:22:28 | 000,018,000 | ---- | C] () -- C:\Program Files\Common Files\ejetubefyh.exe
[2009-09-25 07:22:28 | 000,016,329 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\garusuhas.exe
[2009-09-25 07:22:28 | 000,015,833 | ---- | C] () -- C:\Program Files\Common Files\defatefaz.exe
[2009-09-25 07:22:28 | 000,015,805 | ---- | C] () -- C:\WINDOWS\fynywowige.dll
[2009-09-25 07:22:28 | 000,014,561 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\yzos.reg
[2009-09-25 07:22:28 | 000,011,276 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fajuwuc.ban
[2009-09-25 07:22:28 | 000,011,139 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\upeg.reg
[2009-09-25 07:22:28 | 000,010,049 | ---- | C] () -- C:\Program Files\Common Files\uquhimare.db
[2009-09-25 04:40:11 | 000,017,860 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uxizidaqu.com
[2009-09-25 04:40:11 | 000,017,686 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izepyc._sy
[2009-09-25 04:40:11 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gamun.db
[2009-09-25 04:40:11 | 000,016,043 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wovuki.ban
[2009-09-25 04:40:11 | 000,015,764 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\yjopaw.db
[2009-09-25 04:40:11 | 000,014,554 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\ohaledak._dl
[2009-09-25 04:40:11 | 000,014,175 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\axikerev._dl
[2009-09-25 04:40:11 | 000,014,108 | ---- | C] () -- C:\WINDOWS\ebakaqywop.sys
[2009-09-25 04:40:11 | 000,014,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leceqob._dl
[2009-09-25 04:40:11 | 000,012,491 | ---- | C] () -- C:\Program Files\Common Files\ogacobil.scr
[2009-09-25 04:40:11 | 000,010,982 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\gofuf.vbs
[2009-09-25 01:04:48 | 000,019,788 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\asuq.dat
[2009-09-25 01:04:48 | 000,018,942 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kylefe.dl
[2009-09-25 01:04:48 | 000,017,475 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\xubuqymow.exe
[2009-09-25 01:04:48 | 000,017,027 | ---- | C] () -- C:\Program Files\Common Files\omimeb.exe
[2009-09-25 01:04:48 | 000,016,946 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\fodujowa.inf
[2009-09-25 01:04:48 | 000,016,252 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ajuwo.pif
[2009-09-25 01:04:48 | 000,015,216 | ---- | C] () -- C:\WINDOWS\zikexir.com
[2009-09-25 01:04:48 | 000,013,826 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\matucypad.vbs
[2009-09-25 01:04:48 | 000,013,284 | ---- | C] () -- C:\WINDOWS\ogyruryzi.dll
[2009-09-25 01:04:48 | 000,013,216 | ---- | C] () -- C:\Program Files\Common Files\rotudo.db
[2009-09-25 01:04:48 | 000,012,818 | ---- | C] () -- C:\WINDOWS\System32\ariqutuba.dat
[2009-09-25 01:04:48 | 000,012,674 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\olehityca.lib
[2009-09-25 01:04:48 | 000,012,490 | ---- | C] () -- C:\WINDOWS\uroxumek.sys
[2009-09-25 01:04:48 | 000,011,602 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\wyzezux.inf
[2009-09-25 01:04:48 | 000,011,167 | ---- | C] () -- C:\WINDOWS\System32\ewijuqe.exe
[2008-06-11 00:05:23 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008-06-11 00:05:23 | 000,002,544 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008-04-26 17:28:45 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008-04-26 17:28:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008-04-26 17:28:45 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008-04-23 23:40:31 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\00481000873dc4ac21380c4d4c101abe20100f39c0e966ef01.dat
[2008-04-23 23:37:43 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Application Data\install.ini
[2008-03-12 11:00:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006-05-27 09:51:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCVCDVW.INI
[2006-05-27 09:51:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2006-04-14 13:43:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-03-16 18:55:49 | 000,000,080 | ---- | C] () -- C:\WINDOWS\PHOTOFX.INI
[2006-03-16 18:55:30 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006-03-16 18:55:30 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006-03-16 00:59:37 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006-03-16 00:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2006-03-16 00:33:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-03-15 19:41:41 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006-03-15 19:41:41 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006-03-15 19:41:41 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006-03-15 19:41:41 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006-03-15 19:41:41 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006-03-15 19:41:41 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006-03-15 19:41:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006-03-15 19:41:41 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006-03-15 19:41:41 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006-03-15 19:41:41 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006-03-15 19:41:41 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006-03-15 19:41:41 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006-03-15 19:41:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006-03-15 19:41:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006-03-15 19:36:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2006-03-15 15:40:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006-03-15 15:35:42 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Joe Rogers\Local Settings\Application Data\fusioncache.dat
[2005-12-03 12:31:57 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005-10-24 14:22:38 | 000,001,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005-10-12 21:43:40 | 000,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2005-09-16 10:14:00 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005-08-05 18:01:54 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2005-08-05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-08-02 12:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005-08-02 12:35:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005-08-02 12:35:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005-08-02 12:35:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005-08-02 12:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005-08-02 12:35:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-08-02 12:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-08-02 12:35:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005-08-02 12:35:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005-08-02 12:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-07-15 12:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005-02-02 16:11:40 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-01-16 00:29:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005-01-16 00:28:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005-01-16 00:22:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005-01-16 00:22:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005-01-16 00:18:32 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005-01-15 23:58:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005-01-15 23:57:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005-01-15 23:57:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005-01-15 23:57:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005-01-15 23:57:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005-01-15 23:55:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
[2005-01-15 23:29:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005-01-15 23:27:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-12-17 21:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004-11-20 05:27:44 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\kill1211.exe
[2004-08-10 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-10 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-10 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-10 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-10 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-10 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-10 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-10 16:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004-08-10 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-03-23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003-08-07 13:51:32 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\reboot.exe
[2003-08-06 23:32:24 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\KCMDNIns.exe
[2002-05-23 21:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001-12-26 20:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001-09-04 03:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001-08-25 22:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-25 22:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-07-30 20:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001-07-24 02:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001-07-05 20:19:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2000-07-07 17:49:30 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000-03-25 22:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999-09-20 16:43:10 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Extras.txt - Notepad

OTL Extras logfile created on: 12-Apr-11 6:21:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Joe Rogers\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

958.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.31 Gb Total Space | 33.39 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive D: | 120.09 Gb Total Space | 120.08 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: ACER | User Name: Joe Rogers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta Encyclopedia Standard 2001
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{703FBBAA-ED01-498D-86D5-559C4725CD63}" = Wireless 802.11g USB Adapter
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ability Office 2000" = Ability Office 2000
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FoneSync" = FoneSync
"greenstreet PhotoFX 1.01" = greenstreet PhotoFX 1.01
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{703FBBAA-ED01-498D-86D5-559C4725CD63}" = Wireless 802.11g USB Adapter
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"MahJongg" = MahJongg
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON CX 3800 Guide
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"WillPower" = Kiplinger's WillPower
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahtzee_is1" = Yahtzee 1.1.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 04-Apr-08 1:19:47 AM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 05-Apr-08 11:42:06 PM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 05-Apr-08 11:42:07 PM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 05-Apr-08 11:42:08 PM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 06-Apr-08 2:52:15 AM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 06-Apr-08 2:52:15 AM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 06-Apr-08 2:52:15 AM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 06-Apr-08 2:54:16 AM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 06-Apr-08 3:00:03 AM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

Error - 06-Apr-08 2:51:47 PM | Computer Name = ACER | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 10-Mar-11 7:02:27 AM | Computer Name = ACER | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 12.0.1606.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10-Mar-11 7:02:29 AM | Computer Name = ACER | Source = Application Hang | ID = 1001
Description = Fault bucket 549569437.

Error - 10-Mar-11 3:36:15 PM | Computer Name = ACER | Source = Windows Live Mail | ID = 1000
Description =

Error - 29-Mar-11 12:32:36 PM | Computer Name = ACER | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 12.0.1606.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29-Mar-11 12:32:40 PM | Computer Name = ACER | Source = Application Hang | ID = 1001
Description = Fault bucket 549569437.

Error - 02-Apr-11 5:03:22 AM | Computer Name = ACER | Source = Windows Live Mail | ID = 1000
Description =

Error - 06-Apr-11 1:29:36 PM | Computer Name = ACER | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 12.0.1606.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-Apr-11 1:29:36 PM | Computer Name = ACER | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 12.0.1606.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-Apr-11 1:29:36 PM | Computer Name = ACER | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 12.0.1606.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06-Apr-11 1:29:36 PM | Computer Name = ACER | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 12.0.1606.1023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11-Apr-11 5:19:13 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The int15.sys service failed to start due to the following error:
%%2

Error - 11-Apr-11 5:19:14 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan SASKUTIL

Error - 11-Apr-11 8:34:42 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The int15.sys service failed to start due to the following error:
%%2

Error - 11-Apr-11 8:34:43 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan SASKUTIL

Error - 11-Apr-11 10:39:10 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The int15.sys service failed to start due to the following error:
%%2

Error - 11-Apr-11 10:39:10 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan SASKUTIL

Error - 11-Apr-11 7:36:50 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The int15.sys service failed to start due to the following error:
%%2

Error - 11-Apr-11 7:36:52 PM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan SASKUTIL

Error - 12-Apr-11 6:50:18 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = The int15.sys service failed to start due to the following error:
%%2

Error - 12-Apr-11 6:50:20 AM | Computer Name = ACER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan SASKUTIL


< End of report >

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 13th April 2011, 10:11 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Fast Windows AntiVirus 2011 CF_download_FF

    Fast Windows AntiVirus 2011 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Fast Windows AntiVirus 2011 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Fast Windows AntiVirus 2011 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Fast Windows AntiVirus 2011 DXwU4
Fast Windows AntiVirus 2011 VvYDg

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 14th April 2011, 2:33 pm

more_horiz
ComboFix 11-04-13.06 - Joe Rogers 14-Apr-11 10:17:41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.581 [GMT -4:00]
Running from: c:\documents and settings\Joe Rogers\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Joe Rogers\Application Data\iniasd.txt
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\acofyb.dat
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\betiva._dl
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\bmp39B.tmp
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\bmp39C.tmp
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\bmp3B4.tmp
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\jyhesuxy.sys
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\mokydabeh.lib
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\odivo.sys
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\wyjosanyt.vbs
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\ymogyga.com
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\ynadiv.ban
c:\documents and settings\Joe Rogers\Local Settings\Temporary Internet Files\ynod.dll
c:\documents and settings\Joe Rogers\WINDOWS
c:\program files\Common Files\rotudo.db
c:\program files\Common Files\uquhimare.db
c:\windows\abuzyn.scr
c:\windows\fynywowige.dll
c:\windows\ized._sy
c:\windows\jewurazo.dll
c:\windows\kohebo._sy
c:\windows\ogyruryzi.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\yrozojusu.dll
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 14:24 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-04-14 14:24 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-04-10 16:13 . 2011-04-10 16:13 388096 ----a-r- c:\documents and settings\Joe Rogers\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-10 16:13 . 2011-04-10 16:13 -------- d-----w- c:\program files\Trend Micro
2011-04-10 14:48 . 2011-04-10 14:48 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 11:20 . 2011-04-01 11:20 -------- d-----w- c:\documents and settings\Joe Rogers\Local Settings\Application Data\PackageAware
2011-03-31 15:59 . 2011-03-31 15:59 -------- d-----w- c:\documents and settings\Joe Rogers\Application Data\webex
2011-03-29 16:02 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-10 20:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 20:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-03-02 01:06 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:04 . 2010-07-17 19:20 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2009-10-03 00:00 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2009-10-03 00:01 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2009-10-03 00:01 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2009-10-03 00:01 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2009-10-03 00:01 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2009-10-03 00:01 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2009-10-03 00:01 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-10-03 00:01 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:06 . 2005-07-03 02:11 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 20:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-01-19 04:26 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-05-10 00:17 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-17 14:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 20:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 20:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2004-08-10 20:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 20:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48 . 2005-08-05 22:01 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-05 22:01 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2004-08-10 20:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 20:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 20:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2009-09-25 11:22 . 2009-09-25 11:22 18000 ----a-w- c:\program files\Common Files\ejetubefyh.exe
2009-09-25 11:22 . 2009-09-25 11:22 15833 ----a-w- c:\program files\Common Files\defatefaz.exe
2009-09-25 08:40 . 2009-09-25 08:40 12491 ----a-w- c:\program files\Common Files\ogacobil.scr
2009-09-25 05:04 . 2009-09-25 05:04 17027 ----a-w- c:\program files\Common Files\omimeb.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-03-15 19:38 . 2005-11-01 00:21 393216 c:\acer\Empowering Technology\eRecovery\bak\Monitor.exe
.
2004-08-14 11:17 . 2005-03-23 23:34 58992 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
.
2004-11-03 04:24 . 2004-11-03 04:24 32768 c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe
.
2006-12-20 03:46 . 2006-11-09 20:07 49263 c:\program files\Java\jre1.5.0_10\bin\bak\jusched.exe
.
2000-08-08 20:00 . 2000-08-08 20:00 28739 c:\program files\Microsoft Works\bak\WkDetect.exe
.
2000-08-08 20:00 . 2000-08-08 20:00 24576 c:\program files\Microsoft Works\bak\wkfud.exe
.
2000-08-08 20:00 . 2000-08-08 20:00 311350 c:\program files\Microsoft Works\bak\WksSb.exe
.
2005-05-12 02:15 . 2005-05-12 02:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe
.
2008-01-31 06:44 . 2008-04-08 09:51 2128 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.log
2005-01-16 04:19 . 2008-01-27 23:53 2128 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.log
.
2006-03-16 05:56 . 2006-03-16 05:56 100056 c:\program files\SymNetDrv\bak\SNDMon.exe
2006-03-16 05:56 . 2008-04-06 06:55 111840 c:\program files\SymNetDrv\SNDMon.exe
.
2005-08-05 21:56 . 2005-08-05 21:56 64512 c:\windows\ehome\bak\ehtray.exe
2005-08-05 21:56 . 2005-08-05 21:56 64512 c:\windows\ehome\ehtray.exe
.
2004-08-10 20:00 . 2004-08-10 20:00 208952 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE
2004-08-10 20:00 . 2004-08-10 20:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe
.
2004-08-10 20:00 . 2004-08-10 20:00 59392 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe
2004-08-10 20:00 . 2004-08-10 20:00 59392 c:\windows\system32\IME\PINTLGNT\imscinst.exe
.
2004-08-10 20:00 . 2004-08-10 20:00 455168 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
2004-08-10 20:00 . 2004-08-10 20:00 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
2006-03-15 23:37 . 2005-02-08 03:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-15 7307264]
"nwiz"="nwiz.exe" [2005-11-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-15 86016]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-04-06 111840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-8-8 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-8-8 24633]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29-Mar-11 12:02 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02-Oct-09 8:01 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02-Oct-09 8:01 PM 19544]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [24-Apr-08 1:26 AM 25773]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-20 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bluelight.my.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
Trusted Zone: bareharbor.com
Trusted Zone: buckeyeplanet.com\www
Trusted Zone: yahoo.com\bluelight.my
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://camera1.jupiterfoundation.org/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 10:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-14 10:30:30
ComboFix-quarantined-files.txt 2011-04-14 14:30
.
Pre-Run: 37,409,120,256 bytes free
Post-Run: 37,928,390,656 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D5DA1FCE96A7D2E42C6A2171F6A38DF7

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 14th April 2011, 10:26 pm

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    File::
    c:\program files\Common Files\ejetubefyh.exe
    c:\program files\Common Files\defatefaz.exe
    c:\program files\Common Files\ogacobil.scr
    c:\program files\Common Files\omimeb.exe

    AWF::
    c:\acer\Empowering Technology\eRecovery\bak\Monitor.exe
    c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
    c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe
    c:\program files\Java\jre1.5.0_10\bin\bak\jusched.exe
    c:\program files\Microsoft Works\bak\WkDetect.exe
    c:\program files\Microsoft Works\bak\wkfud.exe
    c:\program files\Microsoft Works\bak\WksSb.exe
    c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe
    c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.log
    c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.log
    c:\program files\SymNetDrv\bak\SNDMon.exe
    c:\windows\ehome\bak\ehtray.exe
    c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE
    c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe
    c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
    c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE

    Domains::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Fast Windows AntiVirus 2011 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Fast Windows AntiVirus 2011 DXwU4
Fast Windows AntiVirus 2011 VvYDg

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 15th April 2011, 1:34 am

more_horiz
ComboFix 11-04-14.01 - Joe Rogers 14-Apr-11 21:17:22.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.641 [GMT -4:00]
Running from: c:\documents and settings\Joe Rogers\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Joe Rogers\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\program files\Common Files\defatefaz.exe"
"c:\program files\Common Files\ejetubefyh.exe"
"c:\program files\Common Files\ogacobil.scr"
"c:\program files\Common Files\omimeb.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-14 14:24 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-04-14 14:24 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-04-10 16:13 . 2011-04-10 16:13 388096 ----a-r- c:\documents and settings\Joe Rogers\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-10 16:13 . 2011-04-10 16:13 -------- d-----w- c:\program files\Trend Micro
2011-04-10 14:48 . 2011-04-10 14:48 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 11:20 . 2011-04-01 11:20 -------- d-----w- c:\documents and settings\Joe Rogers\Local Settings\Application Data\PackageAware
2011-03-31 15:59 . 2011-03-31 15:59 -------- d-----w- c:\documents and settings\Joe Rogers\Application Data\webex
2011-03-29 16:02 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-10 20:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 20:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-03-02 01:06 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:04 . 2010-07-17 19:20 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2009-10-03 00:00 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2009-10-03 00:01 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2009-10-03 00:01 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2009-10-03 00:01 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2009-10-03 00:01 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2009-10-03 00:01 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2009-10-03 00:01 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-10-03 00:01 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:06 . 2005-07-03 02:11 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 20:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-01-19 04:26 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-05-10 00:17 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-17 14:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 20:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 20:00 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2004-08-10 20:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 20:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 22:48 . 2005-08-05 22:01 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-05 22:01 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2004-08-10 20:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 20:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 20:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-15 7307264]
"nwiz"="nwiz.exe" [2005-11-15 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-15 86016]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-03-16 100056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-8-8 65588]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-8-8 24633]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [29-Mar-11 12:02 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02-Oct-09 8:01 PM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02-Oct-09 8:01 PM 19544]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [24-Apr-08 1:26 AM 25773]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-20 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bluelight.my.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://camera1.jupiterfoundation.org/activex/AMC.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 21:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\slrundll.exe
.
**************************************************************************
.
Completion time: 2011-04-14 21:31:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 01:31
ComboFix2.txt 2011-04-14 14:30
.
Pre-Run: 37,884,203,008 bytes free
Post-Run: 37,879,799,808 bytes free
.
- - End Of File - - 5B1782DF61EED47D14B75859E9B4A360

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 15th April 2011, 7:20 am

more_horiz
Fast Windows AntiVirus 2011 is still there. Just wondering, should the "combo-fix" program have been run in "safe mode"?

In addition....

Something just isn't totally right. Every time I start the computer up I get a pop up box that has the following:

Acer eRecovery Management
Burning
Has a "X" in red circle
INT15 Error! eRecovery must be terminated
OK

Fast Windows AntiVirus 2011 Untitled-1

I "OK" out of it and everything seems to operate.

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011 16th April 2011, 12:51 am

more_horiz
We can attempt to fix that soon, got another scan to do first.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Fast Windows AntiVirus 2011 DXwU4
Fast Windows AntiVirus 2011 VvYDg

descriptionFast Windows AntiVirus 2011 EmptyRe: Fast Windows AntiVirus 2011

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum