virus warning screen blocks IE

View previous topic View next topic Go down

virus warning screen blocks IE

Post by Dr Mike on Wed Oct 27, 2010 2:27 pm

a "Microsoft Security Essentials" box warning of a potential "unknown win32/trojan appeared and covers up access to programs
I don't want to click on it but can't get to a copy of malewarebytes to run off a removable drive.
What can I do to avoid starting this virus?

Dr Mike
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-10-24
OS OS : vista
Points Points : 22576
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Dr Mike on Wed Oct 27, 2010 2:38 pm

I was able to get malewarebytes started and am running a scan now

Dr Mike
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-10-24
OS OS : vista
Points Points : 22576
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Dr Mike on Wed Oct 27, 2010 5:05 pm

here is the scan results

OTL logfile created on: 10/27/2010 12:47:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Donna\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 330.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.20 Gb Total Space | 70.39 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive D: | 112.85 Gb Total Space | 112.66 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive J: | 61.86 Mb Total Space | 55.44 Mb Free Space | 89.62% Space Free | Partition Type: FAT

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 12:46:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL (1).com
PRC - [2010/07/06 09:27:58 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/12/08 18:45:32 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/11/23 19:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
PRC - [2006/11/23 19:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006/11/17 11:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/11/12 15:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/11/08 22:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2001/03/21 23:38:16 | 000,090,180 | ---- | M] () -- C:\PVSW\Bin\W3DBSMGR.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/27 12:46:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Downloads\OTL (1).com
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/07/27 14:03:14 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll
MOD - [2008/07/27 14:03:14 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcp80.dll
MOD - [2006/11/16 22:10:14 | 000,286,720 | ---- | M] (HiTRUST) -- C:\Windows\System32\sysenv.dll
MOD - [2006/11/16 16:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/16 16:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/07/06 09:27:58 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/12/08 18:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/13 00:35:08 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/06/18 11:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/12 23:45:23 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/10 18:21:16 | 000,007,936 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2006/11/10 18:10:50 | 000,010,624 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2006/11/08 21:52:32 | 000,194,560 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/08 19:11:30 | 000,053,760 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2006/11/08 07:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/08/28 22:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/06/13 16:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/21 09:12:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
O4 - HKCU..\Run: [捁牥吠畯⁲敒業摮牥] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{57786fe3-9d14-4ba3-9e14-50c8dcba3668} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 10:36:23 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Malwarebytes
[2010/10/27 10:36:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/27 10:36:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/27 10:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/27 10:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 08:45:31 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\HPAppData
[2010/10/15 07:49:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 08:28:04 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 08:27:35 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 08:27:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 08:27:02 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 08:26:57 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 08:26:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 08:26:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 08:26:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 08:26:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 08:26:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 08:26:55 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 08:26:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 08:26:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 08:26:55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 08:26:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 08:26:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 08:26:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 08:26:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 08:26:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 08:26:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 08:26:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 08:26:51 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 08:26:51 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 08:25:49 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/09/29 08:17:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2006/12/12 23:50:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 12:46:04 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/27 12:46:04 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/27 12:45:01 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/10/27 12:41:34 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/10/27 12:41:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 12:41:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 12:41:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 12:41:06 | 1063,772,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 10:36:20 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 09:00:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1156261535-2881067450-3811380182-1000UA.job
[2010/10/27 08:03:05 | 000,002,046 | ---- | M] () -- C:\Users\Donna\Desktop\Google Chrome.lnk
[2010/10/27 08:03:05 | 000,002,008 | ---- | M] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/26 12:00:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1156261535-2881067450-3811380182-1000Core.job
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/16 10:48:24 | 000,333,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/14 10:05:03 | 000,024,064 | ---- | M] () -- C:\Users\Donna\Documents\LETTERHEAD.doc
[2010/10/06 14:44:55 | 001,349,404 | ---- | M] () -- C:\Users\Donna\Desktop\PCS_FORMSTOJOIN_2010[1].pdf
[2010/10/01 10:35:22 | 000,429,567 | ---- | M] () -- C:\Users\Donna\Desktop\Chip & Dale[1].pdf
[2010/10/01 10:34:20 | 003,495,483 | ---- | M] () -- C:\Users\Donna\Desktop\Woody & Jesse[1].pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 12:41:06 | 1063,772,160 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/27 10:36:20 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 10:05:03 | 000,024,064 | ---- | C] () -- C:\Users\Donna\Documents\LETTERHEAD.doc
[2010/10/06 14:44:55 | 001,349,404 | ---- | C] () -- C:\Users\Donna\Desktop\PCS_FORMSTOJOIN_2010[1].pdf
[2010/10/01 10:35:22 | 000,429,567 | ---- | C] () -- C:\Users\Donna\Desktop\Chip & Dale[1].pdf
[2010/10/01 10:34:20 | 003,495,483 | ---- | C] () -- C:\Users\Donna\Desktop\Woody & Jesse[1].pdf
[2010/02/11 11:19:35 | 000,000,680 | ---- | C] () -- C:\Users\Donna\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/02 08:59:08 | 000,006,152 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/05/16 10:18:15 | 000,000,093 | ---- | C] () -- C:\Users\Donna\AppData\Local\fusioncache.dat
[2007/05/16 09:30:32 | 000,000,363 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/05/16 09:30:20 | 000,000,052 | ---- | C] () -- C:\Windows\WUCADMIN.INI
[2007/05/16 09:30:20 | 000,000,052 | ---- | C] () -- C:\Windows\W32UCADM.INI
[2007/05/16 09:30:09 | 000,000,184 | ---- | C] () -- C:\Windows\BTI.INI
[2007/05/11 09:58:21 | 000,017,920 | ---- | C] () -- C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/09 11:15:48 | 000,000,474 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/07 21:01:09 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/05/07 21:01:09 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2006/12/12 23:51:01 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/12/12 23:46:07 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/12/12 23:17:29 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/12/12 22:22:55 | 000,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/12/12 22:22:55 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1129.dll
[2006/12/12 22:22:55 | 000,001,029 | ---- | C] () -- C:\Windows\generic.ini
[2006/12/12 22:22:55 | 000,000,117 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006/11/16 16:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 16:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 16:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 16:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 16:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 16:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/11/16 16:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 16:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/08/26 09:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/12/12 22:23:59 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/02 08:55:38 | 000,000,045 | ---- | M] () -- C:\error.log
[2010/10/27 12:41:06 | 1063,772,160 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/16 09:25:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/16 09:25:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/27 12:41:05 | 1377,587,200 | -HS- | M] () -- C:\pagefile.sys
[2006/12/12 23:37:34 | 000,000,351 | ---- | M] () -- C:\RHDSetup.log
[2006/12/12 23:46:32 | 000,000,178 | ---- | M] () -- C:\setup.log
[2010/04/14 11:23:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/14 12:46:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/14 12:52:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/14 13:17:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/04/14 15:08:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/04/14 15:38:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/04/14 15:51:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/04/14 15:53:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/04/14 15:56:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/14 17:38:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/14 17:40:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/12 12:54:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/12 15:01:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/12 16:09:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/12 16:09:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/04/13 10:04:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/04/13 10:36:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/04/14 11:01:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/04/14 11:10:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/04/14 11:17:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/04/14 11:23:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/14 12:46:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/14 12:52:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/14 13:17:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/04/14 15:08:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/04/14 15:38:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/04/14 15:51:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/04/14 15:53:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/04/14 15:56:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/14 17:38:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/14 17:40:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/12 12:54:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/12 15:01:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/12 16:09:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/12 16:09:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/04/13 10:04:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/04/13 10:36:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/04/14 11:01:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/04/14 11:10:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/14 11:17:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/12/12 23:51:41 | 000,000,000 | ---- | M] () -- C:\Trace.log

< %PROGRAMFILES%*. >
[2007/05/07 20:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Assist
[2007/05/07 21:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc
[2007/05/07 20:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Registration
[2006/12/12 23:56:02 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Zone
[2006/12/12 23:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/07/02 09:57:31 | 000,000,000 | ---D | M] -- C:\Program Files\Akamai
[2009/09/04 11:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/08/14 17:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/05/28 09:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2009/09/04 11:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/03/23 13:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2006/12/12 23:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/05/11 09:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\EMRSystem
[2007/05/09 10:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2007/05/16 17:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\Forte Systems
[2008/07/02 10:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/02 09:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/04/21 09:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/09/17 08:14:37 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/02/04 12:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intelerad Medical Systems
[2010/10/15 16:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/02 10:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2009/09/04 11:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2010/10/27 10:36:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/05/09 11:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/11/26 09:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/12/10 13:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/01 08:12:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/11/21 12:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/22 08:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/17 08:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/10 13:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/09 16:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/05/09 18:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/12/12 23:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2008/08/06 08:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/06/06 10:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\ProSoft
[2009/06/05 10:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/12/12 23:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/15 08:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/23 17:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Visual Health Information
[2010/08/13 09:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/08/13 09:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/08/13 09:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/08/13 09:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/04/15 09:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/11/21 12:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2007/11/21 12:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2010/09/17 08:27:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 16:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/08/13 09:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/08/13 09:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/04/15 09:27:50 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/02/04 12:19:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%*.* >
[2010/09/17 08:12:44 | 000,000,006 | -HS- | M] () -- C:\Users\Donna\AppData\Roaming\desktop.ini


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/15 09:27:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/15 09:27:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/15 09:27:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/16 10:18:19 | 000,012,288 | ---- | M] ( ) MD5=0A21ADC30DE9E5E3C2A5B2DC7021422E -- C:\Program Files\EMRSystem\LOCAL\EMR\EventLog.dll

< MD5 for: IASTOR.SYS >
[2006/06/13 16:56:40 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\Windows\System32\drivers\iaStor.sys
[2006/06/13 16:56:40 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_d8b4315a\iaStor.sys
[2006/06/13 16:56:40 | 000,247,808 | ---- | M] (Intel Corporation) MD5=580BFEC487C55264BFE3D60C3C24EEE1 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_101ee613\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/05/25 08:03:26 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/05/25 08:03:26 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/05/25 08:03:26 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

Dr Mike
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-10-24
OS OS : vista
Points Points : 22576
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Dr Mike on Wed Oct 27, 2010 5:06 pm

and extras.txt log

OTL Extras logfile created on: 10/27/2010 12:47:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Donna\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 330.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.20 Gb Total Space | 70.39 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive D: | 112.85 Gb Total Space | 112.66 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive J: | 61.86 Mb Total Space | 55.44 Mb Free Space | 89.62% Space Free | Partition Type: FAT

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77E32272-E42B-46E5-9E78-CC9FB91A85F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7083420-6878-4EF8-900D-4DBE2782C6DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010A87C2-CF05-45F6-8E68-0CC804B527FF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{157080EB-5EC4-4E64-8D0B-6DC06F18F9CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{1D78E303-70E9-4943-A079-2F7E5DA36309}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{1F60CDE7-D481-44A4-98F0-A30C1862CC06}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{248483C1-5F46-44CD-AEF8-9A95E74BB44B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{2800DF2F-C277-40FD-B757-06B8B86BDEBD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2EB4996D-2B40-46DE-8932-403E7BC79C12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{35CC9A00-5FB7-44C7-997F-8E97BAA05FF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{40FCF4F3-243F-491E-8703-AB9FBB039DD5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4B4DCD02-503F-4ECA-8B00-A417B2373D9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{534ED538-F618-4602-9159-FF4871534DCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{56341E6C-D2EC-4CD5-AC2E-F8AE98FDE519}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5C29EE72-8440-4602-BA38-A2A43046DD75}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{642287D5-2E06-4A01-B33D-261440D83042}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{7601C2B2-0371-44AB-B77C-74222A7BCAA7}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{7717C42F-417B-45CD-B1EA-EB97BAAF560A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{89BBC071-8908-4460-A7B4-6F8A8F8BF845}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{954E4407-A0BD-4F1A-9CF9-75487AED7AE1}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{95F2AEFF-CBB3-4BB7-882A-39C49712F0A0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{AD5C0732-F722-4859-AE16-B32CE74E0916}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{AECD947E-EED9-4D5D-BACB-C3E4B17022B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{C38397AE-7B25-4FA0-94EE-B8E8A3804B9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C4694198-63D5-483E-A87C-87E8BEFEAE57}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{CF99901E-C817-4C67-83BB-B096D8AF0CFD}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{D1788996-5FFF-475E-8570-26E3BCFF9DF1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E2613963-604E-4038-9AF5-64A0DE4BA520}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{F05A55E3-64DF-445E-8175-16B5EF9C954F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{F83598BE-AC2A-4EED-A7F4-83C8E99DB965}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"TCP Query User{01CEF3C1-40F9-4DB8-B72E-DFB3ECFB95D1}C:\program files\microsoft office\office11\excel.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office11\excel.exe |
"TCP Query User{341B08C7-C55D-410A-BE7E-EBE5610A70F7}C:\pvsw\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"TCP Query User{66AD7C3C-9CB9-43F7-8C0D-DD1AF0DEAF6E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A23C7664-5573-42A9-BC1A-B723E716846B}C:\pvsw\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"TCP Query User{D1233E5A-8967-49C6-A1D6-FD402847EBB6}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"TCP Query User{FFB30A7F-7F5D-49CA-BCAC-8129E7D80D1D}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{2A9BA723-8D9B-4E2A-96A6-4F6F149E69B0}C:\pvsw\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"UDP Query User{3623A9D7-5A67-4D37-891E-D15CECE944ED}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{538DF79B-396D-4FA5-BC34-71DBA1C840A7}C:\program files\microsoft office\office11\excel.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office11\excel.exe |
"UDP Query User{65575A85-56BC-4B23-8280-D1231424072D}C:\pvsw\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"UDP Query User{946D2D5D-8B34-432B-822A-D072BDA56340}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DEB83B21-EB99-42B2-B250-402C8CA5D1E3}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{13818407-4EAC-43B7-A62B-DF9601F1E411}" = Chiro8000
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC6C5F4A-AC7F-4278-8C90-AC6E3B393C5A}" = VHI Free Stretching
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EMR System_is1" = Encite EMR System
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{AC6C5F4A-AC7F-4278-8C90-AC6E3B393C5A}" = VHI Free Stretching
"InteleViewer" = InteleViewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pervasive.SQL 2000 Workgroup" = Pervasive.SQL 2000 Workgroup (SP3)
"QuickTime" = QuickTime
"Rosetta Stone 2.1.4.1A" = Rosetta Stone 2.1.4.1A
"Shop for HP Supplies" = Shop for HP Supplies
"Windows Live Toolbar" = Windows Live Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 8:47:33 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2010 8:47:57 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/30/2010 10:47:13 AM | Computer Name = Donna-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18943 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1770 Start Time: 01cb60aa45b6f4a5 Termination Time: 19

Error - 10/7/2010 8:10:49 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2010 8:10:52 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2010 8:13:26 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2010 8:13:29 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2010 8:13:30 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2010 8:13:32 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/7/2010 8:14:01 AM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 9/24/2007 8:06:41 AM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 9/26/2007 8:29:46 AM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/5/2007 1:55:09 PM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/16/2007 2:56:49 PM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 4:49:30 PM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2008 2:14:37 PM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 5:27:40 PM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/9/2008 11:49:21 AM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 9:37:03 AM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 10:56:07 AM | Computer Name = Donna-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/27/2010 8:50:52 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/27/2010 10:07:05 AM | Computer Name = Donna-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2010 10:07:13 AM | Computer Name = Donna-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2010 10:07:18 AM | Computer Name = Donna-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2010 10:07:46 AM | Computer Name = Donna-PC | Source = DCOM | ID = 10010
Description =

Error - 10/27/2010 10:08:22 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/27/2010 10:08:23 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/27/2010 12:39:45 PM | Computer Name = Donna-PC | Source = DCOM | ID = 10005
Description =

Error - 10/27/2010 12:41:12 PM | Computer Name = Donna-PC | Source = HTTP | ID = 15016
Description =

Error - 10/27/2010 12:43:33 PM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Dr Mike
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-10-24
OS OS : vista
Points Points : 22576
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Belahzur on Thu Oct 28, 2010 12:16 am

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Dr Mike on Mon Nov 01, 2010 9:44 pm

ComboFix 10-11-01.01 - Donna 11/01/2010 17:26:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.342 [GMT -4:00]
Running from: c:\users\Donna\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Donna\g2mdlhlpx.exe
c:\users\Donna\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 21:34 . 2010-11-01 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-29 15:25 . 2010-10-29 15:25 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-29 15:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-29 15:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-29 15:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-29 15:19 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-10-29 15:19 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-10-29 15:19 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-10-29 15:19 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-10-29 15:19 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-10-29 15:19 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-10-29 15:19 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-10-29 15:19 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-10-29 15:19 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-10-29 15:19 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-10-29 15:19 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-10-29 15:19 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-10-29 15:16 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-29 15:16 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-29 15:16 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-27 18:17 . 2010-10-27 18:17 -------- d-----w- c:\users\Donna\AppData\Roaming\AVG10
2010-10-27 18:09 . 2010-11-01 12:26 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-27 18:09 . 2010-10-27 18:14 -------- d-----w- c:\programdata\AVG10
2010-10-27 18:08 . 2010-10-27 18:09 1409 ----a-w- c:\windows\QTFont.for
2010-10-27 18:07 . 2010-10-27 18:07 -------- d-----w- c:\program files\AVG
2010-10-27 17:57 . 2010-10-27 18:07 -------- d-----w- c:\programdata\MFAData
2010-10-27 17:38 . 2010-10-27 17:38 -------- d-----w- c:\windows\system32\ca-ES
2010-10-27 17:38 . 2010-10-27 17:38 -------- d-----w- c:\windows\system32\eu-ES
2010-10-27 17:38 . 2010-10-27 17:38 -------- d-----w- c:\windows\system32\vi-VN
2010-10-27 17:20 . 2010-10-27 17:20 -------- d-----w- c:\windows\system32\EventProviders
2010-10-27 14:36 . 2010-10-27 14:36 -------- d-----w- c:\users\Donna\AppData\Roaming\Malwarebytes
2010-10-27 14:36 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 14:36 . 2010-10-27 14:36 -------- d-----w- c:\programdata\Malwarebytes
2010-10-27 14:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 14:36 . 2010-10-27 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 12:07 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 12:07 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 12:07 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 12:21 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95C49E67-5292-4273-875C-16B8CE412143}\mpengine.dll
2010-10-14 12:28 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 12:28 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:27 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 12:27 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:27 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:27 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:27 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:27 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:27 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:27 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:27 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 12:27 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 12:25 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 12:25 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-05 12:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 20:27 . 2010-09-13 20:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 07:49 . 2010-09-07 07:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 07:48 . 2010-09-07 07:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48 . 2010-09-07 07:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 07:48 . 2010-09-07 07:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-26 16:33 . 2010-10-27 12:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 12:07 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 12:07 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 12:07 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 01:42 . 2010-08-20 01:42 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-20 01:42 . 2010-08-20 01:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42 . 2010-08-20 01:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-17 14:11 . 2010-09-16 12:51 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-13 12:40 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-13 12:40 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-05 77824]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\W3DBSMGR.EXE [2007-5-16 90180]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-06 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 27216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1156261535-2881067450-3811380182-1000Core.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 13:31]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1156261535-2881067450-3811380182-1000UA.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-05 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-hpqSRMon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-01 17:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-01 17:39:45
ComboFix-quarantined-files.txt 2010-11-01 21:39

Pre-Run: 84,556,361,728 bytes free
Post-Run: 84,345,102,336 bytes free

- - End Of File - - 8F789DCD2BF579822984B92BB5276560
Here is the log
I'm having problems accessing some websites, get error messages
otherwise everything seems normal
Did this get all the viruses?
Thanks for your help

Dr Mike
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-10-24
OS OS : vista
Points Points : 22576
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Belahzur on Tue Nov 02, 2010 12:32 am

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Dr Mike on Thu Nov 04, 2010 3:43 pm

Hi
tried to run mbr and it started a then:
"Found non standard MBR
Options
1 Dump the MBR of a physical disc to file.
2 Restore the MBR of a physical disc with a standard boot code.
3 Exit
I chose exit and it flashed and beeped like it was about to turn off but didn't
Not sure what to do next?
Whats your suggestion?
Mike

Dr Mike
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-10-24
OS OS : vista
Points Points : 22576
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus warning screen blocks IE

Post by Belahzur on Thu Nov 04, 2010 10:17 pm

Please post the full log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum