Is it a virus?

View previous topic View next topic Go down

Is it a virus?

Post by Scorch on Tue 13 Dec 2011, 11:31 am

I have gotten the "blue screen of death" several times in the last two days. Is this something that can be caused by a virus? If so, how can I tell if that's what it is?

Thanks.

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Tue 13 Dec 2011, 11:59 am

Welcome

Hello, Welcome to GeekPolice!

I'm Houndmom and I will be helping you get your computer cleaned up.
Please note the following information about the malware forum:
* Only Tech Officers, Global Moderators, Administrators, Malware Advisors and Tech Advisors are allowed to give advice on removing malware from your computer.
* From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.
* We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see [You must be registered and logged in to see this link.]

* Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Please stick with me in this topic until its close, and your computer is declared clean.

I am a student and need to get approval for each step. I appreciate your patience, and will return with the first step.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Wed 14 Dec 2011, 11:10 am

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Then:

  • Download OTL.exe onto your desktop
  • Open the program by double clicking on OTL icon.


  • Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..


    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
  • Please copy and paste these results into your next post.


houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Thu 15 Dec 2011, 1:06 pm

Sorry it took me so long to get back. I was getting ready to follow your instructions, and I got the dreaded blue screen again. This time, when I restarted the computer, I began to get a message "Windows could not start because the following file is missing or corrupt: system32\DRIVERS\isapnp.sys"

It then tells me that I can try to repair the file by starting the computer with the original setup cd.

Well, my internal CD drive does not work. I plugged an external USB cd drive in, and the computer will not recognize it, which it did in the past.

So I guess I am totally screwed at the moment. I am actually using another computer to send this.

So - any ideas are welcome.

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Sat 17 Dec 2011, 8:31 am

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


Now Use your arrow keys to move to "Last Known Good Configuration" and press your Enter key. This will enables the system to go back to a date before you had this problem. And let me know if this worked?

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Sat 17 Dec 2011, 8:56 am

it did not work. I am getting the same error.

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Mon 19 Dec 2011, 5:31 am

Okay I am sorry but there is nothing else we can do without being able to use a USB or CD drive.

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Thu 22 Dec 2011, 2:57 pm

ok. I am back up and running. I will go back and download the items you mentioned above, and proceed.

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Thu 22 Dec 2011, 3:07 pm

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 23:00:49
-----------------------------
23:00:49.196 OS Version: Windows 5.1.2600 Service Pack 3
23:00:49.196 Number of processors: 1 586 0xD08
23:00:49.196 ComputerName: STEVE-B8A9611EA UserName: steve
23:00:51.930 Initialize success
23:00:52.992 AVAST engine defs: 11122102
23:00:56.399 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:00:56.399 Disk 0 Vendor: Hitachi_HTS541060G9AT00 MB3OA61A Size: 57231MB BusType: 3
23:00:58.414 Disk 0 MBR read successfully
23:00:58.414 Disk 0 MBR scan
23:00:58.461 Disk 0 Windows XP default MBR code
23:00:58.461 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
23:00:58.492 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52407 MB offset 128520
23:00:58.508 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 107458785
23:00:58.524 Disk 0 scanning sectors +117194175
23:00:58.571 Disk 0 scanning C:\WINDOWS\system32\drivers
23:01:13.555 Service scanning
23:01:15.352 Modules scanning
23:01:24.321 Disk 0 trace - called modules:
23:01:24.696 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:01:24.711 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823639c0]
23:01:24.711 3 CLASSPNP.SYS[f84d2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82366700]
23:01:25.289 AVAST engine scan C:\WINDOWS
23:01:33.024 AVAST engine scan C:\WINDOWS\system32
23:03:39.305 AVAST engine scan C:\WINDOWS\system32\drivers
23:03:53.336 AVAST engine scan C:\Documents and Settings\steve
23:05:44.602 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
23:06:10.149 Scan finished successfully
23:06:45.867 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\steve\Desktop\MBR.dat"
23:06:45.867 The log file has been saved successfully to "C:\Documents and Settings\steve\Desktop\aswMBR.txt"



Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Thu 22 Dec 2011, 4:51 pm

OTL logfile created on: 12/21/2011 11:11:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\steve\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 129.57 Mb Available Physical Memory | 25.74% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.18 Gb Total Space | 10.01 Gb Free Space | 19.57% Space Free | Partition Type: NTFS

Computer Name: STEVE-B8A9611EA | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 23:09:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
PRC - [2011/12/20 16:41:08 | 002,696,512 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\ccleaner.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/10 00:30:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 22:04:54 | 000,123,392 | ---- | M] (ArcadeWeb LLC) -- C:\Program Files\ArcadeWeb\tray.exe
PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 10:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 10:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 10:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/06/29 11:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 11:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/10/07 13:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/09 00:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
PRC - [2005/07/27 15:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
PRC - [2004/06/28 22:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 15:58:21 | 001,655,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122102\algo.dll
MOD - [2011/12/19 18:49:56 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122102\aswRep.dll
MOD - [2011/12/14 12:42:58 | 001,646,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121402\algo.dll
MOD - [2011/12/12 10:57:38 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121402\aswRep.dll
MOD - [2011/11/10 00:30:00 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 22:05:11 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\yjjpt0zv.default\extensions\text_links@arcadeweb.com\components\arcadewebfirefox.dll
MOD - [2011/10/05 22:15:39 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/02/21 10:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/17 15:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/06/29 11:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2004/11/08 13:41:44 | 000,219,136 | ---- | M] () -- C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/02/21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/06/29 11:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/02/21 10:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 12:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 14:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/12 22:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 00:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 11:33:46 | 000,000,000 | ---D | M]

[2011/09/18 21:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions
[2011/11/07 22:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\yjjpt0zv.default\extensions
[2011/11/07 22:05:11 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\yjjpt0zv.default\extensions\text_links@arcadeweb.com
[2011/11/10 00:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/12 22:28:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/10 00:30:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/22 13:10:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:30:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\steve\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/04/13 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Arcadeweb Gaming Add-on) - {9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} - C:\Program Files\ArcadeWeb\arcadeweb32.dll (ArcadeWeb LLC)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [TrayIcRun] C:\Program Files\ArcadeWeb\tray.exe (ArcadeWeb LLC)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF8D460C-773B-45C2-BDF4-FFEB14890689}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 23:12:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: EventSystem - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 4.0 & Silverlight 3.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{d9d28021-8616-46a5-910f-310b2c8b9196} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 23:08:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
[2011/12/21 23:06:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\steve\Recent
[2011/12/21 22:59:58 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Documents and Settings\steve\Desktop\aswMBR.exe
[2011/12/21 22:19:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/11 17:15:36 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/12/11 11:45:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\steve\IECompatCache
[2011/12/11 11:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Start Menu\Programs\Google Chrome
[2011/12/11 09:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\Updater
[2011/12/11 09:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\espionServerData
[2011/12/10 22:53:34 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/12/10 22:53:34 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/12/10 22:53:34 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/12/10 22:53:34 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/12/10 22:53:33 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/12/10 22:53:33 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/12/10 22:53:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/12/10 22:53:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/12/10 22:53:33 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/12/10 22:53:33 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/12/10 22:53:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/12/10 22:53:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/12/10 22:53:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/12/10 22:53:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2011/12/10 22:53:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/12/10 22:53:33 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2011/12/10 22:53:33 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/12/10 22:53:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/12/10 22:53:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/12/10 22:53:33 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2011/12/10 22:53:33 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/12/10 22:53:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2011/12/10 22:53:32 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/12/10 22:53:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2011/12/10 22:53:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2011/12/10 22:49:45 | 000,109,568 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/12/10 22:49:45 | 000,108,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/12/10 22:49:45 | 000,061,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/12/10 22:49:45 | 000,056,832 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/12/10 22:49:45 | 000,056,320 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/12/10 22:49:44 | 001,191,936 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/12/10 22:49:44 | 000,434,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/12/10 22:49:44 | 000,339,968 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/12/10 22:49:44 | 000,028,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/12/10 22:49:43 | 000,405,504 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/12/10 22:49:43 | 000,172,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2004/04/20 10:08:18 | 001,698,138 | ---- | C] (Netsmartz LLC. ) -- C:\Program Files\TextSmartz.EXE
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 23:18:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 23:09:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe
[2011/12/21 23:06:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\MBR.dat
[2011/12/21 22:59:18 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Documents and Settings\steve\Desktop\aswMBR.exe
[2011/12/21 22:39:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2011/12/21 22:33:30 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\The Ringtone Maker.lnk
[2011/12/21 22:32:20 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602162358-842925246-1002UA.job
[2011/12/21 22:32:15 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/21 22:32:14 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Google Chrome.lnk
[2011/12/21 22:19:23 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 22:13:30 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 22:13:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 22:13:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 22:30:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/11 11:27:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602162358-842925246-1002Core.job
[2011/12/10 23:01:44 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 22:52:34 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 4.0.lnk
[2011/12/10 22:49:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/10 22:44:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/10 22:41:25 | 001,191,936 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/12/10 22:41:25 | 000,405,504 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/12/10 22:41:25 | 000,109,568 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/12/10 22:41:25 | 000,108,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/12/10 22:41:25 | 000,056,832 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/12/10 22:41:25 | 000,056,320 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/12/10 22:41:24 | 000,339,968 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/12/10 22:41:23 | 000,434,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/12/10 22:41:23 | 000,172,032 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/12/10 22:41:23 | 000,061,440 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/12/10 22:41:22 | 000,028,672 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/12/10 10:02:45 | 000,025,698 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\i-dont-understand-what-an.pdf
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Thu 22 Dec 2011, 4:53 pm


[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 23:06:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\MBR.dat
[2011/12/21 22:19:23 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 11:30:32 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Google Chrome.lnk
[2011/12/11 11:30:32 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/11 11:22:13 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602162358-842925246-1002UA.job
[2011/12/11 11:22:11 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602162358-842925246-1002Core.job
[2011/12/10 22:58:12 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Help Center.lnk
[2011/12/10 22:53:34 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/12/10 22:53:34 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/12/10 22:53:34 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2011/12/10 22:53:34 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/12/10 22:53:33 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2011/12/10 22:53:33 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/12/10 22:52:34 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Elements 4.0.lnk
[2011/12/10 22:52:34 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Photoshop Elements 4.0.lnk
[2011/12/10 10:02:45 | 000,025,698 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\i-dont-understand-what-an.pdf
[2011/10/05 22:18:57 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/18 21:14:56 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QSLLPSVCShare
[2011/09/17 09:49:53 | 000,000,099 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/09/17 07:36:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/16 18:17:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/16 18:16:03 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 23:34:56 | 000,394,554 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/25 07:00:53 | 000,246,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/04/13 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 18:00:00 | 000,294,158 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 18:00:00 | 000,035,110 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/19 07:00:38 | 013,511,896 | ---- | C] () -- C:\Program Files\PDF-File.EXE
[2005/04/14 22:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 22:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/07/20 09:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/09/17 07:29:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2006/11/01 18:04:11 | 013,511,896 | ---- | M] () -- C:\Program Files\PDF-File.EXE
[2006/11/01 18:04:09 | 001,698,138 | ---- | M] (Netsmartz LLC. ) -- C:\Program Files\TextSmartz.EXE

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/09/17 07:30:28 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/09/17 07:41:46 | 000,000,140 | -HS- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/09/17 07:41:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/21 22:59:18 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Documents and Settings\steve\Desktop\aswMBR.exe
[2011/12/21 23:09:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/10 00:30:02 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/10 00:30:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/10 00:29:57 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/10 00:29:55 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/17 07:41:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\steve\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2011/09/16 18:15:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/09/16 18:15:11 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/09/16 18:15:10 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/13 18:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/13 18:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/13 18:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/13 18:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/13 18:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/13 18:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/13 18:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/13 18:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/13 18:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/13 18:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/13 18:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/13 18:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/13 18:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/13 18:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/13 18:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 18:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/09/06 08:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2010/04/01 20:34:05 | 000,026,825 | ---- | M] () -- C:\aaw7boot.log
[2008/09/13 22:28:12 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2008/04/24 23:12:58 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/17 07:21:37 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/07/25 18:29:57 | 000,002,903 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/12 11:28:15 | 000,013,002 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/12/01 16:59:32 | 000,005,744 | RH-- | M] () -- C:\dell.sdr
[2011/09/16 20:19:07 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/06/12 19:09:23 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\FixBlast.exe
[2011/09/16 20:40:53 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/12 16:45:28 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/12/01 17:25:16 | 000,000,827 | -H-- | M] () -- C:\IPH.PH
[2010/05/30 19:10:10 | 000,006,733 | ---- | M] () -- C:\JavaRa.log
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/13 18:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 18:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/21 22:13:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/12/01 17:25:28 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %PROGRAMFILES%\*. >
[2008/04/24 23:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\3ivx
[2009/07/21 20:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Accubid
[2009/02/16 11:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\Accubid data
[2006/07/10 15:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2011/10/08 11:32:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/07 22:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\Agnitum
[2011/09/18 21:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2011/09/20 22:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/11/07 22:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\ArcadeWeb
[2009/07/17 22:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD LT 98
[2011/10/08 23:40:56 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2009/04/01 17:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2006/04/24 07:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\BlueTooth
[2011/09/20 22:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/09/18 21:15:59 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2011/12/21 22:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/08/07 08:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2010/06/12 11:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/16 05:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/12/01 17:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/01/28 17:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2007/10/24 19:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\CuteHTML
[2011/07/25 18:19:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberDefender
[2005/12/01 17:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/09/22 21:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/04/08 22:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2010/02/20 02:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2005/12/01 17:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2011/01/22 14:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/02/20 02:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2011/07/29 14:52:46 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2007/11/16 22:38:07 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE
[2011/10/22 14:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/04/12 22:40:25 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/04/12 22:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/09/18 21:16:42 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/12/01 17:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2005/12/01 17:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2011/10/15 21:01:35 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/12/01 17:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/09/16 15:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/09/20 22:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/04/30 17:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/02/27 07:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\Landmark Data Systems
[2008/12/28 10:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/12/30 23:59:56 | 000,000,000 | ---D | M] -- C:\Program Files\LP Recorder
[2008/12/31 00:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\LP Ripper
[2009/05/23 15:06:47 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/24 00:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/03/08 21:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/12/30 23:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/10/17 23:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2006/04/12 17:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2011/08/03 22:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/08 00:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/08 01:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/09/19 18:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/04/16 21:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/07/07 17:18:21 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2011/09/24 00:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/12/10 15:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/09/20 21:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/15 21:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/16 05:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/15 02:12:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/10/17 07:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/01/24 23:13:38 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/04/24 23:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/05/02 10:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\NECA
[2009/07/17 21:24:04 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/09/18 21:26:58 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape Internet Service
[2005/12/01 17:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/09/27 11:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeReady Office Policy Manual 2006
[2011/09/17 07:27:27 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/01/14 20:06:09 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2011/09/24 00:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/24 19:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2010/01/24 23:13:26 | 000,000,000 | ---D | M] -- C:\Program Files\PDF-file
[2011/09/20 22:33:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/15 07:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/09/27 13:29:47 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2007/03/26 08:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2011/07/30 09:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ring Factory
[2008/05/23 20:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2010/07/11 12:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/01/05 02:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\ScanningSuite
[2005/12/01 17:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/12/31 22:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/06/29 12:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/02 21:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/12/21 17:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Photo Recovery
[2008/05/23 15:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\Summitsoft
[2010/05/30 19:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/07/18 11:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/01/24 22:44:53 | 000,000,000 | ---D | M] -- C:\Program Files\TextSmartz
[2011/10/05 19:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\The Ringtone Maker Plus v5
[2006/04/24 07:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2009/03/11 00:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/02/27 07:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\TTSW8
[2009/09/27 13:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2006/05/01 14:45:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/12/01 17:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/12/31 00:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\WaveCorDC
[2005/12/01 17:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2010/12/30 23:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2011/09/16 13:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2005/12/11 11:58:49 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/11/21 21:24:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/03/31 16:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2011/09/17 07:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/17 21:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 05:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/08/16 05:40:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/08/16 05:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/01/24 19:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2011/09/16 18:17:15 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\steve\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/04/13 18:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS

< MD5 for: AHCIX86.SYS >
[2008/10/13 02:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873C2BF9D -- C:\WINDOWS\Dell\ATI\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/04/13 18:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 18:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2008/04/13 18:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2008/04/13 18:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 18:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 11:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 18:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 00:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/01/21 00:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2008/04/13 18:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 18:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/09 12:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\Dell\LSI\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2008/04/13 18:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/13 18:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-06 23:51:14

< End of report >

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Thu 22 Dec 2011, 4:55 pm

OTL Extras logfile created on: 12/21/2011 11:11:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\steve\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 129.57 Mb Available Physical Memory | 25.74% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.81% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.18 Gb Total Space | 10.01 Gb Free Space | 19.57% Space Free | Partition Type: NTFS

Computer Name: STEVE-B8A9611EA | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{18A83D23-627B-4627-AB70-0D3C8DC130AB}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF0125AF-3A6B-1DBD-01ED-72749FA8A6C4}" = The Ringtone Maker v5.2.9
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Arcadeweb" = ArcadeWeb
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"ProInst" = Intel(R) PROSet/Wireless Software
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 8:08:50 AM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/13/2011 6:34:21 PM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/13/2011 6:34:21 PM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/14/2011 1:28:15 AM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/14/2011 1:28:15 AM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/14/2011 8:08:01 PM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/14/2011 8:08:01 PM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/21/2011 11:13:25 PM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/21/2011 11:13:25 PM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 12/22/2011 12:45:47 AM | Computer Name = STEVE-B8A9611EA | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ ODiag Events ]
Error - 9/19/2011 8:26:36 PM | Computer Name = STEVE-B8A9611EA | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

Error - 9/19/2011 8:36:14 PM | Computer Name = STEVE-B8A9611EA | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kek. Error code: 80040154

[ System Events ]
Error - 12/4/2011 1:14:03 AM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/4/2011 12:10:00 PM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/4/2011 2:31:03 PM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/4/2011 4:45:09 PM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/4/2011 6:14:54 PM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/4/2011 6:20:14 PM | Computer Name = STEVE-B8A9611EA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 12/5/2011 1:12:05 AM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/5/2011 8:24:55 PM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/5/2011 10:49:38 PM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/6/2011 12:01:32 AM | Computer Name = STEVE-B8A9611EA | Source = PSched | ID = 14103
Description = QoS [Adapter {08605C42-6DA6-4D9C-890A-FDBD35F29067}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Mon 26 Dec 2011, 10:23 am

Hello Again.
Adware programs on your computer.
This causes the pop ups you are experiencing. Adware supported software is software that plays, displays, or downloads advertising automatically. Please feel free to read more at the link above.
You Can remove them via Start>>Control Panel>>Add/Remove programs:
ArcadeWeb
Coupons
Viewpoint

Then:
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Mon 26 Dec 2011, 4:29 pm

ComboFix 11-12-25.03 - steve 12/26/2011 0:00.1.1 - x86
Running from: c:\documents and settings\steve\desktop\commy.exe
Command switches used :: /stepdel
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Steve Roney\WINDOWS
C:\root
c:\windows\Downloaded Installations\BMP
c:\root\JPEG\457216.JPEG
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 04:52 . 2011-12-26 04:54 -------- d-----w- C:\commy
2011-12-11 22:15 . 2011-12-11 22:15 -------- d-----w- C:\found.000
2011-12-11 16:45 . 2011-12-11 16:45 -------- d-sh--w- c:\documents and settings\steve\IECompatCache
2011-12-11 14:11 . 2011-12-11 14:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\espionServerData
2011-12-11 03:49 . 2011-12-11 03:41 109568 ------w- c:\windows\system32\pxinsi64.exe
2011-12-11 03:49 . 2011-12-11 03:41 108544 ------w- c:\windows\system32\pxcpyi64.exe
2011-12-11 03:49 . 2011-12-11 03:41 20640 ------w- c:\windows\system32\drivers\PxHelp20.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-10-09 04:41 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-09 04:41 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-09 04:41 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-09 04:41 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-09 04:41 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-09 04:41 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-09 04:41 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-10-09 04:41 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-09 04:41 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-09 04:41 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-10 14:22 . 2011-09-17 12:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-06 03:15 . 2011-10-06 03:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2006-11-01 23:04 . 2006-04-19 12:00 13511896 ----a-w- c:\program files\PDF-File.EXE
2006-11-01 23:04 . 2004-04-20 15:08 1698138 ----a-w- c:\program files\TextSmartz.EXE
2011-11-10 05:30 . 2011-09-16 03:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 cerc6;cerc6; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 136176]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 19:13]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 19:13]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602162358-842925246-1002Core.job
- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-11 16:22]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-602162358-842925246-1002UA.job
- c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-11 16:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\yjjpt0zv.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-12-26 00:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-26 00:25:42
ComboFix-quarantined-files.txt 2011-12-26 05:25
ComboFix2.txt 2010-06-12 16:28
ComboFix3.txt 2010-01-06 04:23
.
Pre-Run: 10,179,670,016 bytes free
Post-Run: 10,138,525,696 bytes free
.
- - End Of File - - D819D852E73D5BC85AC583667E4CD8BF

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Wed 28 Dec 2011, 8:59 am

okay that looks good!
How is your computer running?

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by Scorch on Wed 28 Dec 2011, 4:35 pm

No more blue screen of death. Thank You!

Scorch

Rookie Surfer
Rookie Surfer

Posts : 147
Joined : 2009-07-12
Operating System : windows xp home

View user profile

Back to top Go down

Re: Is it a virus?

Post by houndmom on Fri 30 Dec 2011, 2:02 am

Could you post the ESET log Please. I need to see those results.
Thanks!!

houndmom

Tech Advisor
Tech Advisor

Posts : 1053
Joined : 2010-04-28
Operating System : 7 ultimate

View user profile

Back to top Go down

Re: Is it a virus?

Post by Sponsored content Today at 4:15 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum