Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown PC Problem-Please Help me :-(


  • Please log in to reply

#16
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Upon completion, the "FixMBR" button was enabled, however, the "Fix" button was not.
Here are the results of the aswMBR scan:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-26 05:25:40
-----------------------------
05:25:40.875 OS Version: Windows 5.1.2600 Service Pack 3
05:25:40.875 Number of processors: 1 586 0xD08
05:25:40.875 ComputerName: TIFFANY-E2F2D50 UserName: Tiffany Bravo
05:25:54.687 Initialize success
05:27:17.140 AVAST engine defs: 11082501
05:49:21.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
05:49:21.218 Disk 0 Vendor: TOSHIBA_MK6025GAS KA201A Size: 57231MB BusType: 3
05:49:21.296 Disk 0 MBR read successfully
05:49:21.312 Disk 0 MBR scan
05:49:21.640 Disk 0 Windows XP default MBR code
05:49:21.671 Disk 0 scanning sectors +117194175
05:49:21.828 Disk 0 scanning C:\WINDOWS\system32\drivers
05:50:10.734 Service scanning
05:50:15.906 Modules scanning
05:50:42.531 Disk 0 trace - called modules:
05:50:42.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
05:50:42.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82dd3ab8]
05:50:42.625 3 CLASSPNP.SYS[f8654fd7] -> nt!IofCallDriver -> \Device\00000075[0x82d97338]
05:50:42.671 5 ACPI.sys[f84cb620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82d97030]
05:50:42.703 Scan finished successfully
05:51:19.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\MBR.dat"
05:51:19.468 The log file has been saved successfully to "C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\aswMBR.txt"
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Your last two logs have been clean. Were you able to install the free version of Avast?

Ron
  • 0

#18
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello, I am not sure what I did wrong, but it seems Avast never downloaded with the Combofix.. so I clicked on the link to download it. It took the whole day, but it finally finished processing, and I STILL DO NOT see the avast ball. I do not see the Avast program anywhere. My computer is running super slow, so i am not sure what happened :-(

Edited by mamamontes33, 26 August 2011 - 11:11 PM.

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron
  • 0

#20
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
[b]Hello Ron,

After the sfc /scaanow begin, the window popped up and is asking for a CD. I put in and it said it was not the correct on, so I skipped it; but it constantly pops up. I am wondering if this is affecting the scan since it has been scanning for 4 hours and is not complete. Just making sure this is normal. Thanks.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Taking way too long. Cancel and go on.
  • 0

#22
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are the results of the sigverif:
There were quite a few on the list, but there was only one from this year 6/23/2011 Name: korwbrkr.lex Location: c:\windows\system version: 8.0.6001.1909


Thanks again,

Tiffany :)

Edited by mamamontes33, 28 August 2011 - 08:33 AM.

  • 0

#23
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
here are the results for the system check in the event viewer tool:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/08/2011 7:36:26 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/08/2011 11:57:07 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HP WMI Interface service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 27/08/2011 11:57:07 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the HP WMI Interface service to connect.

Log: 'System' Date/Time: 27/08/2011 11:56:47 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1053" attempting to start the service hpqwmi with arguments "-Service" in order to run the server: {7DC5B2D7-CACC-47F2-836E-4DF85F026072}

Log: 'System' Date/Time: 27/08/2011 11:56:14 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdrom eabfiltr Imapi redbook

Log: 'System' Date/Time: 27/08/2011 11:53:43 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.65 for the Network Card with network address 0012F0B2AD22 has been denied by the DHCP server 192.168.33.1 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/08/2011 1:34:36 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 27/08/2011 11:54:21 AM
Type: warning Category: 0
Event: 3032 Source: MRxSmb
The redirector was unable to register the domain WORKGROUP on to transport NetBT_Tcpip_{27DEE47A-651B-45B9-9BDA for the following reason: . Transport has been taken offline.
  • 0

#24
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are the results for the application one:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/08/2011 7:39:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#25
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
When I tried to do the Process Explorer under Administrator, and error came up and said:
"Unable to log on: Logon failure: unknown user name or bad password." I do not ever remember setting up a password on my computer, so I wouldn't know what it is.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
You don't need to right click on Process Explorer since you do not have Vista or Win 7. Just double click on it.


Copy the following text:

/md5start
Cdrom.sys
eabfiltr.sys
Imapi.sys
redbook.sys
hpqwmi.exe
/md5stop


Run OTL
Paste the copied text into the Custom Scan/Fixes box. Hit Run Scan. Copy and paste the text.

Ron
  • 0

#27
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are the results from the OTL scan:

OTL logfile created on: 8/28/2011 9:03:35 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 162.81 Mb Available Physical Memory | 32.40% Memory free
1.20 Gb Paging File | 0.65 Gb Available in Paging File | 54.41% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.68 Gb Total Space | 37.56 Gb Free Space | 67.46% Space Free | Partition Type: NTFS

Computer Name: TIFFANY-E2F2D50 | User Name: Tiffany Bravo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 22:38:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\My Documents\Downloads\OTL.exe
PRC - [2011/08/11 22:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/03 07:49:18 | 000,490,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2011/02/03 07:49:12 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/08/26 10:13:54 | 000,465,424 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/27 13:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 22:57:30 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/09/06 09:43:53 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/26 10:13:54 | 000,465,424 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2009/01/10 15:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/10 15:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/16 14:52:06 | 000,013,184 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/05/25 17:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2008/02/25 13:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/07/26 01:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/04/13 10:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/03/16 05:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/01/31 18:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/26 02:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/09/20 03:53:34 | 000,235,100 | R--- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/03 07:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/21 13:34:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/21 13:34:56 | 000,000,000 | ---D | M]

[2010/09/05 19:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Extensions
[2011/08/21 09:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Firefox\Profiles\vq6k2wz9.default\extensions
[2011/04/02 20:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Firefox\Profiles\vq6k2wz9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/05 19:20:18 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Firefox\Profiles\vq6k2wz9.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/09/05 19:20:12 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Firefox\Profiles\vq6k2wz9.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2010/09/05 19:20:38 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Firefox\Profiles\vq6k2wz9.default\extensions\[email protected]
[2010/09/05 19:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Mozilla\Firefox\Profiles\vq6k2wz9.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}\mozapps\extensions
[2011/08/21 13:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/09/05 17:48:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/25 17:43:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://ss-vic-1.apu.../auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/05 17:15:16 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/28 07:41:54 | 004,768,032 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\procexp.exe
[2011/08/28 07:34:28 | 000,061,440 | ---- | C] ( ) -- C:\VEW.exe
[2011/08/27 19:19:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/08/27 19:19:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/08/27 19:18:21 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/08/27 19:18:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/08/27 19:17:31 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/08/27 19:17:29 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/08/27 19:17:29 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/08/27 19:17:28 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/08/27 19:17:18 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/08/27 19:17:16 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/08/27 19:17:16 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/08/27 19:17:15 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/08/27 19:17:14 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/08/27 19:17:13 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/08/27 19:17:13 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/08/27 19:17:12 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/08/27 19:17:11 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/08/27 19:17:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/08/27 19:17:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/08/27 19:16:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/08/27 19:16:34 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/08/27 19:12:24 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/08/27 19:12:23 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/08/27 19:12:23 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/08/27 19:12:22 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/08/27 19:12:21 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/08/27 19:12:21 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/08/27 19:12:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/08/27 19:12:16 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/08/27 19:12:16 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/08/27 19:12:15 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/08/27 19:12:15 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/08/27 19:12:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/08/27 19:12:13 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/08/27 19:12:12 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/08/27 19:12:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/08/27 19:12:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/08/27 19:12:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/08/27 19:12:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/08/27 19:12:09 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/08/27 19:12:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/08/26 21:49:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/25 18:26:12 | 001,916,416 | ---- | C] (AVAST Software) -- C:\aswMBR.exe
[2011/08/25 18:08:06 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/08/25 16:28:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/25 16:19:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/25 16:19:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/25 16:19:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/25 16:19:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/25 16:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/25 16:18:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/25 16:18:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/25 16:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\My Documents\My Videos
[2011/08/25 16:18:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Start Menu\Programs\Administrative Tools
[2011/08/25 16:09:19 | 004,183,543 | R--- | C] (Swearware) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\ComboFix.exe
[2011/08/25 12:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Malwarebytes
[2011/08/25 12:08:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/25 12:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/25 12:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/08/25 12:08:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/25 12:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/25 12:06:23 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/25 11:10:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/24 21:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/08/24 09:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/08/22 07:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\My Documents\Scholarships
[2011/08/15 12:44:34 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/15 12:42:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\*.tmp files -> C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/28 20:10:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/28 20:08:42 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-839522115-1801674531-1003.job
[2011/08/28 20:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/28 20:08:25 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/28 07:47:55 | 000,000,659 | ---- | M] () -- C:\Shortcut (3) to ComboFix.exe.lnk
[2011/08/28 07:47:44 | 000,000,659 | ---- | M] () -- C:\Shortcut (2) to ComboFix.exe.lnk
[2011/08/28 07:47:24 | 000,000,659 | ---- | M] () -- C:\Shortcut to ComboFix.exe.lnk
[2011/08/28 07:42:12 | 004,768,032 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\procexp.exe
[2011/08/28 07:34:23 | 000,061,440 | ---- | M] ( ) -- C:\VEW.exe
[2011/08/27 14:17:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/26 05:59:26 | 056,167,608 | ---- | M] () -- C:\setup_av_free.exe
[2011/08/26 05:51:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\MBR.dat
[2011/08/25 18:26:35 | 001,916,416 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2011/08/25 17:43:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/25 16:29:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/25 16:09:47 | 004,183,543 | R--- | M] (Swearware) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\ComboFix.exe
[2011/08/25 12:08:44 | 000,000,784 | ---- | M] () -- C:\Malwarebytes' Anti-Malware.lnk
[2011/08/25 12:07:05 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/24 23:24:12 | 000,194,613 | ---- | M] () -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\Me hiking.JPG
[2011/08/21 13:35:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/21 13:35:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/08/17 14:33:53 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/17 14:11:13 | 000,503,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/17 14:11:13 | 000,087,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/17 14:10:07 | 000,004,291 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\*.tmp files -> C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/28 07:47:55 | 000,000,659 | ---- | C] () -- C:\Shortcut (3) to ComboFix.exe.lnk
[2011/08/28 07:47:44 | 000,000,659 | ---- | C] () -- C:\Shortcut (2) to ComboFix.exe.lnk
[2011/08/28 07:47:23 | 000,000,659 | ---- | C] () -- C:\Shortcut to ComboFix.exe.lnk
[2011/08/26 05:56:08 | 056,167,608 | ---- | C] () -- C:\setup_av_free.exe
[2011/08/26 05:51:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\MBR.dat
[2011/08/25 16:29:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/25 16:28:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/25 16:19:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/25 16:19:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/25 16:19:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/25 16:19:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/25 16:19:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/25 12:08:44 | 000,000,784 | ---- | C] () -- C:\Malwarebytes' Anti-Malware.lnk
[2011/08/24 23:24:12 | 000,194,613 | ---- | C] () -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Desktop\Me hiking.JPG
[2011/08/21 13:35:04 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/09 14:06:47 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/17 23:28:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 08:14:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/06 14:44:59 | 000,121,299 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/09/06 14:44:58 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/09/06 08:38:38 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Tiffany Bravo.TIFFANY-E2F2D50\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 19:16:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/05 18:12:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/05 17:09:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/05 17:09:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/05 17:09:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/05 17:09:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/05 17:09:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/05 17:09:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/09/05 16:06:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 15:56:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/05 08:38:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/05 08:34:25 | 000,313,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/12 01:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,503,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,087,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\fsutil.exe
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\ureg.dll
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/12/31 05:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 11:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 11:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========



< MD5 for: CDROM.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Cdrom.sys
[2011/01/13 17:22:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Cdrom.sys
[2011/01/13 17:22:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Cdrom.sys
[2008/04/13 11:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 11:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/04 05:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: HPQWMI.EXE >
[2005/03/04 12:16:18 | 000,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) MD5=6745820C1B0783A367F03DA128F5B1E2 -- C:\Program Files\HPQ\shared\hpqwmi.exe

< MD5 for: IMAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Imapi.sys
[2011/01/13 17:22:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Imapi.sys
[2011/01/13 17:22:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Imapi.sys
[2008/04/13 11:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\ServicePackFiles\i386\imapi.sys
[2008/04/13 11:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2004/08/04 05:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- C:\WINDOWS\$NtServicePackUninstall$\imapi.sys

< MD5 for: REDBOOK.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2011/01/13 17:22:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2011/01/13 17:22:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/03 15:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/13 11:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/13 11:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys

< End of report >
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Please run Process Explorer and post the log.

Right click on My Computer and select Manage then Device Manager. In the right pane find DVD/CD-ROM and click on the + in front of it to open the subfolders. Your DVD or CD Rom should be there. Right click on it and Uninstall then clear the System Event logs as before:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Reboot.

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Ron
  • 0

#29
mamamontes33

mamamontes33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
oh my goodness. I thought the process explorer was a scan so I waiting and waiting... and then I read over your directions again and saw I was supposed to sort and save. Sorry for the delay! here you go:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 92.19 0 K 28 K
procexp.exe 2980 6.25 10,500 K 9,008 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
csrss.exe 864 1.56 1,868 K 2,220 K Client Server Runtime Process Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wuauclt.exe 2776 2,352 K 144 K Windows Update Microsoft Corporation
wscntfy.exe 1004 680 K 260 K Windows Security Center Notification App Microsoft Corporation
wmiprvse.exe 2316 2,068 K 628 K WMI Microsoft Corporation
winlogon.exe 904 8,640 K 4,508 K Windows NT Logon Application Microsoft Corporation
WindowsSearch.exe 2456 5,948 K 940 K Windows Search System Tray Microsoft Corporation
System 4 0 K 60 K
svchost.exe 1244 20,684 K 11,472 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1108 3,276 K 1,028 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1176 1,972 K 1,556 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1352 1,828 K 1,636 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1488 1,292 K 92 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 576 1,452 K 116 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 228 1,160 K 220 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 244 1,148 K 224 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 344 2,536 K 144 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1872 3,868 K 1,168 K Spooler SubSystem App Microsoft Corporation
smss.exe 752 172 K 56 K Windows NT Session Manager Microsoft Corporation
SMax4PNP.exe 1660 2,372 K 476 K SMax4PNP MFC Application Analog Devices, Inc.
SMAgent.exe 308 664 K 64 K SoundMAX service agent component Analog Devices, Inc.
services.exe 948 1,912 K 1,212 K Services and Controller app Microsoft Corporation
searchindexer.exe 512 20,184 K 4,512 K Microsoft Windows Search Indexer Microsoft Corporation
realsched.exe 2152 1,396 K 240 K RealNetworks Scheduler RealNetworks, Inc.
QTTask.exe 1008 752 K 240 K QuickTime Task Apple Inc.
plugin-container.exe 3096 14,396 K 18,956 K Plugin Container for Firefox Mozilla Corporation
PdaNetPC.exe 2480 9,792 K 436 K
mDNSResponder.exe 740 1,336 K 732 K Bonjour Service Apple Inc.
mbamservice.exe 2020 120,692 K 77,504 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 2164 3,192 K 1,532 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsass.exe 960 3,956 K 536 K LSA Shell (Export Version) Microsoft Corporation
jusched.exe 2088 1,408 K 84 K Java™ Update Scheduler Sun Microsystems, Inc.
jucheck.exe 2748 2,696 K 256 K Java™ Update Checker Sun Microsystems, Inc.
jqs.exe 1960 2,388 K 1,400 K Java™ Quick Starter Service Sun Microsystems, Inc.
igfxtray.exe 1732 1,568 K 276 K igfxTray Module Intel Corporation
hpwuSchd2.exe 636 716 K 376 K Hewlett-Packard Product Assistant Hewlett-Packard Co.
hpqwmi.exe 2548 2,188 K 84 K hpqwmi Module Hewlett-Packard Development Company, L.P.
HP Wireless Assistant.exe 2100 2,184 K 340 K hp Wireless Assistant Module Hewlett-Packard Company
hkcmd.exe 1764 1,676 K 296 K hkcmd Module Intel Corporation
firefox.exe 1416 100,488 K 114,424 K Firefox Mozilla Corporation
explorer.exe 1644 24,244 K 8,684 K Windows Explorer Microsoft Corporation
AppleMobileDeviceService.exe 704 4,784 K 348 K MobileDeviceService Apple Inc.
Apoint.exe 1712 1,704 K 716 K Alps Pointing-device Driver Alps Electric Co., Ltd.
ApntEx.exe 2296 960 K 420 K Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
alg.exe 1792 1,288 K 108 K Application Layer Gateway Service Microsoft Corporation
AGRSMMSG.exe 1676 864 K 356 K SoftModem Messaging Applet Agere Systems
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
OK. Please go on to the next step:

Right click on My Computer and select Manage then Device Manager. In the right pane find DVD/CD-ROM and click on the + in front of it to open the subfolders. Your DVD or CD Rom should be there. Right click on it and Uninstall then clear the System Event logs as before:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Reboot.

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP