Jump to content

Search Engine Redirect Virus


MrsLu

Recommended Posts

I just upgraded to MWB Pro. I have a Redirect Virus. Regular MWB was not able to kill it. I also downloaded and ran TDSS Killer but I did not want to do Combofix without being directed to do so. Here are my DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Run by Reception at 18:19:19 on 2012-02-17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.554 [GMT -5:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\ofps.exe

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - c:\program files\acro software\cutepdf filler evaluation\CPFillerCoE.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\reception\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Vrixalirikijira] rundll32.exe "c:\windows\mg3232.dll",Startup

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: microsoft.com\office

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab

DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper20073151.dll

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233407933693&h=d13abdf447e90debdef59dddb049cd01/&filename=jinstall-6u11-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.3384027778

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://12.107.193.125:8080/activex/AMC.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab

TCP: DhcpNameServer = 192.168.0.1 68.94.156.1

TCP: Interfaces\{2228AEB3-7712-4516-9280-9AE0D8F968B6} : DhcpNameServer = 192.168.0.1 68.94.156.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxsrvc.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\reception\application data\mozilla\firefox\profiles\uupiuhkm.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\reception\application data\mozilla\firefox\profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-29 652360]

R2 PPPoEService;PPPoE Service;c:\progra~1\effici~1\entern~1\app\pppoeservice.exe [2008-2-15 49152]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-28 24652]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-29 20464]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120216.004\naveng.sys [2012-2-16 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120216.004\navex15.sys [2012-2-16 1576312]

S0 febfb7f54ba8f5ca258451461b7cd608;febfb7f54ba8f5ca258451461b7cd608;c:\windows\system32\febfb7f54ba8f5ca258451461b7cd608.sys --> c:\windows\system32\febfb7f54ba8f5ca258451461b7cd608.sys [?]

S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-17 40776]

S3 NTSPPPOE;NTS Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [2008-2-15 159712]

S3 RAWESR;RAWESR;c:\progra~1\effici~1\entern~1\app\RAWESR.SYS [2008-2-15 9152]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys --> c:\windows\system32\drivers\ulink.sys [?]

.

=============== Created Last 30 ================

.

2012-02-17 22:26:47 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-17 18:41:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-05 15:17:25 -------- d--h--w- C:\$AVG

2012-02-05 14:34:52 -------- d-----w- c:\documents and settings\reception\application data\AVG2012

2012-02-05 14:23:18 -------- d-----w- c:\windows\system32\drivers\AVG

2012-02-05 14:23:18 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-02-05 14:20:36 -------- d-----w- c:\program files\AVG

2012-02-05 06:36:23 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-02-05 06:35:37 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-02-03 21:07:37 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-03 21:07:37 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2008-02-15 22:27:53 774144 -c--a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 18:24:11.40 ===============

and attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 3/20/2003 12:03:56 PM

System Uptime: 2/17/2012 5:29:01 PM (1 hours ago)

.

Motherboard: Dell Computer Corporation | | 07W080

Processor: Intel® Celeron® CPU 1.80GHz | Socket 478 | 1794/400mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 38 GiB total, 7.4 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP991: 1/1/2012 9:21:02 AM - System Checkpoint

RP992: 1/2/2012 9:33:04 AM - System Checkpoint

RP993: 1/3/2012 9:46:05 AM - System Checkpoint

RP994: 1/4/2012 9:49:56 AM - System Checkpoint

RP995: 1/5/2012 11:15:34 AM - System Checkpoint

RP996: 1/6/2012 12:20:35 PM - System Checkpoint

RP997: 1/7/2012 2:29:32 PM - System Checkpoint

RP998: 1/8/2012 3:22:58 PM - System Checkpoint

RP999: 1/9/2012 4:49:43 PM - System Checkpoint

RP1000: 1/10/2012 5:01:39 PM - System Checkpoint

RP1001: 1/11/2012 6:06:13 PM - System Checkpoint

RP1002: 1/12/2012 6:53:50 PM - System Checkpoint

RP1003: 1/13/2012 7:22:41 PM - System Checkpoint

RP1004: 1/14/2012 7:48:39 PM - System Checkpoint

RP1005: 1/15/2012 9:05:09 PM - System Checkpoint

RP1006: 1/16/2012 9:38:22 PM - System Checkpoint

RP1007: 1/17/2012 10:35:29 PM - System Checkpoint

RP1008: 1/19/2012 12:19:01 AM - System Checkpoint

RP1009: 1/20/2012 4:00:01 AM - System Checkpoint

RP1010: 1/21/2012 4:48:31 AM - System Checkpoint

RP1011: 1/22/2012 6:05:30 AM - System Checkpoint

RP1012: 1/23/2012 7:36:33 AM - System Checkpoint

RP1013: 1/24/2012 7:49:33 AM - System Checkpoint

RP1014: 1/25/2012 8:15:31 AM - System Checkpoint

RP1015: 1/26/2012 9:19:33 AM - System Checkpoint

RP1016: 1/27/2012 11:01:59 AM - System Checkpoint

RP1017: 1/28/2012 11:21:18 AM - System Checkpoint

RP1018: 1/29/2012 12:05:55 PM - System Checkpoint

RP1019: 1/30/2012 12:17:55 PM - System Checkpoint

RP1020: 1/31/2012 2:22:19 PM - System Checkpoint

RP1021: 2/1/2012 2:26:02 PM - System Checkpoint

RP1022: 2/2/2012 3:05:22 PM - System Checkpoint

RP1023: 2/3/2012 4:05:37 PM - Restore Operation

RP1024: 2/4/2012 4:16:03 PM - System Checkpoint

RP1025: 2/5/2012 9:20:34 AM - Installed AVG 2012

RP1026: 2/5/2012 9:22:21 AM - Installed AVG 2012

RP1027: 2/6/2012 9:36:52 AM - System Checkpoint

RP1028: 2/7/2012 4:48:29 AM - Software Distribution Service 3.0

RP1029: 2/8/2012 5:06:58 AM - System Checkpoint

RP1030: 2/9/2012 5:16:11 AM - System Checkpoint

RP1031: 2/10/2012 5:42:11 AM - System Checkpoint

RP1032: 2/11/2012 5:43:29 AM - System Checkpoint

RP1033: 2/12/2012 6:46:58 AM - System Checkpoint

RP1034: 2/13/2012 7:52:02 AM - System Checkpoint

RP1035: 2/14/2012 8:31:02 AM - System Checkpoint

RP1036: 2/15/2012 10:19:37 AM - System Checkpoint

RP1037: 2/16/2012 11:05:02 AM - System Checkpoint

RP1038: 2/16/2012 9:26:19 PM - Restore Operation

RP1039: 2/16/2012 9:48:37 PM - Restore Operation

.

==== Installed Programs ======================

.

.

A Fairy Tale

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.0.1)

Adobe® Photoshop® Album Starter Edition 3.0

AIM 6

Ancient Secrets

Annabel

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 6

AT&T Yahoo! Applications

ATT-AACE

AVG 2012

AXIS Media Control Embedded

BACS

Bonjour

Book of Legends

Broadcom Advanced Control Suite

BroadJump Client Foundation

Brother HL-2140

CA Yahoo! Anti-Spy (remove only)

CamQuest6 Cam Selection.0408

Canon Camera Access Library

Canon Easy-WebPrint EX

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MP Navigator EX 3.0

Canon MP990 series MP Drivers

Canon MP990 series User Registration

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC 8

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Easy-PhotoPrint Pro

Canon Utilities My Printer

Canon Utilities MyCamera

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Clue

Critical Update for Windows Media Player 11 (KB959772)

Cubis Gold 2

CutePDF Form Filler 3.5 (Evaluation)

DCR Calculator

Dell Solution Center

Dell Support 5.0.0 (766)

Detective Stories - Hollywood

DirectX Media Runtime 5.1

DynoSim ProTools Engine Simulation v.4.10

Easy CD Creator 5 Basic

EnterNet 300

Escape Rosecliff Island

GearDrvs

Glyph 2

Google Chrome

Google Toolbar for Internet Explorer

Help and Support Customization

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

HP Web Jetadmin

ImageMixer 3 SE Ver.6 Transfer Utility

ImageMixer 3 SE Ver.6 Video Tools

Intel® Extreme Graphics Driver

iTunes

Java 6 Update 11

LeapFrog Connect

LeapFrog My Pals Plugin

LG USB Modem driver

LiveUpdate 2.6 (Symantec Corporation)

Logitech Desktop Messenger

Logitech Harmony Remote Software 7

Lost in Reefs

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Web Components

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WinUsb 1.0

Mobipocket Creator 4.2

Move Networks Media Player for Internet Explorer

Mozilla Firefox (2.0.0.7)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery Case Files - Huntsville

Mystery Legends - Sleepy Hollow

Mystery P.I. - The New York Fortune

Mystic Emporium

Nancy Drew® - Curse of Blackmoor Manor

Nancy Drew® - Dossier - Lights, Camera, Curses!

Nancy Drew® - Phantom of Venice

Nancy Drew® - Secret of the Old Clock

Nancy Drew® - The Legend of the Crystal Skull

OmniForm Premium 5.0

QuickTime

RealArcade

RealPlayer

Remote Control USB Driver

Saqqarah

Search Assistant - My Web Search

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SHARP DC PC-FAX driver

Sharpdesk

Shockwave

SpywareBlaster 4.1

Super GameHouse Solitaire Volume 3

Supercow

Symantec AntiVirus

TeamViewer 5

The Clumsys

The Pini Society® - The Remarkable Truth

Undiscovered World - The Incan Sun

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Virtual Villagers - The Secret City

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wandering Willows

WebFldrs XP

WildGames

Windows Desktop Search 3.01

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Easy Transfer

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPatrol 2008

Wizard's Pen

Yahoo! Search Protection

Yahoo! Software Update

Youda Farmer

Zynga Toolbar

.

==== Event Viewer Messages From Past Week ========

.

2/17/2012 5:37:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.

2/17/2012 5:37:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.

2/17/2012 5:37:02 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/17/2012 4:49:45 PM, error: Service Control Manager [7016] - The OmniForm Printer service has reported an invalid current state 0.

2/16/2012 9:55:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

2/16/2012 9:55:32 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/16/2012 9:55:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/16/2012 9:51:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

2/16/2012 9:51:56 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/16/2012 9:51:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

2/16/2012 9:48:54 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

2/16/2012 9:25:22 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Thank you so much for all of your help.

Cari

Link to post
Share on other sites

Hello Cari! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

  • Search Assistant - My Web Search - Provide search features, and hijack browser search requests to its controlling servers run by MyWay.
  • Zynga Toolbar - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
  • Viewpoint Manager (Remove Only) - It is considered to be foistware since it is often installed without a user's knowledge or approval.
  • Viewpoint Media Player - It is considered to be foistware since it is often installed without a user's knowledge or approval.

Step 2

I don't know how you deal with TDSSKiller and what version you have, so let's repeat the procedure. Delete your TDSSKiller.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

ComboFix 09-01-21.04 - Reception 2009-01-29 16:55:18.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.498 [GMT -5:00]

Running from: c:\documents and settings\Reception\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Reception\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

AV: Norton Security Online *On-access scanning disabled* (Updated)

FW: Norton Security Online *disabled*

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\cdffefeba.dll

c:\windows\system32\drivers\fad.sys

c:\windows\system32\vumer.dll

.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))

.

2009-01-28 14:20 . 2009-01-28 14:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-01-27 19:35 . 2009-01-27 19:35 578,560 --a------ c:\windows\SYSTEM32\DLLCACHE\user32.dll

2009-01-27 19:30 . 2009-01-27 19:31 <DIR> d-------- c:\windows\ERUNT

2009-01-27 18:54 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix

2009-01-27 15:21 . 2009-01-29 15:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-18 15:56 . 2009-01-18 15:56 0 --a------ c:\windows\Curses.INI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-29 22:07 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-29 20:14 --------- d-----w c:\program files\IrfanView

2009-01-29 20:13 --------- d-----w c:\program files\Lavasoft

2009-01-29 19:05 --------- d-----w c:\program files\TeamViewer3

2009-01-29 17:59 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-01-29 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-21 02:38 --------- d-----w c:\program files\Symantec

2009-01-21 02:30 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-21 02:30 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-21 02:30 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-18 13:11 --------- d-----w c:\program files\RealArcade

2009-01-15 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-31 13:24 --------- d-----w c:\program files\Common Files\Adobe

2008-12-29 14:24 --------- d-----w c:\documents and settings\Reception\Application Data\Gogii Games

2008-12-29 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii Games

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-08 22:28 --------- d-----w c:\documents and settings\Reception\Application Data\TeamViewer

2008-11-10 07:32 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-11-10 07:32 286,720 ------w c:\windows\Setup1.exe

2008-02-15 22:27 774,144 -c--a-w c:\program files\RngInterstitial.dll

2007-09-16 06:35 66,408 -c--a-w c:\program files\mozilla firefox\components\jar50.dll

2007-09-16 06:35 54,112 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll

2007-09-16 06:35 34,688 -c--a-w c:\program files\mozilla firefox\components\myspell.dll

2007-09-16 06:35 46,456 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll

2007-09-16 06:35 171,880 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-09-12 16:26 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-01-19 4670968]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]

"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 185896]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-14 67128]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= LrxYV12.dll

"vidc.ZJPG"= pzjpeg32.dll

"vidc.LRXH"= LRXHCodec.dll

"vidc.ADV1"= WavLor.dll

"vidc.WVT2"= WaveT2.dll

"vidc.TJPG"= tjpegcodec.dll

"vidc.LRX2"= LrxYV12.dll

"VIDC.SN40"= SN4Codec.dll

"VIDC.SN41"= SN4Codec.dll

"VIDC.SJPG"= SN4Codec.dll

"VIDC.LNX1"= LnxCodec.dll

"VIDC.AXM4"= axismpg4.dll

"VIDC.VRM4"= verintmpg4.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start Network Scanner Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start Network Scanner Tool.lnk

backup=c:\windows\pss\Start Network Scanner Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Reception^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\Reception\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

--a--c--- 2003-03-20 12:10 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a--c--- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a--c--- 2004-07-19 07:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a--c--- 2005-10-19 07:59 126976 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a--c--- 2005-10-19 07:59 155648 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]

--a--c--- 2001-11-08 09:37 28672 c:\program files\Sharp\Sharpdesk\SharpTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-10 20:14 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

--a------ 2007-06-26 13:48 509224 c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Sharp\\Sharpdesk\\sdFTP.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2866:UDP"= 2866:UDP:Windows Media Format SDK (iexplore.exe)

"2867:UDP"= 2867:UDP:Windows Media Format SDK (iexplore.exe)

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-11 99376]

R4 PPPoEService;PPPoE Service;c:\progra~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [2008-02-15 49152]

R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-07 24652]

S3 NTSPPPOE;NTS Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\SYSTEM32\DRIVERS\ntspppoe.sys [2008-02-15 159712]

S3 RAWESR;RAWESR;c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [2008-02-15 9152]

S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee84cfa-76e7-11da-ae0f-000bdb0e9879}]

\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

.

Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-26 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-13 19:12]

2009-01-27 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Reception.job

- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]

2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{8190B965-F254-42C4-9192-C4A7E32C6B2F}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

.

- - - - ORPHANS REMOVED - - - -

BHO-{2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - c:\windows\system32\vumer.dll

HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe

HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

MSConfigStartUp-CaAvTray - c:\program files\Yahoo!\Antivirus\CAVTray.exe

MSConfigStartUp-CAVRID - c:\program files\Yahoo!\Antivirus\CAVRID.exe

MSConfigStartUp-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe

MSConfigStartUp-REWARDS NETWORK - c:\program files\Rewards Network\brntray.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\ypager.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: microsoft.com\office

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://12.107.193.125:8080/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\documents and settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\documents and settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-29 17:09:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\febfb7f54ba8f5ca258451461b7cd608.sys 39936 bytes executable

c:\windows\system32\_febfb7f54ba8f5ca258451461b7cd608.sys_.vir 39936 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\febfb7f54ba8f5ca258451461b7cd608]

"ImagePath"="system32\febfb7f54ba8f5ca258451461b7cd608.sys"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\TeamViewer3\TeamViewer.exe

c:\windows\SYSTEM32\searchindexer.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\progra~1\Yahoo!\browser\ycommon.exe

c:\windows\SYSTEM32\searchprotocolhost.exe

c:\progra~1\Yahoo!\YOP\SSDK02.exe

c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe

c:\program files\AIM6\aolsoftware.exe

c:\program files\Java\jre1.6.0_05\bin\jucheck.exe

c:\windows\SYSTEM32\searchfilterhost.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

.

**************************************************************************

.

Completion time: 2009-01-29 17:21:30 - machine was rebooted [Reception]

ComboFix-quarantined-files.txt 2009-01-29 22:21:10

Pre-Run: 18,154,098,688 bytes free

Post-Run: 18,179,223,552 bytes free

240 --- E O F --- 2009-01-15 08:08:05

TDDS

08:48:15.0375 0736 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

08:48:16.0265 0736 ============================================================

08:48:16.0265 0736 Current date / time: 2012/02/18 08:48:16.0265

08:48:16.0265 0736 SystemInfo:

08:48:16.0265 0736

08:48:16.0265 0736 OS Version: 5.1.2600 ServicePack: 3.0

08:48:16.0265 0736 Product type: Workstation

08:48:16.0265 0736 ComputerName: RECPT

08:48:16.0265 0736 UserName: Reception

08:48:16.0265 0736 Windows directory: C:\WINDOWS

08:48:16.0265 0736 System windows directory: C:\WINDOWS

08:48:16.0265 0736 Processor architecture: Intel x86

08:48:16.0265 0736 Number of processors: 1

08:48:16.0265 0736 Page size: 0x1000

08:48:16.0265 0736 Boot type: Normal boot

08:48:16.0265 0736 ============================================================

08:48:22.0671 0736 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:48:22.0671 0736 \Device\Harddisk0\DR0:

08:48:22.0671 0736 MBR used

08:48:22.0671 0736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4C7F241

08:48:22.0734 0736 Initialize success

08:48:22.0734 0736 ============================================================

08:48:32.0234 6020 ============================================================

08:48:32.0234 6020 Scan started

08:48:32.0234 6020 Mode: Manual; SigCheck; TDLFS;

08:48:32.0250 6020 ============================================================

08:48:33.0437 6020 Abiosdsk - ok

08:48:33.0531 6020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

08:48:35.0328 6020 abp480n5 - ok

08:48:35.0500 6020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:48:35.0875 6020 ACPI - ok

08:48:36.0468 6020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:48:36.0781 6020 ACPIEC - ok

08:48:36.0937 6020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

08:48:37.0265 6020 adpu160m - ok

08:48:37.0421 6020 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

08:48:37.0500 6020 aeaudio - ok

08:48:37.0640 6020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:48:37.0968 6020 aec - ok

08:48:38.0156 6020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:48:38.0296 6020 AFD - ok

08:48:38.0437 6020 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

08:48:38.0781 6020 agp440 - ok

08:48:38.0890 6020 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

08:48:39.0218 6020 agpCPQ - ok

08:48:39.0421 6020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

08:48:39.0640 6020 Aha154x - ok

08:48:39.0796 6020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

08:48:40.0156 6020 aic78u2 - ok

08:48:40.0343 6020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

08:48:40.0703 6020 aic78xx - ok

08:48:40.0875 6020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

08:48:41.0218 6020 AliIde - ok

08:48:41.0421 6020 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

08:48:41.0750 6020 alim1541 - ok

08:48:41.0890 6020 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

08:48:42.0218 6020 amdagp - ok

08:48:42.0453 6020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

08:48:42.0640 6020 amsint - ok

08:48:42.0781 6020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

08:48:43.0109 6020 asc - ok

08:48:43.0250 6020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

08:48:43.0453 6020 asc3350p - ok

08:48:43.0640 6020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

08:48:43.0968 6020 asc3550 - ok

08:48:44.0156 6020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:48:44.0468 6020 AsyncMac - ok

08:48:44.0640 6020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:48:44.0953 6020 atapi - ok

08:48:45.0046 6020 Atdisk - ok

08:48:45.0171 6020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:48:45.0531 6020 Atmarpc - ok

08:48:45.0687 6020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:48:46.0000 6020 audstub - ok

08:48:46.0156 6020 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

08:48:46.0453 6020 AVGIDSDriver - ok

08:48:46.0625 6020 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

08:48:46.0656 6020 AVGIDSEH - ok

08:48:46.0796 6020 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

08:48:46.0828 6020 AVGIDSFilter - ok

08:48:46.0968 6020 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

08:48:47.0000 6020 AVGIDSShim - ok

08:48:47.0140 6020 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

08:48:47.0187 6020 Avgldx86 - ok

08:48:47.0421 6020 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

08:48:47.0468 6020 Avgmfx86 - ok

08:48:47.0609 6020 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

08:48:47.0656 6020 Avgrkx86 - ok

08:48:47.0812 6020 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

08:48:47.0875 6020 Avgtdix - ok

08:48:48.0015 6020 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

08:48:48.0078 6020 bcm4sbxp - ok

08:48:48.0203 6020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:48:48.0593 6020 Beep - ok

08:48:48.0765 6020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

08:48:49.0125 6020 cbidf - ok

08:48:49.0328 6020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:48:49.0671 6020 cbidf2k - ok

08:48:49.0828 6020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

08:48:50.0015 6020 cd20xrnt - ok

08:48:50.0125 6020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:48:50.0484 6020 Cdaudio - ok

08:48:50.0734 6020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:48:51.0046 6020 Cdfs - ok

08:48:51.0218 6020 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

08:48:51.0250 6020 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning

08:48:51.0250 6020 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)

08:48:51.0406 6020 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

08:48:51.0437 6020 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning

08:48:51.0437 6020 Cdralw2k - detected UnsignedFile.Multi.Generic (1)

08:48:51.0593 6020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:48:51.0937 6020 Cdrom - ok

08:48:52.0062 6020 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys

08:48:52.0109 6020 cdudf_xp ( UnsignedFile.Multi.Generic ) - warning

08:48:52.0109 6020 cdudf_xp - detected UnsignedFile.Multi.Generic (1)

08:48:52.0234 6020 Changer - ok

08:48:52.0421 6020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

08:48:52.0781 6020 CmdIde - ok

08:48:53.0046 6020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

08:48:53.0437 6020 Cpqarray - ok

08:48:53.0593 6020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

08:48:53.0984 6020 dac2w2k - ok

08:48:54.0109 6020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

08:48:54.0468 6020 dac960nt - ok

08:48:54.0640 6020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:48:54.0937 6020 Disk - ok

08:48:55.0125 6020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:48:55.0500 6020 dmboot - ok

08:48:55.0718 6020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:48:56.0046 6020 dmio - ok

08:48:56.0187 6020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:48:56.0562 6020 dmload - ok

08:48:56.0718 6020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:48:57.0046 6020 DMusic - ok

08:48:57.0218 6020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

08:48:57.0578 6020 dpti2o - ok

08:48:57.0718 6020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:48:58.0031 6020 drmkaud - ok

08:48:58.0171 6020 dvd_2K (0c7d4bf5158ab759f5e71829e93e0ba9) C:\WINDOWS\system32\drivers\dvd_2K.sys

08:48:58.0234 6020 dvd_2K ( UnsignedFile.Multi.Generic ) - warning

08:48:58.0234 6020 dvd_2K - detected UnsignedFile.Multi.Generic (1)

08:48:58.0437 6020 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

08:48:58.0515 6020 eeCtrl - ok

08:48:58.0687 6020 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

08:48:59.0046 6020 EL90XBC - ok

08:48:59.0218 6020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:48:59.0578 6020 Fastfat - ok

08:48:59.0796 6020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:49:00.0109 6020 Fdc - ok

08:49:00.0187 6020 febfb7f54ba8f5ca258451461b7cd608 - ok

08:49:00.0343 6020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:49:00.0656 6020 Fips - ok

08:49:00.0812 6020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:49:01.0125 6020 Flpydisk - ok

08:49:01.0343 6020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:49:01.0671 6020 FltMgr - ok

08:49:01.0781 6020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:49:02.0125 6020 Fs_Rec - ok

08:49:02.0281 6020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:49:02.0656 6020 Ftdisk - ok

08:49:02.0781 6020 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

08:49:02.0828 6020 GEARAspiWDM - ok

08:49:02.0968 6020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:49:03.0281 6020 Gpc - ok

08:49:03.0453 6020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:49:03.0828 6020 HidUsb - ok

08:49:03.0984 6020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

08:49:04.0328 6020 hpn - ok

08:49:04.0484 6020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:49:04.0593 6020 HTTP - ok

08:49:04.0765 6020 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:49:05.0062 6020 i2omgmt - ok

08:49:05.0281 6020 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

08:49:05.0640 6020 i2omp - ok

08:49:05.0796 6020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:49:06.0109 6020 i8042prt - ok

08:49:06.0234 6020 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

08:49:06.0562 6020 i81x - ok

08:49:06.0718 6020 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

08:49:07.0000 6020 iAimFP0 - ok

08:49:07.0125 6020 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

08:49:07.0421 6020 iAimFP1 - ok

08:49:07.0546 6020 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

08:49:07.0843 6020 iAimFP2 - ok

08:49:07.0968 6020 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

08:49:08.0281 6020 iAimFP3 - ok

08:49:08.0453 6020 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

08:49:08.0734 6020 iAimFP4 - ok

08:49:08.0890 6020 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

08:49:09.0171 6020 iAimTV0 - ok

08:49:09.0359 6020 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

08:49:09.0625 6020 iAimTV1 - ok

08:49:09.0750 6020 iAimTV2 - ok

08:49:09.0875 6020 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

08:49:10.0140 6020 iAimTV3 - ok

08:49:10.0343 6020 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

08:49:10.0640 6020 iAimTV4 - ok

08:49:10.0859 6020 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

08:49:11.0046 6020 ialm - ok

08:49:11.0234 6020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

08:49:11.0562 6020 Imapi - ok

08:49:11.0703 6020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

08:49:12.0046 6020 ini910u - ok

08:49:12.0187 6020 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

08:49:12.0531 6020 IntelIde - ok

08:49:12.0687 6020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:49:13.0031 6020 Ip6Fw - ok

08:49:13.0156 6020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:49:13.0546 6020 IpFilterDriver - ok

08:49:13.0703 6020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:49:14.0031 6020 IpInIp - ok

08:49:14.0156 6020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:49:14.0515 6020 IpNat - ok

08:49:14.0687 6020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:49:15.0000 6020 IPSec - ok

08:49:15.0140 6020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:49:15.0453 6020 IRENUM - ok

08:49:15.0671 6020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:49:16.0000 6020 isapnp - ok

08:49:16.0203 6020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:49:16.0531 6020 Kbdclass - ok

08:49:16.0671 6020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:49:16.0984 6020 kmixer - ok

08:49:17.0125 6020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:49:17.0234 6020 KSecDD - ok

08:49:17.0421 6020 lbrtfdc - ok

08:49:17.0593 6020 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

08:49:17.0640 6020 MBAMProtector - ok

08:49:17.0796 6020 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

08:49:17.0843 6020 MBAMSwissArmy - ok

08:49:17.0984 6020 mmc_2K (31700004af5b9ddabb7c43b1507d061c) C:\WINDOWS\system32\drivers\mmc_2K.sys

08:49:18.0031 6020 mmc_2K ( UnsignedFile.Multi.Generic ) - warning

08:49:18.0031 6020 mmc_2K - detected UnsignedFile.Multi.Generic (1)

08:49:18.0171 6020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:49:18.0562 6020 mnmdd - ok

08:49:18.0734 6020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:49:19.0046 6020 Modem - ok

08:49:19.0187 6020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:49:19.0515 6020 Mouclass - ok

08:49:19.0703 6020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:49:20.0046 6020 mouhid - ok

08:49:20.0187 6020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:49:20.0515 6020 MountMgr - ok

08:49:20.0687 6020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

08:49:21.0046 6020 mraid35x - ok

08:49:21.0281 6020 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

08:49:21.0359 6020 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning

08:49:21.0359 6020 MREMPR5 - detected UnsignedFile.Multi.Generic (1)

08:49:21.0515 6020 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

08:49:21.0546 6020 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning

08:49:21.0562 6020 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)

08:49:21.0718 6020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:49:22.0031 6020 MRxDAV - ok

08:49:22.0187 6020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:49:22.0343 6020 MRxSmb - ok

08:49:22.0593 6020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:49:22.0890 6020 Msfs - ok

08:49:23.0046 6020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:49:23.0390 6020 MSKSSRV - ok

08:49:23.0546 6020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:49:23.0906 6020 MSPCLOCK - ok

08:49:24.0046 6020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:49:24.0375 6020 MSPQM - ok

08:49:24.0531 6020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:49:24.0843 6020 mssmbios - ok

08:49:24.0968 6020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:49:25.0046 6020 Mup - ok

08:49:25.0296 6020 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120216.004\naveng.sys

08:49:25.0328 6020 NAVENG - ok

08:49:25.0562 6020 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120216.004\navex15.sys

08:49:25.0781 6020 NAVEX15 - ok

08:49:25.0953 6020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:49:26.0281 6020 NDIS - ok

08:49:26.0406 6020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:49:26.0515 6020 NdisTapi - ok

08:49:26.0703 6020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:49:27.0031 6020 Ndisuio - ok

08:49:27.0156 6020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:49:27.0515 6020 NdisWan - ok

08:49:27.0671 6020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:49:27.0750 6020 NDProxy - ok

08:49:27.0906 6020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:49:28.0593 6020 NetBIOS - ok

08:49:28.0765 6020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:49:29.0078 6020 NetBT - ok

08:49:29.0359 6020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:49:29.0687 6020 Npfs - ok

08:49:30.0156 6020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:49:30.0703 6020 Ntfs - ok

08:49:31.0156 6020 NTSPPPOE (fa6395b0bfd241c75ff21366828d35c6) C:\WINDOWS\system32\DRIVERS\ntspppoe.sys

08:49:31.0234 6020 NTSPPPOE ( UnsignedFile.Multi.Generic ) - warning

08:49:31.0234 6020 NTSPPPOE - detected UnsignedFile.Multi.Generic (1)

08:49:31.0359 6020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:49:31.0718 6020 Null - ok

08:49:31.0937 6020 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:49:32.0437 6020 nv - ok

08:49:32.0593 6020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:49:32.0937 6020 NwlnkFlt - ok

08:49:33.0078 6020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:49:33.0421 6020 NwlnkFwd - ok

08:49:33.0593 6020 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

08:49:33.0640 6020 omci ( UnsignedFile.Multi.Generic ) - warning

08:49:33.0640 6020 omci - detected UnsignedFile.Multi.Generic (1)

08:49:33.0828 6020 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

08:49:34.0125 6020 P3 - ok

08:49:34.0328 6020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:49:34.0656 6020 Parport - ok

08:49:34.0796 6020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:49:35.0093 6020 PartMgr - ok

08:49:35.0250 6020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:49:35.0609 6020 ParVdm - ok

08:49:35.0765 6020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:49:36.0078 6020 PCI - ok

08:49:36.0203 6020 PCIDump - ok

08:49:36.0312 6020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:49:36.0656 6020 PCIIde - ok

08:49:36.0859 6020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:49:37.0187 6020 Pcmcia - ok

08:49:37.0421 6020 PDCOMP - ok

08:49:37.0546 6020 PDFRAME - ok

08:49:37.0640 6020 PDRELI - ok

08:49:37.0734 6020 PDRFRAME - ok

08:49:37.0859 6020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

08:49:38.0203 6020 perc2 - ok

08:49:38.0453 6020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

08:49:38.0796 6020 perc2hib - ok

08:49:38.0984 6020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:49:39.0296 6020 PptpMiniport - ok

08:49:39.0406 6020 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:49:39.0718 6020 Processor - ok

08:49:39.0859 6020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:49:40.0171 6020 PSched - ok

08:49:40.0312 6020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:49:40.0671 6020 Ptilink - ok

08:49:40.0812 6020 pwd_2k (05a2b66ef7c53bdd2c9cfb836a6620ce) C:\WINDOWS\system32\drivers\pwd_2k.sys

08:49:40.0875 6020 pwd_2k ( UnsignedFile.Multi.Generic ) - warning

08:49:40.0875 6020 pwd_2k - detected UnsignedFile.Multi.Generic (1)

08:49:41.0031 6020 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:49:41.0078 6020 PxHelp20 - ok

08:49:41.0250 6020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

08:49:41.0625 6020 ql1080 - ok

08:49:41.0765 6020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

08:49:42.0109 6020 Ql10wnt - ok

08:49:42.0265 6020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

08:49:42.0625 6020 ql12160 - ok

08:49:42.0812 6020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

08:49:43.0156 6020 ql1240 - ok

08:49:43.0359 6020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

08:49:43.0687 6020 ql1280 - ok

08:49:43.0828 6020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:49:44.0156 6020 RasAcd - ok

08:49:44.0468 6020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:49:44.0781 6020 Rasl2tp - ok

08:49:44.0937 6020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:49:45.0250 6020 RasPppoe - ok

08:49:45.0375 6020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:49:45.0718 6020 Raspti - ok

08:49:45.0843 6020 RAWESR (7ce613915693781815ba07b145003f0d) C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS

08:49:45.0890 6020 RAWESR ( UnsignedFile.Multi.Generic ) - warning

08:49:45.0890 6020 RAWESR - detected UnsignedFile.Multi.Generic (1)

08:49:46.0046 6020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:49:46.0390 6020 Rdbss - ok

08:49:46.0515 6020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:49:46.0859 6020 RDPCDD - ok

08:49:47.0000 6020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:49:47.0328 6020 rdpdr - ok

08:49:47.0500 6020 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

08:49:47.0562 6020 RDPWD - ok

08:49:47.0718 6020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:49:48.0031 6020 redbook - ok

08:49:48.0312 6020 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys

08:49:48.0375 6020 SAVRT - ok

08:49:48.0484 6020 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

08:49:48.0531 6020 SAVRTPEL - ok

08:49:48.0718 6020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:49:49.0031 6020 Secdrv - ok

08:49:49.0171 6020 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:49:49.0531 6020 serenum - ok

08:49:49.0687 6020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:49:49.0984 6020 Serial - ok

08:49:50.0156 6020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:49:50.0484 6020 Sfloppy - ok

08:49:50.0625 6020 Simbad - ok

08:49:50.0781 6020 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

08:49:51.0093 6020 sisagp - ok

08:49:51.0265 6020 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys

08:49:51.0421 6020 smwdm - ok

08:49:51.0593 6020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

08:49:51.0781 6020 Sparrow - ok

08:49:51.0937 6020 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

08:49:52.0015 6020 SPBBCDrv - ok

08:49:52.0171 6020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:49:52.0515 6020 splitter - ok

08:49:52.0687 6020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:49:52.0984 6020 sr - ok

08:49:53.0156 6020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:49:53.0265 6020 Srv - ok

08:49:53.0437 6020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:49:53.0765 6020 swenum - ok

08:49:53.0937 6020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:49:54.0265 6020 swmidi - ok

08:49:54.0453 6020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

08:49:54.0781 6020 symc810 - ok

08:49:54.0906 6020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

08:49:55.0250 6020 symc8xx - ok

08:49:55.0343 6020 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS

08:49:55.0406 6020 SymEvent - ok

08:49:55.0578 6020 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

08:49:55.0625 6020 SYMREDRV - ok

08:49:55.0781 6020 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

08:49:55.0843 6020 SYMTDI - ok

08:49:55.0984 6020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

08:49:56.0312 6020 sym_hi - ok

08:49:56.0468 6020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

08:49:56.0828 6020 sym_u3 - ok

08:49:56.0968 6020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:49:57.0312 6020 sysaudio - ok

08:49:57.0500 6020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:49:57.0750 6020 Tcpip - ok

08:49:57.0890 6020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:49:58.0250 6020 TDPIPE - ok

08:49:58.0390 6020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:49:58.0718 6020 TDTCP - ok

08:49:58.0890 6020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:49:59.0234 6020 TermDD - ok

08:49:59.0484 6020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

08:49:59.0859 6020 TosIde - ok

08:50:00.0000 6020 UdfReadr_xp (3369211d13a73cdc830858ad934a0449) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

08:50:00.0062 6020 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - warning

08:50:00.0062 6020 UdfReadr_xp - detected UnsignedFile.Multi.Generic (1)

08:50:00.0234 6020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:50:00.0609 6020 Udfs - ok

08:50:00.0765 6020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

08:50:00.0984 6020 ultra - ok

08:50:01.0156 6020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:50:01.0546 6020 Update - ok

08:50:01.0718 6020 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys

08:50:01.0812 6020 USBAAPL - ok

08:50:01.0937 6020 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

08:50:02.0093 6020 usbbus - ok

08:50:02.0234 6020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:50:02.0625 6020 usbccgp - ok

08:50:02.0828 6020 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

08:50:02.0921 6020 UsbDiag - ok

08:50:03.0109 6020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:50:03.0468 6020 usbehci - ok

08:50:03.0625 6020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:50:03.0984 6020 usbhub - ok

08:50:04.0078 6020 Usblink - ok

08:50:04.0171 6020 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

08:50:04.0265 6020 USBModem - ok

08:50:04.0406 6020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:50:04.0750 6020 usbprint - ok

08:50:04.0921 6020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:50:05.0265 6020 usbscan - ok

08:50:05.0468 6020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:50:05.0781 6020 USBSTOR - ok

08:50:05.0921 6020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:50:06.0250 6020 usbuhci - ok

08:50:06.0406 6020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:50:06.0734 6020 VgaSave - ok

08:50:06.0875 6020 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

08:50:07.0187 6020 viaagp - ok

08:50:07.0421 6020 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

08:50:07.0765 6020 ViaIde - ok

08:50:07.0921 6020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:50:08.0250 6020 VolSnap - ok

08:50:08.0437 6020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:50:08.0765 6020 Wanarp - ok

08:50:08.0921 6020 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

08:50:09.0031 6020 Wdf01000 - ok

08:50:09.0156 6020 WDICA - ok

08:50:09.0328 6020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:50:09.0671 6020 wdmaud - ok

08:50:09.0921 6020 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS

08:50:09.0968 6020 winusb - ok

08:50:10.0171 6020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

08:50:10.0312 6020 WpdUsb - ok

08:50:10.0515 6020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:50:10.0625 6020 WudfPf - ok

08:50:10.0859 6020 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys

08:50:11.0078 6020 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

08:50:11.0234 6020 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys

08:50:11.0343 6020 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

08:50:11.0375 6020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

08:50:11.0625 6020 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:50:11.0625 6020 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:50:11.0671 6020 Boot (0x1200) (ca17d9e2a690cd1d1cbba16f7fa4a21e) \Device\Harddisk0\DR0\Partition0

08:50:11.0671 6020 \Device\Harddisk0\DR0\Partition0 - ok

08:50:11.0671 6020 ============================================================

08:50:11.0671 6020 Scan finished

08:50:11.0671 6020 ============================================================

08:50:11.0843 5716 Detected object count: 13

08:50:11.0843 5716 Actual detected object count: 13

08:50:30.0250 5716 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0250 5716 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0250 5716 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0250 5716 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0250 5716 cdudf_xp ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0250 5716 cdudf_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0250 5716 dvd_2K ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0250 5716 dvd_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0265 5716 mmc_2K ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0265 5716 mmc_2K ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0265 5716 MREMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0265 5716 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0281 5716 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0281 5716 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0281 5716 NTSPPPOE ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0281 5716 NTSPPPOE ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0281 5716 omci ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0281 5716 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0281 5716 pwd_2k ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0281 5716 pwd_2k ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0296 5716 RAWESR ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0296 5716 RAWESR ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0296 5716 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - skipped by user

08:50:30.0296 5716 UdfReadr_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:50:30.0296 5716 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:50:30.0296 5716 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL Extras logfile created on: 2/18/2012 7:37:50 PM - Run 1

OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Reception\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 464.27 Mb Available Physical Memory | 45.41% Memory free

1.28 Gb Paging File | 0.70 Gb Available in Paging File | 54.29% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38.25 Gb Total Space | 8.29 Gb Free Space | 21.68% Space Free | Partition Type: NTFS

Computer Name: RECPT | User Name: Reception | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Sharp\Sharpdesk\sdFTP.exe" = C:\Program Files\Sharp\Sharpdesk\sdFTP.exe:*:Enabled:sdFTP -- (SHARP CORPORATION)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files\Hasbro Interactive\Clue\Clue.exe" = C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Disabled:Clue -- ()

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)

"C:\Program Files\ScanSoft\OmniForm Premium 5.0\EReg\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniForm Premium 5.0\EReg\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP990_series" = Canon MP990 series MP Drivers

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility

"{3B900457-54B8-4825-8FD8-40D09275F2EC}" = Brother HL-2140

"{43291F01-2C46-4F55-BCE4-0F037559AFAB}" = DynoSim ProTools Engine Simulation v.4.10

"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic

"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8A83AE5F-F59B-4E1F-BF2A-49185A42ED1B}" = LeapFrog My Pals Plugin

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C82257D5-970D-4371-8616-6B8E5693C99F}" = LeapFrog Connect

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7

"{D9E2AA0C-078F-491E-A728-1A621ADF9900}" = OmniForm Premium 5.0

"{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}" = Windows Desktop Search 3.01

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"afairytale" = A Fairy Tale

"AIM_6" = AIM 6

"ATT-AACE" = ATT-AACE

"AVG" = AVG 2012

"AXIS Media Control Embedded" = AXIS Media Control Embedded

"bookoflegends" = Book of Legends

"BroadJump Client Foundation" = BroadJump Client Foundation

"CAL" = Canon Camera Access Library

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CamQuest6 Cam Selection.0408" = CamQuest6 Cam Selection.0408

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MP990 series User Registration" = Canon MP990 series User Registration

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)

"Clue" = Clue

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Cubis Gold 2" = Cubis Gold 2

"CutePDF Form Filler (Evaluation)_is1" = CutePDF Form Filler 3.5 (Evaluation)

"DellSupport" = Dell Support 5.0.0 (766)

"detectivestorieshollywood" = Detective Stories - Hollywood

"DirectXMediaRuntime" = DirectX Media Runtime 5.1

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"EnterNet 300" = EnterNet 300

"escaperosecliffislandtm" = Escape Rosecliff Island

"Glyph 2" = Glyph 2

"HijackThis" = HijackThis 2.0.2

"HP Web Jetadmin" = HP Web Jetadmin

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite

"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)

"lostinreefs" = Lost in Reefs

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705

"Mozilla Firefox (2.0.0.7)" = Mozilla Firefox (2.0.0.7)

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MyCamera" = Canon Utilities MyCamera

"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville

"mysterylegendstmsleepyhollow" = Mystery Legends - Sleepy Hollow

"mysterypitmthenewyorkfortune" = Mystery P.I. - The New York Fortune

"mysticemporium" = Mystic Emporium

"MyWebSearchSearchAssistant" = Search Assistant - My Web Search

"Nancy Drew® - Curse of Blackmoor Manor" = Nancy Drew® - Curse of Blackmoor Manor

"Nancy Drew® - Phantom of Venice" = Nancy Drew® - Phantom of Venice

"Nancy Drew® - Secret of the Old Clock" = Nancy Drew® - Secret of the Old Clock

"Nancy Drew® - The Legend of the Crystal Skull" = Nancy Drew® - The Legend of the Crystal Skull

"nancydrewrdossiertmlightscameracurses" = Nancy Drew® - Dossier - Lights, Camera, Curses!

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PROR" = Microsoft Office Professional 2007

"RealArcade" = RealArcade

"RealPlayer 12.0" = RealPlayer

"Saqqarah" = Saqqarah

"SHARP DC PC-FAX driver" = SHARP DC PC-FAX driver

"Sharpdesk" = Sharpdesk

"Shockwave" = Shockwave

"SpywareBlaster_is1" = SpywareBlaster 4.1

"ST6UNST #1" = DCR Calculator

"Super GameHouse Solitaire Volume 3" = Super GameHouse Solitaire Volume 3

"supercow" = Supercow

"TeamViewer 5" = TeamViewer 5

"The Clumsys" = The Clumsys

"undiscoveredworldtheincansun" = Undiscovered World - The Incan Sun

"UPCShell" = LeapFrog Connect

"wanderingwillowstm" = Wandering Willows

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WETCable" = Windows Easy Transfer

"WildTangent wildgames Master Uninstall" = WildGames

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPatrol" = WinPatrol 2008

"winusb0100" = Microsoft WinUsb 1.0

"wizardspentm" = Wizard's Pen

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Applications" = AT&T Yahoo! Applications

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/8/2012 12:36:43 AM | Computer Name = RECPT | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/8/2012 12:36:43 AM | Computer Name = RECPT | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2012 6:02:00 PM | Computer Name = RECPT | Source = Application Hang | ID = 1002

Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2012 6:02:08 PM | Computer Name = RECPT | Source = Application Hang | ID = 1001

Description = Fault bucket -1992457646.

Error - 2/3/2012 3:54:41 PM | Computer Name = RECPT | Source = Application Error | ID = 1000

Description = Faulting application winpatrol.exe, version 15.9.2008.1, faulting

module msctfime.ime, version 5.1.2600.5512, fault address 0x00013e3c.

Error - 2/3/2012 5:12:28 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3029

Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:

Windows Application, SystemIndex Catalog Details: The content index cannot be read.

(0xc0041800)

Error - 2/3/2012 5:12:28 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3028

Description = The gatherer object cannot be initialized. Context: Windows Application,

SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/3/2012 5:12:28 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3058

Description = The application cannot be initialized. Context: Windows Application

Details:

The

content index cannot be read. (0xc0041800)

Error - 2/4/2012 12:10:03 PM | Computer Name = RECPT | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Windows Application,

SystemIndex Catalog

Error - 2/5/2012 12:50:25 PM | Computer Name = RECPT | Source = Application Hang | ID = 1002

Description = Hanging application WinPatrolEx.exe, version 15.9.2008.1, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]

Error - 8/1/2009 12:59:22 PM | Computer Name = RECPT | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8

seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/1/2009 12:59:41 PM | Computer Name = RECPT | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 2/17/2012 6:13:50 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7016

Description = The OmniForm Printer service has reported an invalid current state

0.

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Java Quick Starter service

to connect.

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000

Description = The Java Quick Starter service failed to start due to the following

error: %%1053

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service

to connect.

Error - 2/17/2012 6:37:02 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000

Description = The Yahoo! Updater service failed to start due to the following error:

%%2

Error - 2/17/2012 7:19:37 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7016

Description = The OmniForm Printer service has reported an invalid current state

0.

Error - 2/18/2012 12:40:35 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000

Description = The Yahoo! Updater service failed to start due to the following error:

%%2

Error - 2/18/2012 12:40:35 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to

connect.

Error - 2/18/2012 12:40:35 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7000

Description = The AVGIDSAgent service failed to start due to the following error:

%%1053

Error - 2/18/2012 12:41:03 PM | Computer Name = RECPT | Source = Service Control Manager | ID = 7023

Description = The Symantec AntiVirus service terminated with the following error:

%%10

< End of report >

OTL logfile created on: 2/18/2012 7:37:50 PM - Run 1

OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\Reception\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 464.27 Mb Available Physical Memory | 45.41% Memory free

1.28 Gb Paging File | 0.70 Gb Available in Paging File | 54.29% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 38.25 Gb Total Space | 8.29 Gb Free Space | 21.68% Space Free | Partition Type: NTFS

Computer Name: RECPT | User Name: Reception | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 19:36:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reception\Desktop\OTL.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/02/13 07:49:03 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/02/11 07:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe

PRC - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2009/07/26 21:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/02/03 08:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/25 15:21:28 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe

PRC - [2008/02/14 20:38:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

PRC - [2008/01/07 18:10:30 | 000,210,200 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe

PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe

PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe

PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

PRC - [2001/09/14 15:06:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Ofps.exe

PRC - [2000/07/11 10:48:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe

========== Modules (No Company Name) ==========

MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll

MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll

MOD - [2008/02/14 20:38:18 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll

MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll

MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll

MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll

MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll

MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll

MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll

MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll

MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll

MOD - [2001/09/14 15:06:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Ofps.exe

MOD - [2000/07/11 10:48:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (YahooAUService)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2010/06/09 18:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2007/10/24 09:40:02 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)

SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - [2005/04/17 12:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2005/04/05 11:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2001/09/14 15:06:18 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\Ofps.exe -- (OmniForm Printer)

SRV - [2000/07/11 10:48:36 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe -- (PPPoEService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)

DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)

DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)

DRV - [2008/04/11 16:45:27 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2008/04/11 16:45:27 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winusb.sys -- (winusb)

DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2005/04/01 20:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)

DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)

DRV - [2004/08/03 21:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/03 21:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/03 21:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/03 21:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/03 21:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/03 21:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/03 21:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 21:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/03 21:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/03 21:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2003/03/20 12:10:40 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2003/03/20 12:10:40 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2003/03/20 12:10:40 | 000,139,674 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2003/03/20 12:10:39 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2003/03/20 12:10:39 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2003/01/15 15:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

DRV - [2000/10/04 09:43:38 | 000,159,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ntspppoe.sys -- (NTSPPPOE)

DRV - [2000/06/26 17:02:08 | 000,009,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Efficient Networks\EnterNet 300\app\rawesr.sys -- (RAWESR)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DA3058EA-33D8-42E8-9276-CB0BADBF8247}: C:\Documents and Settings\Reception\Local Settings\Application Data\{DA3058EA-33D8-42E8-9276-CB0BADBF8247}\ [2011/08/03 23:02:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/05 09:23:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/05 09:25:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 07:50:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/09 19:06:15 | 000,000,000 | ---D | M]

[2010/05/05 02:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions

[2010/05/04 20:56:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/04 20:56:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Reception\Application Data\Mozilla\Firefox\Profiles\uupiuhkm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/05/04 21:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2008/04/10 10:09:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008/05/22 15:53:36 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com

[2008/05/22 15:53:42 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

[2009/01/31 08:18:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/02/13 07:50:50 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2007/09/16 01:35:01 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll

[2007/09/16 01:35:02 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll

[2007/09/16 01:35:02 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll

[2007/09/16 01:35:03 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll

[2007/09/16 01:35:04 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll

[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll

CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AT_BoaMistura = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkgdbohcihpkncnommadnmaicpjikfni\2\

CHR - Extension: AVG Safe Search = C:\Documents and Settings\Reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012/02/03 12:55:16 | 000,000,882 | RH-- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 94.63.147.16 www.google.com

O1 - Hosts: 94.63.147.17 www.bing.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.

O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll (Acro Software Inc.)

O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [Vrixalirikijira] rundll32.exe "C:\WINDOWS\mg3232.dll",Startup File not found

O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)

O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/12/05 03:30:46 | 000,000,000 | ---D | M]

O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab (CanvasX Class)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab (JordanUploader Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233407933693&h=d13abdf447e90debdef59dddb049cd01/&filename=jinstall-6u11-windows-i586-jc.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.3384027778 (Reg Error: Key error.)

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://12.107.193.125:8080/activex/AMC.cab (AxisMediaControlEmb Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab (Yahoo! Toolbar)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228AEB3-7712-4516-9280-9AE0D8F968B6}: DhcpNameServer = 192.168.0.1 68.94.156.1

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Reception\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Reception\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{5ee84cfa-76e7-11da-ae0f-000bdb0e9879}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe

O33 - MountPoints2\{b5e236fe-3d1e-11df-afc9-000bdb0e9879}\Shell\AutoRun\command - "" = E:\install.bat

O33 - MountPoints2\{f7ecfa4f-e637-11de-afbd-000bdb0e9879}\Shell\AutoRun\command - "" = E:\install.bat

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 19:36:53 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Reception\Desktop\OTL.exe

[2012/02/18 14:37:58 | 000,000,000 | ---D | C] -- C:\My Documents\fundraiser letters

[2012/02/18 11:45:28 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/02/18 11:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\SymNetDrv

[2012/02/18 10:36:20 | 004,406,994 | R--- | C] (Swearware) -- C:\Documents and Settings\Reception\Desktop\ComboFix.exe

[2012/02/17 17:26:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/02/17 17:22:58 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Reception\Desktop\tdsskiller.exe

[2012/02/17 13:47:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Reception\Desktop\dds.scr

[2012/02/05 10:17:25 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/02/05 09:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reception\Application Data\AVG2012

[2012/02/05 09:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012

[2012/02/05 09:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2012/02/05 09:23:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2012/02/05 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2012/02/05 01:36:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/02/05 01:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2012/02/04 07:20:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Reception\Desktop\new_one--setup-1.60.1.1000.exe

[2012/02/03 16:06:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Reception\Recent

[2008/02/15 17:28:37 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 19:36:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reception\Desktop\OTL.exe

[2012/02/18 19:23:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4004262914-1469696878-341438875-1006UA.job

[2012/02/18 16:39:50 | 000,151,370 | ---- | M] () -- C:\Documents and Settings\Reception\Desktop\cleveland.bmp

[2012/02/18 16:22:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4004262914-1469696878-341438875-1006Core.job

[2012/02/18 11:41:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2012/02/18 11:39:01 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8190B965-F254-42C4-9192-C4A7E32C6B2F}.job

[2012/02/18 11:36:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2012/02/18 11:36:51 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/18 10:36:30 | 004,406,994 | R--- | M] (Swearware) -- C:\Documents and Settings\Reception\Desktop\ComboFix.exe

[2012/02/18 08:12:55 | 089,363,195 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/02/17 17:22:26 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Reception\Desktop\tdsskiller.exe

[2012/02/17 13:46:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Reception\Desktop\dds.scr

[2012/02/17 13:41:45 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/17 03:29:47 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\Reception\Desktop\Google Chrome.lnk

[2012/02/17 03:29:47 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Reception\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/02/14 15:24:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012/02/13 06:30:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job

[2012/02/09 17:57:06 | 000,020,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/02/07 05:47:21 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/02/07 05:43:22 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2012/02/07 05:14:54 | 000,465,838 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2012/02/07 05:14:54 | 000,079,598 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2012/02/05 09:25:46 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/02/04 07:20:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Reception\Desktop\new_one--setup-1.60.1.1000.exe

[2012/02/03 16:00:57 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP

[2012/02/03 16:00:42 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP

[2012/02/03 16:00:41 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 16:39:50 | 000,151,370 | ---- | C] () -- C:\Documents and Settings\Reception\Desktop\cleveland.bmp

[2012/02/18 08:12:55 | 089,363,195 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/02/09 17:57:06 | 000,020,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/02/07 04:33:26 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys

[2012/02/05 09:25:46 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/02/04 07:23:37 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/03 16:00:41 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP

[2012/02/03 16:00:41 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr

[2012/02/03 16:00:20 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP

[2011/12/31 06:51:59 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/10/12 13:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll

[2011/10/12 13:55:34 | 000,002,411 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2011/08/03 23:02:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Okuvihirewapa.dat

[2011/08/03 23:02:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xjezujolije.bin

[2010/05/18 12:14:42 | 000,059,232 | ---- | C] () -- C:\WINDOWS\System32\CNC990W.DAT

[2008/09/11 08:23:00 | 000,216,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate

[2003/03/20 14:52:05 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Reception\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

I found the problem.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please uninstall:

Symantec AntiVirus

LiveUpdate 2.6 (Symantec Corporation)

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O4 - HKCU..\Run: [Vrixalirikijira] rundll32.exe "C:\WINDOWS\mg3232.dll",Startup File not found
    [2012/02/03 16:00:57 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP
    [2012/02/03 16:00:42 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP
    [2012/02/03 16:00:41 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr

    :files
    C:\Program Files\Viewpoint

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Link to post
Share on other sites

I can not remove the Symantec...when I open it in change/remove programs, there is no "uninstall" option.Yesterday, I removed what I could (there were two Symantec programs, one did have the uninstall option). Should I go ahead with the next step anyway? If I try to launch Symantec, it says that it isn't functioning because it needs a disk...I guess because I uninstalled part of it yesterday?

Link to post
Share on other sites

I did a hard shut down, then ran OTL in safe mode, here is the log...I still have the VIP search coming up...

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.

File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vrixalirikijira deleted successfully.

C:\Documents and Settings\All Users\Application Data\9kWNpeptoA3dKP moved successfully.

C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKP moved successfully.

C:\Documents and Settings\All Users\Application Data\~9kWNpeptoA3dKPr moved successfully.

========== FILES ==========

C:\Program Files\Viewpoint\Viewpoint Toolbar folder moved successfully.

C:\Program Files\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 167682 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32969 bytes

User: Reception

->Temp folder emptied: 91846647 bytes

->Temporary Internet Files folder emptied: 18553477 bytes

->Java cache emptied: 12306094 bytes

->FireFox cache emptied: 44948326 bytes

->Google Chrome cache emptied: 89819007 bytes

->Flash cache emptied: 44040 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 203170 bytes

%systemroot%\System32 .tmp files removed: 2675729 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 48037413 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51039308 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 421907 bytes

RecycleBin emptied: 375475083 bytes

Total Files Cleaned = 702.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.33.0 log created on 02202012_180943

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Very good! :)

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

MWB did not find anything. ESET (do I have that name right?) Found 3 and cleaned them, but I still have the problem.

cacESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5bb5ce9da4e4a44fbdd0a4e77a3cf447

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-21 08:04:13

# local_time=2012-02-21 03:04:13 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 95641134 95641134 0 0

# compatibility_mode=1024 16777215 100 0 475638 475638 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=141842

# found=3

# cleaned=3

# scan_time=9383

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQF6.tmp a variant of Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.02.2012_17.23.35\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\17.02.2012_18.15.44\tdlfs0000\tsk0004.dta Win32/Olmasco.O trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.21.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Reception :: RECPT [administrator]

Protection: Enabled

2/21/2012 11:45:00 AM

mbam-log-2012-02-21 (11-45-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 177998

Time elapsed: 15 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.