Jump to content


Photo
- - - - -

Search Engine Redirect Virus


  • This topic is locked This topic is locked
36 replies to this topic

#1 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 17 February 2012 - 09:22 PM

I just upgraded to MWB Pro. I have a Redirect Virus. Regular MWB was not able to kill it. I also downloaded and ran TDSS Killer but I did not want to do Combofix without being directed to do so. Here are my DDS logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Reception at 18:19:19 on 2012-02-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.554 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\ofps.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - c:\program files\acro software\cutepdf filler evaluation\CPFillerCoE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\reception\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Vrixalirikijira] rundll32.exe "c:\windows\mg3232.dll",Startup
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\office
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233407933693&h=d13abdf447e90debdef59dddb049cd01/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.3384027778
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://12.107.193.125:8080/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{2228AEB3-7712-4516-9280-9AE0D8F968B6} : DhcpNameServer = 192.168.0.1 68.94.156.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\reception\application data\mozilla\firefox\profiles\uupiuhkm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\reception\application data\mozilla\firefox\profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-29 652360]
R2 PPPoEService;PPPoE Service;c:\progra~1\effici~1\entern~1\app\pppoeservice.exe [2008-2-15 49152]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-28 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-29 20464]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120216.004\naveng.sys [2012-2-16 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120216.004\navex15.sys [2012-2-16 1576312]
S0 febfb7f54ba8f5ca258451461b7cd608;febfb7f54ba8f5ca258451461b7cd608;c:\windows\system32\febfb7f54ba8f5ca258451461b7cd608.sys --> c:\windows\system32\febfb7f54ba8f5ca258451461b7cd608.sys [?]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-17 40776]
S3 NTSPPPOE;NTS Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [2008-2-15 159712]
S3 RAWESR;RAWESR;c:\progra~1\effici~1\entern~1\app\RAWESR.SYS [2008-2-15 9152]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys --> c:\windows\system32\drivers\ulink.sys [?]
.
=============== Created Last 30 ================
.
2012-02-17 22:26:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-17 18:41:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-05 15:17:25 -------- d--h--w- C:\$AVG
2012-02-05 14:34:52 -------- d-----w- c:\documents and settings\reception\application data\AVG2012
2012-02-05 14:23:18 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-05 14:23:18 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-02-05 14:20:36 -------- d-----w- c:\program files\AVG
2012-02-05 06:36:23 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-02-05 06:35:37 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-02-03 21:07:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-03 21:07:37 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2008-02-15 22:27:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 18:24:11.40 ===============

and attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2003 12:03:56 PM
System Uptime: 2/17/2012 5:29:01 PM (1 hours ago)
.
Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel® Celeron® CPU 1.80GHz | Socket 478 | 1794/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 7.4 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP991: 1/1/2012 9:21:02 AM - System Checkpoint
RP992: 1/2/2012 9:33:04 AM - System Checkpoint
RP993: 1/3/2012 9:46:05 AM - System Checkpoint
RP994: 1/4/2012 9:49:56 AM - System Checkpoint
RP995: 1/5/2012 11:15:34 AM - System Checkpoint
RP996: 1/6/2012 12:20:35 PM - System Checkpoint
RP997: 1/7/2012 2:29:32 PM - System Checkpoint
RP998: 1/8/2012 3:22:58 PM - System Checkpoint
RP999: 1/9/2012 4:49:43 PM - System Checkpoint
RP1000: 1/10/2012 5:01:39 PM - System Checkpoint
RP1001: 1/11/2012 6:06:13 PM - System Checkpoint
RP1002: 1/12/2012 6:53:50 PM - System Checkpoint
RP1003: 1/13/2012 7:22:41 PM - System Checkpoint
RP1004: 1/14/2012 7:48:39 PM - System Checkpoint
RP1005: 1/15/2012 9:05:09 PM - System Checkpoint
RP1006: 1/16/2012 9:38:22 PM - System Checkpoint
RP1007: 1/17/2012 10:35:29 PM - System Checkpoint
RP1008: 1/19/2012 12:19:01 AM - System Checkpoint
RP1009: 1/20/2012 4:00:01 AM - System Checkpoint
RP1010: 1/21/2012 4:48:31 AM - System Checkpoint
RP1011: 1/22/2012 6:05:30 AM - System Checkpoint
RP1012: 1/23/2012 7:36:33 AM - System Checkpoint
RP1013: 1/24/2012 7:49:33 AM - System Checkpoint
RP1014: 1/25/2012 8:15:31 AM - System Checkpoint
RP1015: 1/26/2012 9:19:33 AM - System Checkpoint
RP1016: 1/27/2012 11:01:59 AM - System Checkpoint
RP1017: 1/28/2012 11:21:18 AM - System Checkpoint
RP1018: 1/29/2012 12:05:55 PM - System Checkpoint
RP1019: 1/30/2012 12:17:55 PM - System Checkpoint
RP1020: 1/31/2012 2:22:19 PM - System Checkpoint
RP1021: 2/1/2012 2:26:02 PM - System Checkpoint
RP1022: 2/2/2012 3:05:22 PM - System Checkpoint
RP1023: 2/3/2012 4:05:37 PM - Restore Operation
RP1024: 2/4/2012 4:16:03 PM - System Checkpoint
RP1025: 2/5/2012 9:20:34 AM - Installed AVG 2012
RP1026: 2/5/2012 9:22:21 AM - Installed AVG 2012
RP1027: 2/6/2012 9:36:52 AM - System Checkpoint
RP1028: 2/7/2012 4:48:29 AM - Software Distribution Service 3.0
RP1029: 2/8/2012 5:06:58 AM - System Checkpoint
RP1030: 2/9/2012 5:16:11 AM - System Checkpoint
RP1031: 2/10/2012 5:42:11 AM - System Checkpoint
RP1032: 2/11/2012 5:43:29 AM - System Checkpoint
RP1033: 2/12/2012 6:46:58 AM - System Checkpoint
RP1034: 2/13/2012 7:52:02 AM - System Checkpoint
RP1035: 2/14/2012 8:31:02 AM - System Checkpoint
RP1036: 2/15/2012 10:19:37 AM - System Checkpoint
RP1037: 2/16/2012 11:05:02 AM - System Checkpoint
RP1038: 2/16/2012 9:26:19 PM - Restore Operation
RP1039: 2/16/2012 9:48:37 PM - Restore Operation
.
==== Installed Programs ======================
.
.
A Fairy Tale
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.0.1)
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6
Ancient Secrets
Annabel
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 6
AT&T Yahoo! Applications
ATT-AACE
AVG 2012
AXIS Media Control Embedded
BACS
Bonjour
Book of Legends
Broadcom Advanced Control Suite
BroadJump Client Foundation
Brother HL-2140
CA Yahoo! Anti-Spy (remove only)
CamQuest6 Cam Selection.0408
Canon Camera Access Library
Canon Easy-WebPrint EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MP Navigator EX 3.0
Canon MP990 series MP Drivers
Canon MP990 series User Registration
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Clue
Critical Update for Windows Media Player 11 (KB959772)
Cubis Gold 2
CutePDF Form Filler 3.5 (Evaluation)
DCR Calculator
Dell Solution Center
Dell Support 5.0.0 (766)
Detective Stories - Hollywood
DirectX Media Runtime 5.1
DynoSim ProTools Engine Simulation v.4.10
Easy CD Creator 5 Basic
EnterNet 300
Escape Rosecliff Island™
GearDrvs
Glyph™ 2
Google Chrome
Google Toolbar for Internet Explorer
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Web Jetadmin
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
Intel® Extreme Graphics Driver
iTunes
Java™ 6 Update 11
LeapFrog Connect
LeapFrog My Pals Plugin
LG USB Modem driver
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Lost in Reefs
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Mobipocket Creator 4.2
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Legends™ - Sleepy Hollow
Mystery P.I.™ - The New York Fortune
Mystic Emporium
Nancy Drew® - Curse of Blackmoor Manor
Nancy Drew® - Dossier™ - Lights, Camera, Curses!
Nancy Drew® - Phantom of Venice
Nancy Drew® - Secret of the Old Clock
Nancy Drew® - The Legend of the Crystal Skull
OmniForm Premium 5.0
QuickTime
RealArcade
RealPlayer
Remote Control USB Driver
Saqqarah
Search Assistant - My Web Search
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SHARP DC PC-FAX driver
Sharpdesk
Shockwave
SpywareBlaster 4.1
Super GameHouse Solitaire Volume 3
Supercow
Symantec AntiVirus
TeamViewer 5
The Clumsys
The Pini Society® - The Remarkable Truth
Undiscovered World - The Incan Sun
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Villagers - The Secret City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wandering Willows™
WebFldrs XP
WildGames
Windows Desktop Search 3.01
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Easy Transfer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2008
Wizard's Pen™
Yahoo! Search Protection
Yahoo! Software Update
Youda Farmer
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 5:37:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
2/17/2012 5:37:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
2/17/2012 5:37:02 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2012 4:49:45 PM, error: Service Control Manager [7016] - The OmniForm Printer service has reported an invalid current state 0.
2/16/2012 9:55:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
2/16/2012 9:55:32 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 9:55:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/16/2012 9:51:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
2/16/2012 9:51:56 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 9:51:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/16/2012 9:48:54 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
2/16/2012 9:25:22 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Thank you so much for all of your help.
Cari

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 February 2012 - 07:18 AM

Hello Cari! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

  • Search Assistant - My Web Search - Provide search features, and hijack browser search requests to its controlling servers run by MyWay.
  • Zynga Toolbar - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
  • Viewpoint Manager (Remove Only) - It is considered to be foistware since it is often installed without a user's knowledge or approval.
  • Viewpoint Media Player - It is considered to be foistware since it is often installed without a user's knowledge or approval.


Step 2

I don't know how you deal with TDSSKiller and what version you have, so let's repeat the procedure. Delete your TDSSKiller.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


In your next post, please include:

  • TDSSKiller log
  • ComboFix log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 18 February 2012 - 08:47 AM

I can not remove Search assistant. Everytime I try to uninstall, it just populates a blank white window, and does nothing. I let it sit for about 1 hour, and it still did nothing.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 February 2012 - 08:54 AM

Thanks for letting me know!

We take care to remove it later. Please proceed further.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 18 February 2012 - 11:56 AM

ComboFix 09-01-21.04 - Reception 2009-01-29 16:55:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.498 [GMT -5:00]
Running from: c:\documents and settings\Reception\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Reception\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Norton Security Online *On-access scanning disabled* (Updated)
FW: Norton Security Online *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\cdffefeba.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\vumer.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-28 14:20 . 2009-01-28 14:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-27 19:35 . 2009-01-27 19:35 578,560 --a------ c:\windows\SYSTEM32\DLLCACHE\user32.dll
2009-01-27 19:30 . 2009-01-27 19:31 <DIR> d-------- c:\windows\ERUNT
2009-01-27 18:54 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-27 15:21 . 2009-01-29 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-18 15:56 . 2009-01-18 15:56 0 --a------ c:\windows\Curses.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 22:07 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-29 20:14 --------- d-----w c:\program files\IrfanView
2009-01-29 20:13 --------- d-----w c:\program files\Lavasoft
2009-01-29 19:05 --------- d-----w c:\program files\TeamViewer3
2009-01-29 17:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-29 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-21 02:38 --------- d-----w c:\program files\Symantec
2009-01-21 02:30 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-21 02:30 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-21 02:30 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-18 13:11 --------- d-----w c:\program files\RealArcade
2009-01-15 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 13:24 --------- d-----w c:\program files\Common Files\Adobe
2008-12-29 14:24 --------- d-----w c:\documents and settings\Reception\Application Data\Gogii Games
2008-12-29 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii Games
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 22:28 --------- d-----w c:\documents and settings\Reception\Application Data\TeamViewer
2008-11-10 07:32 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-10 07:32 286,720 ------w c:\windows\Setup1.exe
2008-02-15 22:27 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-09-16 06:35 66,408 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 54,112 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 34,688 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 46,456 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 171,880 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-12 16:26 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-01-19 4670968]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 185896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-14 67128]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= LrxYV12.dll
"vidc.ZJPG"= pzjpeg32.dll
"vidc.LRXH"= LRXHCodec.dll
"vidc.ADV1"= WavLor.dll
"vidc.WVT2"= WaveT2.dll
"vidc.TJPG"= tjpegcodec.dll
"vidc.LRX2"= LrxYV12.dll
"VIDC.SN40"= SN4Codec.dll
"VIDC.SN41"= SN4Codec.dll
"VIDC.SJPG"= SN4Codec.dll
"VIDC.LNX1"= LnxCodec.dll
"VIDC.AXM4"= axismpg4.dll
"VIDC.VRM4"= verintmpg4.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start Network Scanner Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start Network Scanner Tool.lnk
backup=c:\windows\pss\Start Network Scanner Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Reception^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Reception\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2003-03-20 12:10 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2004-07-19 07:51 306688 c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-10-19 07:59 126976 c:\windows\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-10-19 07:59 155648 c:\windows\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]
--a--c--- 2001-11-08 09:37 28672 c:\program files\Sharp\Sharpdesk\SharpTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-10 20:14 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 13:48 509224 c:\progra~1\Yahoo!\YOP\yop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2866:UDP"= 2866:UDP:Windows Media Format SDK (iexplore.exe)
"2867:UDP"= 2867:UDP:Windows Media Format SDK (iexplore.exe)
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-11 99376]
R4 PPPoEService;PPPoE Service;c:\progra~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [2008-02-15 49152]
R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-07 24652]
S3 NTSPPPOE;NTS Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\SYSTEM32\DRIVERS\ntspppoe.sys [2008-02-15 159712]
S3 RAWESR;RAWESR;c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [2008-02-15 9152]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee84cfa-76e7-11da-ae0f-000bdb0e9879}]
\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-26 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-13 19:12]
2009-01-27 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Reception.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{8190B965-F254-42C4-9192-C4A7E32C6B2F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - c:\windows\system32\vumer.dll
HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-CaAvTray - c:\program files\Yahoo!\Antivirus\CAVTray.exe
MSConfigStartUp-CAVRID - c:\program files\Yahoo!\Antivirus\CAVRID.exe
MSConfigStartUp-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe
MSConfigStartUp-REWARDS NETWORK - c:\program files\Rewards Network\brntray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\ypager.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: microsoft.com\office
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://12.107.193.125:8080/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 17:09:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\system32\febfb7f54ba8f5ca258451461b7cd608.sys 39936 bytes executable
c:\windows\system32\_febfb7f54ba8f5ca258451461b7cd608.sys_.vir 39936 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\febfb7f54ba8f5ca258451461b7cd608]
"ImagePath"="system32\febfb7f54ba8f5ca258451461b7cd608.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\TeamViewer3\TeamViewer.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\SYSTEM32\searchprotocolhost.exe
c:\progra~1\Yahoo!\YOP\SSDK02.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
c:\windows\SYSTEM32\searchfilterhost.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-29 17:21:30 - machine was rebooted [Reception]
ComboFix-quarantined-files.txt 2009-01-29 22:21:10
Pre-Run: 18,154,098,688 bytes free
Post-Run: 18,179,223,552 bytes free
240 --- E O F --- 2009-01-15 08:08:05


TDDS
08:48:15.0375 0736 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
08:48:16.0265 0736 ============================================================
08:48:16.0265 0736 Current date / time: 2012/02/18 08:48:16.0265
08:48:16.0265 0736 SystemInfo:
08:48:16.0265 0736
08:48:16.0265 0736 OS Version: 5.1.2600 ServicePack: 3.0
08:48:16.0265 0736 Product type: Workstation
08:48:16.0265 0736 ComputerName: RECPT
08:48:16.0265 0736 UserName: Reception
08:48:16.0265 0736 Windows directory: C:\WINDOWS
08:48:16.0265 0736 System windows directory: C:\WINDOWS
08:48:16.0265 0736 Processor architecture: Intel x86
08:48:16.0265 0736 Number of processors: 1
08:48:16.0265 0736 Page size: 0x1000
08:48:16.0265 0736 Boot type: Normal boot
08:48:16.0265 0736 ============================================================
08:48:22.0671 0736 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:48:22.0671 0736 \Device\Harddisk0\DR0:
08:48:22.0671 0736 MBR used
08:48:22.0671 0736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4C7F241
08:48:22.0734 0736 Initialize success
08:48:22.0734 0736 ============================================================
08:48:32.0234 6020 ============================================================
08:48:32.0234 6020 Scan started
08:48:32.0234 6020 Mode: Manual; SigCheck; TDLFS;
08:48:32.0250 6020 ============================================================
08:48:33.0437 6020 Abiosdsk - ok
08:48:33.0531 6020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
08:48:35.0328 6020 abp480n5 - ok
08:48:35.0500 6020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:48:35.0875 6020 ACPI - ok
08:48:36.0468 6020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:48:36.0781 6020 ACPIEC - ok
08:48:36.0937 6020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
08:48:37.0265 6020 adpu160m - ok
08:48:37.0421 6020 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
08:48:37.0500 6020 aeaudio - ok
08:48:37.0640 6020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:48:37.0968 6020 aec - ok
08:48:38.0156 6020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:48:38.0296 6020 AFD - ok
08:48:38.0437 6020 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
08:48:38.0781 6020 agp440 - ok
08:48:38.0890 6020 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
08:48:39.0218 6020 agpCPQ - ok
08:48:39.0421 6020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
08:48:39.0640 6020 Aha154x - ok
08:48:39.0796 6020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
08:48:40.0156 6020 aic78u2 - ok
08:48:40.0343 6020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
08:48:40.0703 6020 aic78xx - ok
08:48:40.0875 6020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
08:48:41.0218 6020 AliIde - ok
08:48:41.0421 6020 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
08:48:41.0750 6020 alim1541 - ok
08:48:41.0890 6020 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
08:48:42.0218 6020 amdagp - ok
08:48:42.0453 6020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
08:48:42.0640 6020 amsint - ok
08:48:42.0781 6020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
08:48:43.0109 6020 asc - ok
08:48:43.0250 6020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
08:48:43.0453 6020 asc3350p - ok
08:48:43.0640 6020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
08:48:43.0968 6020 asc3550 - ok
08:48:44.0156 6020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:48:44.0468 6020 AsyncMac - ok
08:48:44.0640 6020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:48:44.0953 6020 atapi - ok
08:48:45.0046 6020 Atdisk - ok
08:48:45.0171 6020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:48:45.0531 6020 Atmarpc - ok
08:48:45.0687 6020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:48:46.0000 6020 audstub - ok
08:48:46.0156 6020 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
08:48:46.0453 6020 AVGIDSDriver - ok
08:48:46.0625 6020 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
08:48:46.0656 6020 AVGIDSEH - ok
08:48:46.0796 6020 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
08:48:46.0828 6020 AVGIDSFilter - ok
08:48:46.0968 6020 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
08:48:47.0000 6020 AVGIDSShim - ok
08:48:47.0140 6020 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:48:47.0187 6020 Avgldx86 - ok
08:48:47.0421 6020 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:48:47.0468 6020 Avgmfx86 - ok
08:48:47.0609 6020 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:48:47.0656 6020 Avgrkx86 - ok
08:48:47.0812 6020 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:48:47.0875 6020 Avgtdix - ok
08:48:48.0015 6020 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
08:48:48.0078 6020 bcm4sbxp - ok
08:48:48.0203 6020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:48:48.0593 6020 Beep - ok
08:48:48.0765 6020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
08:48:49.0125 6020 cbidf - ok
08:48:49.0328 6020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:48:49.0671 6020 cbidf2k - ok
08:48:49.0828 6020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
08:48:50.0015 6020 cd20xrnt - ok
08:48:50.0125 6020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:48:50.0484 6020 Cdaudio - ok
08:48:50.0734 6020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:48:51.0046 6020 Cdfs - ok
08:48:51.0218 6020 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
08:48:51.0250 6020 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning
08:48:51.0250 6020 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)
08:48:51.0406 6020 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
08:48:51.0437 6020 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning
08:48:51.0437 6020 Cdralw2k - detected UnsignedFile.Multi.Generic (1)
08:48:51.0593 6020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:48:51.0937 6020 Cdrom - ok
08:48:52.0062 6020 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
08:48:52.0109 6020 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning
08:48:52.0109 6020 cdudf_xp - detected UnsignedFile.Multi.Generic (1)
08:48:52.0234 6020 Changer - ok
08:48:52.0421 6020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
08:48:52.0781 6020 CmdIde - ok
08:48:53.0046 6020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
08:48:53.0437 6020 Cpqarray - ok
08:48:53.0593 6020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
08:48:53.0984 6020 dac2w2k - ok
08:48:54.0109 6020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
08:48:54.0468 6020 dac960nt - ok
08:48:54.0640 6020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:48:54.0937 6020 Disk - ok
08:48:55.0125 6020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:48:55.0500 6020 dmboot - ok
08:48:55.0718 6020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:48:56.0046 6020 dmio - ok
08:48:56.0187 6020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:48:56.0562 6020 dmload - ok
08:48:56.0718 6020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:48:57.0046 6020 DMusic - ok
08:48:57.0218 6020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
08:48:57.0578 6020 dpti2o - ok
08:48:57.0718 6020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:48:58.0031 6020 drmkaud - ok
08:48:58.0171 6020 dvd_2K (0c7d4bf5158ab759f5e71829e93e0ba9) C:\WINDOWS\system32\drivers\dvd_2K.sys
08:48:58.0234 6020 dvd_2K ( UnsignedFile.Multi.Generic ) - warning
08:48:58.0234 6020 dvd_2K - detected UnsignedFile.Multi.Generic (1)
08:48:58.0437 6020 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:48:58.0515 6020 eeCtrl - ok
08:48:58.0687 6020 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
08:48:59.0046 6020 EL90XBC - ok
08:48:59.0218 6020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:48:59.0578 6020 Fastfat - ok
08:48:59.0796 6020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:49:00.0109 6020 Fdc - ok
08:49:00.0187 6020 febfb7f54ba8f5ca258451461b7cd608 - ok
08:49:00.0343 6020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:49:00.0656 6020 Fips - ok
08:49:00.0812 6020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:49:01.0125 6020 Flpydisk - ok
08:49:01.0343 6020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:49:01.0671 6020 FltMgr - ok
08:49:01.0781 6020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:49:02.0125 6020 Fs_Rec - ok
08:49:02.0281 6020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:49:02.0656 6020 Ftdisk - ok
08:49:02.0781 6020 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:49:02.0828 6020 GEARAspiWDM - ok
08:49:02.0968 6020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:49:03.0281 6020 Gpc - ok
08:49:03.0453 6020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:49:03.0828 6020 HidUsb - ok
08:49:03.0984 6020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
08:49:04.0328 6020 hpn - ok
08:49:04.0484 6020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:49:04.0593 6020 HTTP - ok
08:49:04.0765 6020 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:49:05.0062 6020 i2omgmt - ok
08:49:05.0281 6020 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
08:49:05.0640 6020 i2omp - ok
08:49:05.0796 6020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:49:06.0109 6020 i8042prt - ok
08:49:06.0234 6020 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
08:49:06.0562 6020 i81x - ok
08:49:06.0718 6020 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
08:49:07.0000 6020 iAimFP0 - ok
08:49:07.0125 6020 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
08:49:07.0421 6020 iAimFP1 - ok
08:49:07.0546 6020 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
08:49:07.0843 6020 iAimFP2 - ok
08:49:07.0968 6020 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
08:49:08.0281 6020 iAimFP3 - ok
08:49:08.0453 6020 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
08:49:08.0734 6020 iAimFP4 - ok
08:49:08.0890 6020 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
08:49:09.0171 6020 iAimTV0 - ok
08:49:09.0359 6020 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
08:49:09.0625 6020 iAimTV1 - ok
08:49:09.0750 6020 iAimTV2 - ok
08:49:09.0875 6020 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
08:49:10.0140 6020 iAimTV3 - ok
08:49:10.0343 6020 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
08:49:10.0640 6020 iAimTV4 - ok
08:49:10.0859 6020 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:49:11.0046 6020 ialm - ok
08:49:11.0234 6020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
08:49:11.0562 6020 Imapi - ok
08:49:11.0703 6020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
08:49:12.0046 6020 ini910u - ok
08:49:12.0187 6020 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
08:49:12.0531 6020 IntelIde - ok
08:49:12.0687 6020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:49:13.0031 6020 Ip6Fw - ok
08:49:13.0156 6020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:49:13.0546 6020 IpFilterDriver - ok
08:49:13.0703 6020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:49:14.0031 6020 IpInIp - ok
08:49:14.0156 6020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:49:14.0515 6020 IpNat - ok
08:49:14.0687 6020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:49:15.0000 6020 IPSec - ok
08:49:15.0140 6020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:49:15.0453 6020 IRENUM - ok
08:49:15.0671 6020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:49:16.0000 6020 isapnp - ok
08:49:16.0203 6020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:49:16.0531 6020 Kbdclass - ok
08:49:16.0671 6020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:49:16.0984 6020 kmixer - ok
08:49:17.0125 6020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:49:17.0234 6020 KSecDD - ok
08:49:17.0421 6020 lbrtfdc - ok
08:49:17.0593 6020 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:49:17.0640 6020 MBAMProtector - ok
08:49:17.0796 6020 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08:49:17.0843 6020 MBAMSwissArmy - ok
08:49:17.0984 6020 mmc_2K (31700004af5b9ddabb7c43b1507d061c) C:\WINDOWS\system32\drivers\mmc_2K.sys
08:49:18.0031 6020 mmc_2K ( UnsignedFile.Multi.Generic ) - warning
08:49:18.0031 6020 mmc_2K - detected UnsignedFile.Multi.Generic (1)
08:49:18.0171 6020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:49:18.0562 6020 mnmdd - ok
08:49:18.0734 6020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:49:19.0046 6020 Modem - ok
08:49:19.0187 6020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:49:19.0515 6020 Mouclass - ok
08:49:19.0703 6020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:49:20.0046 6020 mouhid - ok
08:49:20.0187 6020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:49:20.0515 6020 MountMgr - ok
08:49:20.0687 6020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
08:49:21.0046 6020 mraid35x - ok
08:49:21.0281 6020 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
08:49:21.0359 6020 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning
08:49:21.0359 6020 MREMPR5 - detected UnsignedFile.Multi.Generic (1)
08:49:21.0515 6020 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
08:49:21.0546 6020 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning
08:49:21.0562 6020 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)
08:49:21.0718 6020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:49:22.0031 6020 MRxDAV - ok
08:49:22.0187 6020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:49:22.0343 6020 MRxSmb - ok
08:49:22.0593 6020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:49:22.0890 6020 Msfs - ok
08:49:23.0046 6020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:49:23.0390 6020 MSKSSRV - ok
08:49:23.0546 6020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:49:23.0906 6020 MSPCLOCK - ok
08:49:24.0046 6020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:49:24.0375 6020 MSPQM - ok
08:49:24.0531 6020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:49:24.0843 6020 mssmbios - ok
08:49:24.0968 6020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:49:25.0046 6020 Mup - ok
08:49:25.0296 6020 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120216.004\naveng.sys
08:49:25.0328 6020 NAVENG - ok
08:49:25.0562 6020 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120216.004\navex15.sys
08:49:25.0781 6020 NAVEX15 - ok
08:49:25.0953 6020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:49:26.0281 6020 NDIS - ok
08:49:26.0406 6020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:49:26.0515 6020 NdisTapi - ok
08:49:26.0703 6020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:49:27.0031 6020 Ndisuio - ok
08:49:27.0156 6020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:49:27.0515 6020 NdisWan - ok
08:49:27.0671 6020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:49:27.0750 6020 NDProxy - ok
08:49:27.0906 6020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:49:28.0593 6020 NetBIOS - ok
08:49:28.0765 6020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:49:29.0078 6020 NetBT - ok
08:49:29.0359 6020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:49:29.0687 6020 Npfs - ok
08:49:30.0156 6020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:49:30.0703 6020 Ntfs - ok
08:49:31.0156 6020 NTSPPPOE (fa6395b0bfd241c75ff21366828d35c6) C:\WINDOWS\system32\DRIVERS\ntspppoe.sys
08:49:31.0234 6020 NTSPPPOE ( UnsignedFile.Multi.Generic ) - warning
08:49:31.0234 6020 NTSPPPOE - detected UnsignedFile.Multi.Generic (1)
08:49:31.0359 6020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:49:31.0718 6020 Null - ok
08:49:31.0937 6020 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:49:32.0437 6020 nv - ok
08:49:32.0593 6020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:49:32.0937 6020 NwlnkFlt - ok
08:49:33.0078 6020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:49:33.0421 6020 NwlnkFwd - ok
08:49:33.0593 6020 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
08:49:33.0640 6020 omci ( UnsignedFile.Multi.Generic ) - warning
08:49:33.0640 6020 omci - detected UnsignedFile.Multi.Generic (1)
08:49:33.0828 6020 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
08:49:34.0125 6020 P3 - ok
08:49:34.0328 6020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:49:34.0656 6020 Parport - ok
08:49:34.0796 6020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:49:35.0093 6020 PartMgr - ok
08:49:35.0250 6020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:49:35.0609 6020 ParVdm - ok
08:49:35.0765 6020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:49:36.0078 6020 PCI - ok
08:49:36.0203 6020 PCIDump - ok
08:49:36.0312 6020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:49:36.0656 6020 PCIIde - ok
08:49:36.0859 6020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:49:37.0187 6020 Pcmcia - ok
08:49:37.0421 6020 PDCOMP - ok
08:49:37.0546 6020 PDFRAME - ok
08:49:37.0640 6020 PDRELI - ok
08:49:37.0734 6020 PDRFRAME - ok
08:49:37.0859 6020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
08:49:38.0203 6020 perc2 - ok
08:49:38.0453 6020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
08:49:38.0796 6020 perc2hib - ok
08:49:38.0984 6020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:49:39.0296 6020 PptpMiniport - ok
08:49:39.0406 6020 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:49:39.0718 6020 Processor - ok
08:49:39.0859 6020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:49:40.0171 6020 PSched - ok
08:49:40.0312 6020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:49:40.0671 6020 Ptilink - ok
08:49:40.0812 6020 pwd_2k (05a2b66ef7c53bdd2c9cfb836a6620ce) C:\WINDOWS\system32\drivers\pwd_2k.sys
08:49:40.0875 6020 pwd_2k ( UnsignedFile.Multi.Generic ) - warning
08:49:40.0875 6020 pwd_2k - detected UnsignedFile.Multi.Generic (1)
08:49:41.0031 6020 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:49:41.0078 6020 PxHelp20 - ok
08:49:41.0250 6020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
08:49:41.0625 6020 ql1080 - ok
08:49:41.0765 6020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
08:49:42.0109 6020 Ql10wnt - ok
08:49:42.0265 6020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
08:49:42.0625 6020 ql12160 - ok
08:49:42.0812 6020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
08:49:43.0156 6020 ql1240 - ok
08:49:43.0359 6020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
08:49:43.0687 6020 ql1280 - ok
08:49:43.0828 6020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:49:44.0156 6020 RasAcd - ok
08:49:44.0468 6020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:49:44.0781 6020 Rasl2tp - ok
08:49:44.0937 6020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:49:45.0250 6020 RasPppoe - ok
08:49:45.0375 6020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:49:45.0718 6020 Raspti - ok
08:49:45.0843 6020 RAWESR (7ce613915693781815ba07b145003f0d) C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS
08:49:45.0890 6020 RAWESR ( UnsignedFile.Multi.Generic ) - warning
08:49:45.0890 6020 RAWESR - detected UnsignedFile.Multi.Generic (1)
08:49:46.0046 6020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:49:46.0390 6020 Rdbss - ok
08:49:46.0515 6020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:49:46.0859 6020 RDPCDD - ok
08:49:47.0000 6020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:49:47.0328 6020 rdpdr - ok
08:49:47.0500 6020 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:49:47.0562 6020 RDPWD - ok
08:49:47.0718 6020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:49:48.0031 6020 redbook - ok
08:49:48.0312 6020 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
08:49:48.0375 6020 SAVRT - ok
08:49:48.0484 6020 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
08:49:48.0531 6020 SAVRTPEL - ok
08:49:48.0718 6020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:49:49.0031 6020 Secdrv - ok
08:49:49.0171 6020 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:49:49.0531 6020 serenum - ok
08:49:49.0687 6020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:49:49.0984 6020 Serial - ok
08:49:50.0156 6020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:49:50.0484 6020 Sfloppy - ok
08:49:50.0625 6020 Simbad - ok
08:49:50.0781 6020 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
08:49:51.0093 6020 sisagp - ok
08:49:51.0265 6020 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
08:49:51.0421 6020 smwdm - ok
08:49:51.0593 6020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
08:49:51.0781 6020 Sparrow - ok
08:49:51.0937 6020 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:49:52.0015 6020 SPBBCDrv - ok
08:49:52.0171 6020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:49:52.0515 6020 splitter - ok
08:49:52.0687 6020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:49:52.0984 6020 sr - ok
08:49:53.0156 6020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:49:53.0265 6020 Srv - ok
08:49:53.0437 6020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:49:53.0765 6020 swenum - ok
08:49:53.0937 6020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:49:54.0265 6020 swmidi - ok
08:49:54.0453 6020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
08:49:54.0781 6020 symc810 - ok
08:49:54.0906 6020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
08:49:55.0250 6020 symc8xx - ok
08:49:55.0343 6020 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
08:49:55.0406 6020 SymEvent - ok
08:49:55.0578 6020 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
08:49:55.0625 6020 SYMREDRV - ok
08:49:55.0781 6020 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
08:49:55.0843 6020 SYMTDI - ok
08:49:55.0984 6020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
08:49:56.0312 6020 sym_hi - ok
08:49:56.0468 6020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
08:49:56.0828 6020 sym_u3 - ok
08:49:56.0968 6020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:49:57.0312 6020 sysaudio - ok
08:49:57.0500 6020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:49:57.0750 6020 Tcpip - ok
08:49:57.0890 6020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:49:58.0250 6020 TDPIPE - ok
08:49:58.0390 6020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:49:58.0718 6020 TDTCP - ok
08:49:58.0890 6020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:49:59.0234 6020 TermDD - ok
08:49:59.0484 6020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
08:49:59.0859 6020 TosIde - ok
08:50:00.0000 6020 UdfReadr_xp (3369211d13a73cdc830858ad934a0449) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
08:50:00.0062 6020 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - warning
08:50:00.0062 6020 UdfReadr_xp - detected UnsignedFile.Multi.Generic (1)
08:50:00.0234 6020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:50:00.0609 6020 Udfs - ok
08:50:00.0765 6020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
08:50:00.0984 6020 ultra - ok
08:50:01.0156 6020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:50:01.0546 6020 Update - ok
08:50:01.0718 6020 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:50:01.0812 6020 USBAAPL - ok
08:50:01.0937 6020 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
08:50:02.0093 6020 usbbus - ok
08:50:02.0234 6020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:50:02.0625 6020 usbccgp - ok
08:50:02.0828 6020 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
08:50:02.0921 6020 UsbDiag - ok
08:50:03.0109 6020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:50:03.0468 6020 usbehci - ok
08:50:03.0625 6020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:50:03.0984 6020 usbhub - ok
08:50:04.0078 6020 Usblink - ok
08:50:04.0171 6020 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
08:50:04.0265 6020 USBModem - ok
08:50:04.0406 6020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:50:04.0750 6020 usbprint - ok
08:50:04.0921 6020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:50:05.0265 6020 usbscan - ok
08:50:05.0468 6020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:50:05.0781 6020 USBSTOR - ok
08:50:05.0921 6020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:50:06.0250 6020 usbuhci - ok
08:50:06.0406 6020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:50:06.0734 6020 VgaSave - ok
08:50:06.0875 6020 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
08:50:07.0187 6020 viaagp - ok
08:50:07.0421 6020 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
08:50:07.0765 6020 ViaIde - ok
08:50:07.0921 6020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:50:08.0250 6020 VolSnap - ok
08:50:08.0437 6020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:50:08.0765 6020 Wanarp - ok
08:50:08.0921 6020 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:50:09.0031 6020 Wdf01000 - ok
08:50:09.0156 6020 WDICA - ok
08:50:09.0328 6020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:50:09.0671 6020 wdmaud - ok
08:50:09.0921 6020 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
08:50:09.0968 6020 winusb - ok
08:50:10.0171 6020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:50:10.0312 6020 WpdUsb - ok
08:50:10.0515 6020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:50:10.0625 6020 WudfPf - ok
08:50:10.0859 6020 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
08:50:11.0078 6020 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
08:50:11.0234 6020 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
08:50:11.0343 6020 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
08:50:11.0375 6020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:50:11.0625 6020 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:50:11.0625 6020 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:50:11.0671 6020 Boot (0x1200) (ca17d9e2a690cd1d1cbba16f7fa4a21e) \Device\Harddisk0\DR0\Partition0
08:50:11.0671 6020 \Device\Harddisk0\DR0\Partition0 - ok
08:50:11.0671 6020 ============================================================
08:50:11.0671 6020 Scan finished
08:50:11.0671 6020 ============================================================
08:50:11.0843 5716 Detected object count: 13
08:50:11.0843 5716 Actual detected object count: 13
08:50:30.0250 5716 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0250 5716 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0250 5716 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0250 5716 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0250 5716 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0250 5716 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0250 5716 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0250 5716 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0265 5716 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0265 5716 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0265 5716 MREMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0265 5716 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0281 5716 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0281 5716 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0281 5716 NTSPPPOE ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0281 5716 NTSPPPOE ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0281 5716 omci ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0281 5716 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0281 5716 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0281 5716 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0296 5716 RAWESR ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0296 5716 RAWESR ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0296 5716 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - skipped by user
08:50:30.0296 5716 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:50:30.0296 5716 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:50:30.0296 5716 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 February 2012 - 03:55 PM

Do you still have a problem?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 18 February 2012 - 04:32 PM

I do. Not every search, but probably a little more than half of the searches I do point to "VIP search", which then redirects me to something else.

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 February 2012 - 04:53 PM

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 18 February 2012 - 09:24 PM

OTL Extras logfile created on: 2/18/2012 7:37:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Reception\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 464.27 Mb Available Physical Memory | 45.41% Memory free
1.28 Gb Paging File | 0.70 Gb Available in Paging File | 54.29% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 8.29 Gb Free Space | 21.68% Space Free | Partition Type: NTFS

Computer Name: RECPT | User Name: Reception | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sharp\Sharpdesk\sdFTP.exe" = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe:*:Enabled:sdFTP -- (SHARP CORPORATION)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Hasbro Interactive\Clue\Clue.exe" = C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Disabled:Clue -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\ScanSoft\OmniForm Premium 5.0\EReg\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniForm Premium 5.0\EReg\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP990_series" = Canon MP990 series MP Drivers
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3B900457-54B8-4825-8FD8-40D09275F2EC}" = Brother HL-2140
"{43291F01-2C46-4F55-BCE4-0F037559AFAB}" = DynoSim ProTools Engine Simulation v.4.10
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A83AE5F-F59B-4E1F-BF2A-49185A42ED1B}" = LeapFrog My Pals Plugin
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C82257D5-970D-4371-8616-6B8E5693C99F}" = LeapFrog Connect
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D9E2AA0C-078F-491E-A728-1A621ADF9900}" = OmniForm Premium 5.0
"{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}" = Windows Desktop Search 3.01
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afairytale" = A Fairy Tale
"AIM_6" = AIM 6
"ATT-AACE" = ATT-AACE
"AVG" = AVG 2012
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"bookoflegends" = Book of Legends
"BroadJump Client Foundation" = BroadJump Client Foundation
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamQuest6 Cam Selection.0408" = CamQuest6 Cam Selection.0408
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP990 series User Registration" = Canon MP990 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Clue" = Clue
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cubis Gold 2" = Cubis Gold 2
"CutePDF Form Filler (Evaluation)_is1" = CutePDF Form Filler 3.5 (Evaluation)
"DellSupport" = Dell Support 5.0.0 (766)
"detectivestorieshollywood" = Detective Stories - Hollywood
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EnterNet 300" = EnterNet 300
"escaperosecliffislandtm" = Escape Rosecliff Island™
"Glyph™ 2" = Glyph™ 2
"HijackThis" = HijackThis 2.0.2
"HP Web Jetadmin" = HP Web Jetadmin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"lostinreefs" = Lost in Reefs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (2.0.0.7)" = Mozilla Firefox (2.0.0.7)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville
"mysterylegendstmsleepyhollow" = Mystery Legends™ - Sleepy Hollow
"mysterypitmthenewyorkfortune" = Mystery P.I.™ - The New York Fortune
"mysticemporium" = Mystic Emporium
"MyWebSearchSearchAssistant" = Search Assistant - My Web Search
"Nancy Drew® - Curse of Blackmoor Manor" = Nancy Drew® - Curse of Blackmoor Manor
"Nancy Drew® - Phantom of Venice" = Nancy Drew® - Phantom of Venice
"Nancy Drew® - Secret of the Old Clock" = Nancy Drew® - Secret of the Old Clock
"Nancy Drew® - The Legend of the Crystal Skull" = Nancy Drew® - The Legend of the Crystal Skull
"nancydrewrdossiertmlightscameracurses" = Nancy Drew® - Dossier™ - Lights, Camera, Curses!
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROR" = Microsoft Office Professional 2007
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Saqqarah" = Saqqarah
"SHARP DC PC-FAX driver" = SHARP DC PC-FAX driver
"Sharpdesk" = Sharpdesk
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.1
"ST6UNST #1" = DCR Calculator
"Super GameHouse Solitaire Volume 3" = Super GameHouse Solitaire Volume 3
"supercow" = Supercow
"TeamViewer 5" = TeamViewer 5
"The Clumsys" = The Clumsys
"undiscoveredworldtheincansun" = Undiscovered World - The Incan Sun
"UPCShell" = LeapFrog Connect
"wanderingwillowstm" = Wandering Willows™
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2008
"winusb0100" = Microsoft WinUsb 1.0
"wizardspentm" = Wizard's Pen™
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2012 12:36:43 AM | Computer Name = RECPT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/8/2012 12:36:43 AM | Computer Name = RECPT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2012 6:02:00 PM | Computer Name = RECPT | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2012 6:02:08 PM | Computer Name = RECPT | Source = Application Hang | ID = 1001
Description = Fault bucket -1992457646.

Error - 2/3/2012 3:54:41 PM | Computer Name = RECPT | Source = Application Error | ID = 1000
Description = Faulting application winpatrol.exe, version 15.9.2008.1, faulting
module msctfime.ime, version 5.1.2600.5512, fault address 0x00013e3c.

Error - 2/3/2012 5:12:28 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 2/3/2012 5:12:28 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/3/2012 5:12:28 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 2/4/2012 12:10:03 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 2/5/2012 12:50:25 PM | Computer Name = RECPT | Source = Application Hang | ID = 1002
Description = Hanging application WinPatrolEx.exe, version 15.9.2008.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/1/2009 12:59:22 PM | Computer Name = RECPT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/1/2009 12:59:41 PM | Computer Name = RECPT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/17/2012 6:13:50 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7016
Description = The OmniForm Printer service has reported an invalid current state
0.

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Java Quick Starter service
to connect.

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%1053

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service
to connect.

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000
Description = The Yahoo! Updater service failed to start due to the following error:
%%2

Error - 2/17/2012 7:19:37 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7016
Description = The OmniForm Printer service has reported an invalid current state
0.

Error - 2/18/2012 12:40:35 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000
Description = The Yahoo! Updater service failed to start due to the following error:
%%2

Error - 2/18/2012 12:40:35 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to
connect.

Error - 2/18/2012 12:40:35 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%1053

Error - 2/18/2012 12:41:03 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7023
Description = The Symantec AntiVirus service terminated with the following error:
%%10


< End of report >




OTL logfile created on: 2/18/2012 7:37:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Reception\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 464.27 Mb Available Physical Memory | 45.41% Memory free
1.28 Gb Paging File | 0.70 Gb Available in Paging File | 54.29% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 8.29 Gb Free Space | 21.68% Space Free | Partition Type: NTFS

Computer Name: RECPT | User Name: Reception | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 19:36:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reception\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/13 07:49:03 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/11 07:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/07/26 21:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/02/03 08:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 15:21:28 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/02/14 20:38:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/01/07 18:10:30 | 000,210,200 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2001/09/14 15:06:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Ofps.exe
PRC - [2000/07/11 10:48:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe


========== Modules (No Company Name) ==========

MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2008/02/14 20:38:18 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll
MOD - [2001/09/14 15:06:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Ofps.exe
MOD - [2000/07/11 10:48:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/10/24 09:40:02 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2001/09/14 15:06:18 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\Ofps.exe -- (OmniForm Printer)
SRV - [2000/07/11 10:48:36 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe -- (PPPoEService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2008/04/11 16:45:27 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/11 16:45:27 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (winusb)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 21:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 21:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2003/03/20 12:10:40 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/03/20 12:10:40 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/03/20 12:10:40 | 000,139,674 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/03/20 12:10:39 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/03/20 12:10:39 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/01/15 15:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/10/04 09:43:38 | 000,159,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ntspppoe.sys -- (NTSPPPOE)
DRV - [2000/06/26 17:02:08 | 000,009,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Efficient Networks\EnterNet 300\app\rawesr.sys -- (RAWESR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...TF-8&oe=UTF-8="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DA3058EA-33D8-42E8-9276-CB0BADBF8247}: C:\Documents and Settings\Reception\Local Settings\Application Data\{DA3058EA-33D8-42E8-9276-CB0BADBF8247}\ [2011/08/03 23:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/05 09:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/05 09:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 07:50:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/09 19:06:15 | 000,000,000 | ---D | M]

[2010/05/05 02:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions
[2010/05/04 20:56:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 20:56:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/04 21:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/10 10:09:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/22 15:53:36 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/05/22 15:53:42 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/01/31 08:18:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/13 07:50:50 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2007/09/16 01:35:01 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/09/16 01:35:02 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/09/16 01:35:02 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/09/16 01:35:03 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/09/16 01:35:04 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_BoaMistura = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkgdbohcihpkncnommadnmaicpjikfni\2\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012/02/03 12:55:16 | 000,000,882 | RH-- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll (Acro Software Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Vrixalirikijira] rundll32.exe "C:\WINDOWS\mg3232.dll",Startup File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.c...cts/canvasx.cab (CanvasX Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.c...ects/jordan.cab (JordanUploader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7867.3384027778 (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://12.107.193.12...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...ebio5_1_3_0.cab (Yahoo! Toolbar)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228AEB3-7712-4516-9280-9AE0D8F968B6}: DhcpNameServer = 192.168.0.1 68.94.156.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Reception\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Reception\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ee84cfa-76e7-11da-ae0f-000bdb0e9879}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\{b5e236fe-3d1e-11df-afc9-000bdb0e9879}\Shell\AutoRun\command - "" = E:\install.bat
O33 - MountPoints2\{f7ecfa4f-e637-11de-afbd-000bdb0e9879}\Shell\AutoRun\command - "" = E:\install.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 19:36:53 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Reception\Desktop\OTL.exe
[2012/02/18 14:37:58 | 000,000,000 | ---D | C] -- C:\My Documents\fundraiser letters
[2012/02/18 11:45:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/18 11:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2012/02/18 10:36:20 | 004,406,994 | R--- | C] (Swearware) -- C:\Documents and Settings\Reception\Desktop\ComboFix.exe
[2012/02/17 17:26:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/17 17:22:58 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Reception\Desktop\tdsskiller.exe
[2012/02/17 13:47:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Reception\Desktop\dds.scr
[2012/02/05 10:17:25 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/05 09:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reception\Application Data\AVG2012
[2012/02/05 09:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/05 09:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/05 09:23:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/02/05 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/05 01:36:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/05 01:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/04 07:20:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Reception\Desktop\new_one--setup-1.60.1.1000.exe
[2012/02/03 16:06:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Reception\Recent
[2008/02/15 17:28:37 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 19:36:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reception\Desktop\OTL.exe
[2012/02/18 19:23:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4004262914-1469696878-341438875-1006UA.job
[2012/02/18 16:39:50 | 000,151,370 | ---- | M] () -- C:\Documents and Settings\Reception\Desktop\cleveland.bmp
[2012/02/18 16:22:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4004262914-1469696878-341438875-1006Core.job
[2012/02/18 11:41:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/02/18 11:39:01 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8190B965-F254-42C4-9192-C4A7E32C6B2F}.job
[2012/02/18 11:36:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/02/18 11:36:51 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 10:36:30 | 004,406,994 | R--- | M] (Swearware) -- C:\Documents and Settings\Reception\Desktop\ComboFix.exe
[2012/02/18 08:12:55 | 089,363,195 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/17 17:22:26 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Reception\Desktop\tdsskiller.exe
[2012/02/17 13:46:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Reception\Desktop\dds.scr
[2012/02/17 13:41:45 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 03:29:47 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\Reception\Desktop\Google Chrome.lnk
[2012/02/17 03:29:47 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Reception\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/14 15:24:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/13 06:30:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2012/02/09 17:57:06 | 000,020,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/07 05:47:21 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/07 05:43:22 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/07 05:14:54 | 000,465,838 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/02/07 05:14:54 | 000,079,598 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/02/05 09:25:46 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/04 07:20:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Reception\Desktop\new_one--setup-1.60.1.1000.exe
[2012/02/03 16:00:57 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP
[2012/02/03 16:00:42 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP
[2012/02/03 16:00:41 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 16:39:50 | 000,151,370 | ---- | C] () -- C:\Documents and Settings\Reception\Desktop\cleveland.bmp
[2012/02/18 08:12:55 | 089,363,195 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/09 17:57:06 | 000,020,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/07 04:33:26 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/05 09:25:46 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/04 07:23:37 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 16:00:41 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP
[2012/02/03 16:00:41 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr
[2012/02/03 16:00:20 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP
[2011/12/31 06:51:59 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/12 13:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/10/12 13:55:34 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/08/03 23:02:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Okuvihirewapa.dat
[2011/08/03 23:02:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xjezujolije.bin
[2010/05/18 12:14:42 | 000,059,232 | ---- | C] () -- C:\WINDOWS\System32\CNC990W.DAT
[2008/09/11 08:23:00 | 000,216,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
[2003/03/20 14:52:05 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Reception\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#10 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 18 February 2012 - 10:11 PM

I forgot to mention it, but yes, I am still having the same problem. Not every single time a run a search, but a lot of them.

#11 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 19 February 2012 - 07:59 AM

Also, we normally leave our computer runnning. Every monrning when I wake up, the computer is turned off, and I need to turn it back on. Is MWB pro doing that, or something else?
Should I turn off system restore?

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 February 2012 - 08:22 AM

I found the problem.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please uninstall:

Symantec AntiVirus
LiveUpdate 2.6 (Symantec Corporation)



Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll	
    O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O4 - HKCU..\Run: [Vrixalirikijira] rundll32.exe "C:\WINDOWS\mg3232.dll",Startup File not found
    [2012/02/03 16:00:57 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP
    [2012/02/03 16:00:42 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP
    [2012/02/03 16:00:41 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr
    
    :files
    C:\Program Files\Viewpoint
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 19 February 2012 - 09:55 AM

I can not remove the Symantec...when I open it in change/remove programs, there is no "uninstall" option.Yesterday, I removed what I could (there were two Symantec programs, one did have the uninstall option). Should I go ahead with the next step anyway? If I try to launch Symantec, it says that it isn't functioning because it needs a disk...I guess because I uninstalled part of it yesterday?

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 February 2012 - 09:59 AM

In this case, use Norton Removal Tool:
https://www-secure.s...n=1&pvid=f-home

Then proceed with the next step.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 19 February 2012 - 10:06 AM

OK. But I have Symantec Live Update, which is not any of the products listed...which one do I use?

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 February 2012 - 11:00 AM

It seems in your case, we should manually take care for it, so proceed with the next step.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 19 February 2012 - 05:30 PM

I started OTL 2 hours ago. It still just says "killing processes. Do not interrupt" Should I be concerned about all this killing? Just let it keep going, or do hard shut down?

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 February 2012 - 08:36 AM

What happened?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 20 February 2012 - 09:22 AM

It still says "Killing Processes. Please don't interrupt".

#20 MrsLu

MrsLu

    New Member

  • Members
  • Pip
  • 30 posts
  • Gender:Male

Posted 20 February 2012 - 06:31 PM

I did a hard shut down, then ran OTL in safe mode, here is the log...I still have the VIP search coming up...

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vrixalirikijira deleted successfully.
C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP moved successfully.
C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP moved successfully.
C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr moved successfully.
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Toolbar folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 167682 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Reception
->Temp folder emptied: 91846647 bytes
->Temporary Internet Files folder emptied: 18553477 bytes
->Java cache emptied: 12306094 bytes
->FireFox cache emptied: 44948326 bytes
->Google Chrome cache emptied: 89819007 bytes
->Flash cache emptied: 44040 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 203170 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48037413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51039308 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 421907 bytes
RecycleBin emptied: 375475083 bytes

Total Files Cleaned = 702.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.33.0 log created on 02202012_180943
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users