Windows Recover Virus: Start Menu program shortcuts missing after removal

rusty7jr · June 13, 2012

Hello - I got the Windows Recover Virus a couple of weeks ago. I ran the unhide.exe and followed all the instructions to repair all of my links...except for the links within the Start menu. Bascially - I go to my start menu > All Programs > iTunes = (Empty). Most of my Start menu items are like this (including System Tools, etc.)

Any help would be appreciated.

Thanks,

Jeremy

attach.txt

dds.txt

Maniac · June 13, 2012

Hello Jeremy and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Avira AntiVir Personal - Free Antivirus and to keep Microsoft Security Essentials.

Also, uninstall Stream Torrent 1.0, because is against our policy.

http://forums.malwarebytes.org/index.php?showtopic=97700

Next, uninstall AVG Security Toolbar, because of unwanted changes in your browser.

http://remove-malware.com/antimalware/anti-malware-reviews/avg-security-toolbar%E2%80%A6no-thanks%E2%80%A6/

Finally, reboot your PC.

Step 2

About your empty Start Menu, please download and run this tool:

http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
a new fresh DDS log file

rusty7jr · June 14, 2012

Hello Maniac,

First, thanks for your quick help.

I removed the programs and ran the file as you suggested as well as running Malwarebytes. Below are the results:

Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.14.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jeremy :: JEREMY-95D7C127 [administrator]

6/13/2012 9:56:28 PM

mbam-log-2012-06-13 (21-56-28).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 433758

Time elapsed: 32 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

a new fresh DDS log file

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Jeremy at 22:35:32 on 2012-06-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1399 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={BC493BCB-6623-4CC5-A6E6-A6D4FBDCEE2B}&mid=4e1ef560b72647d0a615d15f30bf0f9a-89b88e2e117dd1237b7c8d4f4dfceb8fd7972068〈=en&ds=st011&pr=sa&d=2012-04-07 21:42:37&v=9.0.0.23&sap=hp

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = *.local

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab

DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://lakewoodphoto.lifepics.com/net/Uploader/LPUploader57.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{BC83753A-4C97-46A8-8F57-5664FDE25077} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 257696]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-12-26 18560]

.

=============== Created Last 30 ================

.

2012-06-14 02:05:09 6737808 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{8ae48a06-c7e4-48c8-9fb3-d71819815255}\mpengine.dll

2012-06-13 18:25:59 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-13 01:14:51 6737808 ------w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-05-18 01:48:32 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 01:46:04 -------- d-----w- c:\program files\Microsoft Security Client

.

==================== Find3M ====================

.

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-05 17:45:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 17:45:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 22:37:01.81 ===============

Unfortunately, I'm still missing some of the actual shortcuts within the start menu. Some items have been restored, for example within the System Tools folder, but other have not - like iTunes. I've also attached a screenshot of what I mean in case I'm not explaining it well enough. Any thoughts?

Thanks again,

Jeremy

screenshot of blank.bmp

Maniac · June 14, 2012

There is no chance for this to happen, so you have to manually make your shortcuts.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

rusty7jr · June 15, 2012

OK, so as long as the files are not actually lost then if I understand correctly I just need to remap them, correct?

I ran OTL and got the OTL.txt but not Extras.txt. Below is OTL.txt:

OTL logfile created on: 6/14/2012 9:55:49 PM - Run 3

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.83% Memory free

2.58 Gb Paging File | 2.30 Gb Available in Paging File | 89.02% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 51.21 Gb Total Space | 3.79 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Drive D: | 18.60 Gb Total Space | 1.12 Gb Free Space | 6.00% Space Free | Partition Type: NTFS

Computer Name: JEREMY-95D7C127 | User Name: Jeremy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 21:54:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\OTL.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/10/27 21:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 13:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/05/14 13:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/01 18:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

PRC - [2007/09/17 12:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll

MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll

MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2009/11/03 17:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2007/11/01 18:13:08 | 000,012,288 | ---- | M] () -- C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll

MOD - [2004/08/10 07:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2001/10/29 03:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/05/05 13:45:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/08/19 05:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JEREMY~1.JER\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2011/11/12 12:18:20 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2011/08/19 05:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)

DRV - [2011/08/19 05:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2010/04/30 18:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/04/30 18:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2004/11/22 19:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)

DRV - [2004/11/22 19:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)

DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={BC493BCB-6623-4CC5-A6E6-A6D4FBDCEE2B}&mid=4e1ef560b72647d0a615d15f30bf0f9a-89b88e2e117dd1237b7c8d4f4dfceb8fd7972068〈=en&ds=st011&pr=sa&d=2012-04-07 21:42:37&v=9.0.0.23&sap=hp

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 0D F2 72 AF 95 CB 01 [binary data]

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\..\SearchScopes\{571FCD56-2C08-401F-8910-65BE24FB242A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BC493BCB-6623-4CC5-A6E6-A6D4FBDCEE2B}&mid=4e1ef560b72647d0a615d15f30bf0f9a-89b88e2e117dd1237b7c8d4f4dfceb8fd7972068〈=en&ds=st011&pr=sa&d=2012-04-07 21:42:37&v=9.0.0.23&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-1425521274-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

[2009/02/10 20:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\Extensions

[2009/09/12 15:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\Firefox\Profiles\w9qiz7c5.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Move Media Player 7 (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - Extension: YouTube = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/12/14 23:29:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-839522115-1425521274-725345543-1004\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-839522115-1425521274-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-839522115-1425521274-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (CanvasX Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://lakewoodphoto.lifepics.com/net/Uploader/LPUploader57.cab (Image Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC83753A-4C97-46A8-8F57-5664FDE25077}: DhcpNameServer = 75.75.76.76 75.75.75.75

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 21:54:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\OTL.exe

[2012/06/12 21:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/17 21:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/05/17 21:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Recent

[2012/05/17 21:41:09 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\mbam-setup-1.61.0.1400.exe

[2012/05/16 15:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Start Menu\Programs\Data Recovery

========== Files - Modified Within 30 Days ==========

[2012/06/14 21:54:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\OTL.exe

[2012/06/14 21:52:23 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2012/06/14 21:45:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/06/14 21:28:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1425521274-725345543-1004UA.job

[2012/06/14 17:57:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/06/14 14:37:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/06/14 14:28:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1425521274-725345543-1004Core.job

[2012/06/14 14:27:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/06/14 14:26:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2012/06/13 22:45:49 | 001,419,318 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\screenshot of blank.bmp

[2012/06/13 22:43:23 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

[2012/06/13 19:52:51 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/06/13 19:34:37 | 000,474,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/13 19:34:37 | 000,084,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/13 19:15:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/06/12 21:14:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/12 21:02:44 | 000,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/06/08 14:25:48 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2012/06/05 20:54:21 | 002,947,093 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\hinge 03.jpg

[2012/06/05 20:52:43 | 002,876,250 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\hinge 02.jpg

[2012/06/05 20:51:52 | 002,213,892 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\hinge 01.jpg

[2012/05/25 15:34:03 | 002,454,680 | ---- | M] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\photo (2).jpg

[2012/05/17 21:47:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/05/17 21:41:17 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\mbam-setup-1.61.0.1400.exe

[2012/05/16 15:01:09 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnHr

[2012/05/16 15:01:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnH

[2012/05/16 15:01:03 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BcAn1kFZwvxQnH

[2012/05/16 09:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/05/16 08:24:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/06/13 22:45:49 | 001,419,318 | ---- | C] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\screenshot of blank.bmp

[2012/06/13 21:49:41 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN.lnk

[2012/06/13 21:49:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Movie Maker.lnk

[2012/06/13 21:49:41 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Messenger.lnk

[2012/06/12 21:14:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/05 20:53:32 | 002,947,093 | ---- | C] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\hinge 03.jpg

[2012/06/05 20:52:56 | 002,876,250 | ---- | C] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\hinge 02.jpg

[2012/06/05 20:52:33 | 002,213,892 | ---- | C] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\hinge 01.jpg

[2012/05/25 15:34:46 | 002,454,680 | ---- | C] () -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Desktop\photo (2).jpg

[2012/05/17 21:56:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/05/17 21:56:57 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2012/05/17 21:47:12 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/05/17 21:47:00 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/16 15:01:09 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnHr

[2012/05/16 15:01:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnH

[2012/05/16 15:01:00 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BcAn1kFZwvxQnH

[2012/02/16 11:48:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/05/25 21:19:56 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/12/14 23:11:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/12/14 23:11:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/12/14 23:11:58 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/12/14 23:11:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/12/14 23:11:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/11/30 22:21:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll

[2010/07/06 20:32:23 | 000,026,928 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== LOP Check ==========

[2008/02/25 22:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2007/09/25 20:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/09/03 14:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATTYToolbar

[2012/04/07 21:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files

[2008/07/08 22:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DIGStream

[2009/01/08 23:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON

[2011/12/26 11:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Leapfrog

[2009/06/23 20:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters

[2012/04/07 21:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

[2010/07/06 20:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/15 22:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2006/09/23 11:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy Rusticus\Application Data\ICAClient

[2008/02/05 22:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy Rusticus\Application Data\Leadertech

[2006/12/22 11:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy Rusticus\Application Data\Snapfish

[2007/10/15 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint

[2011/09/04 21:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Canon

[2009/07/29 19:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/03/07 21:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\com.ynab.YNAB3.LiveCaptive.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1

[2010/02/18 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\E-centives

[2010/01/10 15:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\EPSON

[2011/03/12 13:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\gtk-2.0

[2008/07/21 21:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\ICAClient

[2009/01/08 22:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Leadertech

[2008/08/05 20:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Snapfish

[2009/10/24 19:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\StreamTorrent

[2010/12/06 22:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\SWF.max

[2011/08/17 20:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\TANDBERG

[2007/09/25 20:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Rusticus\Application Data\Viewpoint

[2012/06/14 21:52:23 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========

< End of report >

rusty7jr · June 15, 2012

Can I just revert to system settings from a month or two ago? Would that restore my shortcuts?

Maniac · June 15, 2012

Can I just revert to system settings from a month or two ago? Would that restore my shortcuts?

This will not help. Let me explain it this way: External applications (those that were installed separately from Windows), there is no way to recover, unless you reinstall the application or create a shortcut manually.

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2012/05/16 15:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Start Menu\Programs\Data Recovery
[2012/05/16 15:01:09 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnHr
[2012/05/16 15:01:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnH
[2012/05/16 15:01:03 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BcAn1kFZwvxQnH
[2007/09/25 20:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/03 14:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATTYToolbar
[2007/10/15 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint
[2009/10/24 19:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\StreamTorrent

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, post the following log files:

OTL Fix log
TDSSKiller log

rusty7jr · June 19, 2012

Sorry for the delay in my latest reply. Below are the log files for the following

OTL Fix log

All processes killed

========== OTL ==========

C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Start Menu\Programs\Data Recovery folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnHr moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\-BcAn1kFZwvxQnH moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\BcAn1kFZwvxQnH moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\ATTYToolbar folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\Jeremy Rusticus\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\StreamTorrent\1.0\config folder moved successfully.

C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\StreamTorrent\1.0 folder moved successfully.

C:\Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\StreamTorrent folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JEREMY-95D7C127

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JEREMY-95D7C127.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Jeremy

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jeremy Rusticus

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jeremy.JEREMY-95D7C127

->Temp folder emptied: 503973326 bytes

->Temporary Internet Files folder emptied: 46791537 bytes

->Java cache emptied: 6459 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 291250865 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 15397 bytes

User: JEREMY~1~JER

User: Lisa

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Lisa Rusticus

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000

->Temp folder emptied: 100374 bytes

->Temporary Internet Files folder emptied: 811236 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 38042741 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 115215786 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 12180990 bytes

Total Files Cleaned = 962.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06182012_204639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

TDSSKiller log

20:56:09.0343 3892 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

20:56:09.0687 3892 ============================================================

20:56:09.0687 3892 Current date / time: 2012/06/18 20:56:09.0687

20:56:09.0703 3892 SystemInfo:

20:56:09.0703 3892

20:56:09.0703 3892 OS Version: 5.1.2600 ServicePack: 3.0

20:56:09.0703 3892 Product type: Workstation

20:56:09.0718 3892 ComputerName: JEREMY-95D7C127

20:56:09.0734 3892 UserName: Jeremy

20:56:09.0734 3892 Windows directory: C:\WINDOWS

20:56:09.0734 3892 System windows directory: C:\WINDOWS

20:56:09.0734 3892 Processor architecture: Intel x86

20:56:09.0734 3892 Number of processors: 2

20:56:09.0734 3892 Page size: 0x1000

20:56:09.0734 3892 Boot type: Normal boot

20:56:09.0734 3892 ============================================================

20:56:13.0734 3892 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:56:14.0234 3892 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:56:14.0234 3892 ============================================================

20:56:14.0234 3892 \Device\Harddisk0\DR0:

20:56:14.0234 3892 MBR partitions:

20:56:14.0234 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x666B5DD

20:56:14.0234 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6682E63, BlocksNum 0x2532E7C

20:56:14.0234 3892 \Device\Harddisk1\DR5:

20:56:14.0234 3892 MBR partitions:

20:56:14.0234 3892 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982

20:56:14.0234 3892 ============================================================

20:56:14.0250 3892 C: <-> \Device\Harddisk0\DR0\Partition0

20:56:14.0296 3892 D: <-> \Device\Harddisk0\DR0\Partition1

20:56:14.0312 3892 I: <-> \Device\Harddisk1\DR5\Partition0

20:56:14.0312 3892 ============================================================

20:56:14.0312 3892 Initialize success

20:56:14.0312 3892 ============================================================

20:57:12.0468 0428 ============================================================

20:57:12.0468 0428 Scan started

20:57:12.0468 0428 Mode: Manual; SigCheck; TDLFS;

20:57:12.0468 0428 ============================================================

20:57:12.0843 0428 Abiosdsk - ok

20:57:12.0875 0428 abp480n5 - ok

20:57:13.0000 0428 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

20:57:13.0234 0428 ACDaemon - ok

20:57:13.0281 0428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:57:14.0484 0428 ACPI - ok

20:57:14.0515 0428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:57:14.0671 0428 ACPIEC - ok

20:57:14.0765 0428 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:57:14.0921 0428 AdobeFlashPlayerUpdateSvc - ok

20:57:14.0937 0428 adpu160m - ok

20:57:15.0000 0428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:57:15.0140 0428 aec - ok

20:57:15.0171 0428 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:57:15.0203 0428 AFD - ok

20:57:15.0218 0428 Aha154x - ok

20:57:15.0250 0428 aic78u2 - ok

20:57:15.0265 0428 aic78xx - ok

20:57:15.0328 0428 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

20:57:15.0515 0428 Alerter - ok

20:57:15.0546 0428 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

20:57:15.0625 0428 ALG - ok

20:57:15.0640 0428 AliIde - ok

20:57:15.0656 0428 amsint - ok

20:57:15.0703 0428 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

20:57:15.0812 0428 AppMgmt - ok

20:57:15.0828 0428 asc - ok

20:57:15.0843 0428 asc3350p - ok

20:57:15.0875 0428 asc3550 - ok

20:57:15.0953 0428 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

20:57:16.0000 0428 ASPI32 ( UnsignedFile.Multi.Generic ) - warning

20:57:16.0000 0428 ASPI32 - detected UnsignedFile.Multi.Generic (1)

20:57:16.0140 0428 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:57:16.0218 0428 aspnet_state - ok

20:57:16.0265 0428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:57:16.0421 0428 AsyncMac - ok

20:57:16.0453 0428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:57:16.0609 0428 atapi - ok

20:57:16.0625 0428 Atdisk - ok

20:57:16.0671 0428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:57:16.0875 0428 Atmarpc - ok

20:57:16.0906 0428 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

20:57:17.0078 0428 AudioSrv - ok

20:57:17.0125 0428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:57:17.0281 0428 audstub - ok

20:57:17.0421 0428 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

20:57:17.0531 0428 BBSvc - ok

20:57:17.0578 0428 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

20:57:17.0718 0428 BBUpdate - ok

20:57:17.0765 0428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:57:17.0937 0428 Beep - ok

20:57:17.0984 0428 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

20:57:18.0265 0428 BITS - ok

20:57:18.0343 0428 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe

20:57:18.0437 0428 Bonjour Service - ok

20:57:18.0484 0428 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

20:57:18.0656 0428 Browser - ok

20:57:18.0750 0428 catchme - ok

20:57:18.0796 0428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:57:18.0984 0428 cbidf2k - ok

20:57:19.0015 0428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:57:19.0203 0428 CCDECODE - ok

20:57:19.0218 0428 cd20xrnt - ok

20:57:19.0265 0428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:57:19.0437 0428 Cdaudio - ok

20:57:19.0484 0428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:57:19.0625 0428 Cdfs - ok

20:57:19.0656 0428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:57:19.0859 0428 Cdrom - ok

20:57:19.0906 0428 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

20:57:19.0953 0428 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

20:57:19.0953 0428 cercsr6 - detected UnsignedFile.Multi.Generic (1)

20:57:19.0968 0428 Changer - ok

20:57:20.0015 0428 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

20:57:20.0203 0428 CiSvc - ok

20:57:20.0250 0428 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

20:57:20.0453 0428 ClipSrv - ok

20:57:20.0578 0428 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:57:20.0640 0428 clr_optimization_v2.0.50727_32 - ok

20:57:20.0656 0428 CmdIde - ok

20:57:20.0671 0428 COMSysApp - ok

20:57:20.0718 0428 Cpqarray - ok

20:57:20.0765 0428 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

20:57:20.0984 0428 CryptSvc - ok

20:57:21.0000 0428 dac2w2k - ok

20:57:21.0015 0428 dac960nt - ok

20:57:21.0093 0428 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

20:57:21.0171 0428 DcomLaunch - ok

20:57:21.0218 0428 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

20:57:21.0390 0428 Dhcp - ok

20:57:21.0437 0428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:57:21.0625 0428 Disk - ok

20:57:21.0640 0428 dmadmin - ok

20:57:21.0718 0428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:57:21.0953 0428 dmboot - ok

20:57:21.0984 0428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:57:22.0156 0428 dmio - ok

20:57:22.0171 0428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:57:22.0359 0428 dmload - ok

20:57:22.0390 0428 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

20:57:22.0562 0428 dmserver - ok

20:57:22.0593 0428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:57:22.0734 0428 DMusic - ok

20:57:22.0765 0428 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

20:57:22.0859 0428 Dnscache - ok

20:57:22.0906 0428 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

20:57:23.0109 0428 Dot3svc - ok

20:57:23.0125 0428 dpti2o - ok

20:57:23.0171 0428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:57:23.0312 0428 drmkaud - ok

20:57:23.0359 0428 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

20:57:23.0421 0428 E100B - ok

20:57:23.0437 0428 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

20:57:23.0656 0428 EapHost - ok

20:57:23.0765 0428 ehRecvr (27434c42a13c11f92ca45840b720d671) C:\WINDOWS\eHome\ehRecvr.exe

20:57:23.0843 0428 ehRecvr ( UnsignedFile.Multi.Generic ) - warning

20:57:23.0843 0428 ehRecvr - detected UnsignedFile.Multi.Generic (1)

20:57:23.0875 0428 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe

20:57:23.0968 0428 ehSched - ok

20:57:24.0015 0428 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

20:57:24.0187 0428 ERSvc - ok

20:57:24.0234 0428 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:57:24.0265 0428 Eventlog - ok

20:57:24.0296 0428 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

20:57:24.0359 0428 EventSystem - ok

20:57:24.0390 0428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:57:24.0562 0428 Fastfat - ok

20:57:24.0640 0428 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:57:24.0734 0428 FastUserSwitchingCompatibility - ok

20:57:24.0765 0428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:57:24.0937 0428 Fdc - ok

20:57:24.0984 0428 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

20:57:25.0046 0428 FilterService - ok

20:57:25.0093 0428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:57:25.0281 0428 Fips - ok

20:57:25.0296 0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:57:25.0468 0428 Flpydisk - ok

20:57:25.0515 0428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:57:25.0687 0428 FltMgr - ok

20:57:25.0734 0428 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

20:57:25.0828 0428 FlyUsb - ok

20:57:25.0921 0428 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:57:25.0953 0428 FontCache3.0.0.0 - ok

20:57:26.0000 0428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:57:26.0156 0428 Fs_Rec - ok

20:57:26.0203 0428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:57:26.0359 0428 Ftdisk - ok

20:57:26.0390 0428 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:57:26.0437 0428 GEARAspiWDM - ok

20:57:26.0500 0428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:57:26.0671 0428 Gpc - ok

20:57:26.0796 0428 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:57:26.0875 0428 gusvc - ok

20:57:26.0906 0428 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:57:27.0046 0428 HDAudBus - ok

20:57:27.0125 0428 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:57:27.0312 0428 helpsvc - ok

20:57:27.0328 0428 HidServ - ok

20:57:27.0390 0428 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:57:27.0546 0428 hidusb - ok

20:57:27.0640 0428 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

20:57:27.0859 0428 hkmsvc - ok

20:57:27.0875 0428 hpn - ok

20:57:27.0921 0428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:57:27.0984 0428 HTTP - ok

20:57:28.0015 0428 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

20:57:28.0156 0428 HTTPFilter - ok

20:57:28.0171 0428 i2omgmt - ok

20:57:28.0187 0428 i2omp - ok

20:57:28.0218 0428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

20:57:28.0406 0428 i8042prt - ok

20:57:28.0500 0428 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:57:28.0671 0428 idsvc - ok

20:57:28.0718 0428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:57:28.0890 0428 Imapi - ok

20:57:28.0937 0428 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

20:57:29.0078 0428 ImapiService - ok

20:57:29.0093 0428 ini910u - ok

20:57:29.0156 0428 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:57:29.0312 0428 IntelIde - ok

20:57:29.0343 0428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:57:29.0515 0428 intelppm - ok

20:57:29.0562 0428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:57:29.0765 0428 Ip6Fw - ok

20:57:29.0812 0428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:57:29.0984 0428 IpFilterDriver - ok

20:57:30.0046 0428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:57:30.0250 0428 IpInIp - ok

20:57:30.0296 0428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:57:30.0421 0428 IpNat - ok

20:57:30.0531 0428 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe

20:57:30.0562 0428 iPod Service - ok

20:57:30.0609 0428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:57:30.0828 0428 IPSec - ok

20:57:30.0875 0428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:57:30.0968 0428 IRENUM - ok

20:57:31.0000 0428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:57:31.0171 0428 isapnp - ok

20:57:31.0218 0428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:57:31.0390 0428 Kbdclass - ok

20:57:31.0406 0428 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:57:31.0562 0428 kbdhid - ok

20:57:31.0593 0428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:57:31.0734 0428 kmixer - ok

20:57:31.0781 0428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:57:31.0875 0428 KSecDD - ok

20:57:31.0921 0428 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

20:57:31.0984 0428 lanmanserver - ok

20:57:32.0031 0428 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

20:57:32.0078 0428 lanmanworkstation - ok

20:57:32.0093 0428 lbrtfdc - ok

20:57:32.0468 0428 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

20:57:32.0890 0428 LeapFrog Connect Device Service - ok

20:57:33.0015 0428 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

20:57:33.0187 0428 LmHosts - ok

20:57:33.0265 0428 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys

20:57:33.0328 0428 LVRS - ok

20:57:33.0515 0428 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

20:57:33.0703 0428 LVUVC - ok

20:57:33.0812 0428 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe

20:57:34.0046 0428 McciCMService ( UnsignedFile.Multi.Generic ) - warning

20:57:34.0046 0428 McciCMService - detected UnsignedFile.Multi.Generic (1)

20:57:34.0093 0428 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

20:57:34.0109 0428 MDM - ok

20:57:34.0250 0428 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

20:57:34.0437 0428 Messenger - ok

20:57:34.0453 0428 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

20:57:34.0546 0428 MHN ( UnsignedFile.Multi.Generic ) - warning

20:57:34.0546 0428 MHN - detected UnsignedFile.Multi.Generic (1)

20:57:34.0625 0428 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

20:57:34.0671 0428 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

20:57:34.0671 0428 MHNDRV - detected UnsignedFile.Multi.Generic (1)

20:57:34.0718 0428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:57:34.0875 0428 mnmdd - ok

20:57:34.0921 0428 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

20:57:35.0140 0428 mnmsrvc - ok

20:57:35.0171 0428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:57:35.0359 0428 Modem - ok

20:57:35.0390 0428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:57:35.0546 0428 Mouclass - ok

20:57:35.0625 0428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:57:35.0781 0428 mouhid - ok

20:57:35.0812 0428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:57:35.0984 0428 MountMgr - ok

20:57:36.0031 0428 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

20:57:36.0078 0428 MpFilter - ok

20:57:36.0093 0428 mraid35x - ok

20:57:36.0140 0428 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

20:57:36.0187 0428 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

20:57:36.0187 0428 MREMP50 - detected UnsignedFile.Multi.Generic (1)

20:57:36.0281 0428 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

20:57:36.0343 0428 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning

20:57:36.0343 0428 MREMPR5 - detected UnsignedFile.Multi.Generic (1)

20:57:36.0375 0428 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

20:57:36.0421 0428 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning

20:57:36.0421 0428 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)

20:57:36.0453 0428 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

20:57:36.0500 0428 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

20:57:36.0500 0428 MRESP50 - detected UnsignedFile.Multi.Generic (1)

20:57:36.0578 0428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:57:36.0734 0428 MRxDAV - ok

20:57:36.0796 0428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:57:36.0890 0428 MRxSmb - ok

20:57:36.0921 0428 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

20:57:37.0093 0428 MSDTC - ok

20:57:37.0171 0428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:57:37.0390 0428 Msfs - ok

20:57:37.0406 0428 MSIServer - ok

20:57:37.0453 0428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:57:37.0625 0428 MSKSSRV - ok

20:57:37.0687 0428 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

20:57:37.0734 0428 MsMpSvc - ok

20:57:37.0765 0428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:57:37.0937 0428 MSPCLOCK - ok

20:57:37.0968 0428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:57:38.0156 0428 MSPQM - ok

20:57:38.0171 0428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:57:38.0312 0428 mssmbios - ok

20:57:38.0359 0428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:57:38.0500 0428 MSTEE - ok

20:57:38.0531 0428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:57:38.0562 0428 Mup - ok

20:57:38.0609 0428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:57:38.0781 0428 NABTSFEC - ok

20:57:38.0828 0428 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

20:57:39.0046 0428 napagent - ok

20:57:39.0125 0428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:57:39.0312 0428 NDIS - ok

20:57:39.0359 0428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:57:39.0515 0428 NdisIP - ok

20:57:39.0562 0428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:57:39.0625 0428 NdisTapi - ok

20:57:39.0671 0428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:57:39.0843 0428 Ndisuio - ok

20:57:39.0859 0428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:57:40.0078 0428 NdisWan - ok

20:57:40.0109 0428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:57:40.0140 0428 NDProxy - ok

20:57:40.0171 0428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:57:40.0343 0428 NetBIOS - ok

20:57:40.0406 0428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:57:40.0578 0428 NetBT - ok

20:57:40.0625 0428 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

20:57:40.0859 0428 NetDDE - ok

20:57:40.0875 0428 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

20:57:41.0015 0428 NetDDEdsdm - ok

20:57:41.0046 0428 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:57:41.0203 0428 Netlogon - ok

20:57:41.0250 0428 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

20:57:41.0421 0428 Netman - ok

20:57:41.0578 0428 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:57:41.0625 0428 NetTcpPortSharing - ok

20:57:41.0671 0428 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

20:57:41.0687 0428 Nla - ok

20:57:41.0734 0428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:57:41.0906 0428 Npfs - ok

20:57:41.0953 0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:57:42.0171 0428 Ntfs - ok

20:57:42.0187 0428 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:57:42.0343 0428 NtLmSsp - ok

20:57:42.0406 0428 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

20:57:42.0625 0428 NtmsSvc - ok

20:57:42.0671 0428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:57:42.0812 0428 Null - ok

20:57:42.0859 0428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:57:43.0031 0428 NwlnkFlt - ok

20:57:43.0062 0428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:57:43.0218 0428 NwlnkFwd - ok

20:57:43.0296 0428 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:57:43.0328 0428 ose - ok

20:57:43.0406 0428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

20:57:43.0593 0428 Parport - ok

20:57:43.0640 0428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:57:43.0828 0428 PartMgr - ok

20:57:43.0875 0428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:57:44.0031 0428 ParVdm - ok

20:57:44.0062 0428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:57:44.0265 0428 PCI - ok

20:57:44.0281 0428 PCIDump - ok

20:57:44.0359 0428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

20:57:44.0500 0428 PCIIde - ok

20:57:44.0578 0428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

20:57:44.0765 0428 Pcmcia - ok

20:57:44.0781 0428 PDCOMP - ok

20:57:44.0796 0428 PDFRAME - ok

20:57:44.0828 0428 PDRELI - ok

20:57:44.0843 0428 PDRFRAME - ok

20:57:44.0875 0428 perc2 - ok

20:57:44.0890 0428 perc2hib - ok

20:57:45.0000 0428 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

20:57:45.0031 0428 PlugPlay - ok

20:57:45.0031 0428 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:57:45.0171 0428 PolicyAgent - ok

20:57:45.0218 0428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:57:45.0390 0428 PptpMiniport - ok

20:57:45.0406 0428 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:57:45.0562 0428 ProtectedStorage - ok

20:57:45.0578 0428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:57:45.0781 0428 PSched - ok

20:57:45.0828 0428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:57:46.0000 0428 Ptilink - ok

20:57:46.0031 0428 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:57:46.0078 0428 PxHelp20 - ok

20:57:46.0093 0428 ql1080 - ok

20:57:46.0125 0428 Ql10wnt - ok

20:57:46.0140 0428 ql12160 - ok

20:57:46.0171 0428 ql1240 - ok

20:57:46.0187 0428 ql1280 - ok

20:57:46.0218 0428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:57:46.0390 0428 RasAcd - ok

20:57:46.0437 0428 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

20:57:46.0625 0428 RasAuto - ok

20:57:46.0671 0428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:57:46.0859 0428 Rasl2tp - ok

20:57:46.0890 0428 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

20:57:47.0046 0428 RasMan - ok

20:57:47.0062 0428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:57:47.0250 0428 RasPppoe - ok

20:57:47.0265 0428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:57:47.0421 0428 Raspti - ok

20:57:47.0453 0428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:57:47.0625 0428 Rdbss - ok

20:57:47.0656 0428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:57:47.0796 0428 RDPCDD - ok

20:57:47.0843 0428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:57:48.0000 0428 rdpdr - ok

20:57:48.0062 0428 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

20:57:48.0156 0428 RDPWD - ok

20:57:48.0203 0428 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

20:57:48.0406 0428 RDSessMgr - ok

20:57:48.0468 0428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:57:48.0640 0428 redbook - ok

20:57:48.0687 0428 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

20:57:48.0875 0428 RemoteAccess - ok

20:57:48.0921 0428 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

20:57:49.0062 0428 RemoteRegistry - ok

20:57:49.0203 0428 RichVideo (b216b03852df788c7e2afdf6c6e8a9b0) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

20:57:49.0218 0428 RichVideo ( UnsignedFile.Multi.Generic ) - warning

20:57:49.0218 0428 RichVideo - detected UnsignedFile.Multi.Generic (1)

20:57:49.0250 0428 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

20:57:49.0437 0428 RpcLocator - ok

20:57:49.0484 0428 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

20:57:49.0546 0428 RpcSs - ok

20:57:49.0593 0428 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

20:57:49.0796 0428 RSVP - ok

20:57:49.0828 0428 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

20:57:49.0968 0428 SamSs - ok

20:57:50.0015 0428 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

20:57:50.0234 0428 SCardSvr - ok

20:57:50.0281 0428 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

20:57:50.0453 0428 Schedule - ok

20:57:50.0531 0428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:57:50.0625 0428 Secdrv - ok

20:57:50.0656 0428 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

20:57:50.0796 0428 seclogon - ok

20:57:50.0812 0428 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

20:57:50.0968 0428 SENS - ok

20:57:51.0031 0428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

20:57:51.0250 0428 Serial - ok

20:57:51.0312 0428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:57:51.0468 0428 Sfloppy - ok

20:57:51.0515 0428 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

20:57:51.0718 0428 SharedAccess - ok

20:57:51.0750 0428 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:57:51.0781 0428 ShellHWDetection - ok

20:57:51.0796 0428 Simbad - ok

20:57:51.0859 0428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:57:52.0031 0428 SLIP - ok

20:57:52.0062 0428 Sparrow - ok

20:57:52.0109 0428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:57:52.0250 0428 splitter - ok

20:57:52.0281 0428 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

20:57:52.0328 0428 Spooler - ok

20:57:52.0390 0428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:57:52.0515 0428 sr - ok

20:57:52.0562 0428 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

20:57:52.0625 0428 srservice - ok

20:57:52.0687 0428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:57:52.0765 0428 Srv - ok

20:57:52.0796 0428 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

20:57:52.0875 0428 SSDPSRV - ok

20:57:52.0937 0428 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

20:57:53.0062 0428 STHDA - ok

20:57:53.0109 0428 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

20:57:53.0250 0428 stisvc - ok

20:57:53.0328 0428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:57:53.0500 0428 streamip - ok

20:57:53.0562 0428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:57:53.0718 0428 swenum - ok

20:57:53.0734 0428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:57:53.0875 0428 swmidi - ok

20:57:53.0890 0428 SwPrv - ok

20:57:53.0921 0428 symc810 - ok

20:57:53.0953 0428 symc8xx - ok

20:57:53.0968 0428 sym_hi - ok

20:57:54.0000 0428 sym_u3 - ok

20:57:54.0031 0428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:57:54.0156 0428 sysaudio - ok

20:57:54.0203 0428 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

20:57:54.0421 0428 SysmonLog - ok

20:57:54.0484 0428 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

20:57:54.0625 0428 TapiSrv - ok

20:57:54.0671 0428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:57:54.0750 0428 Tcpip - ok

20:57:54.0796 0428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:57:54.0953 0428 TDPIPE - ok

20:57:55.0000 0428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:57:55.0187 0428 TDTCP - ok

20:57:55.0234 0428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:57:55.0437 0428 TermDD - ok

20:57:55.0484 0428 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

20:57:55.0625 0428 TermService - ok

20:57:55.0656 0428 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

20:57:55.0671 0428 Themes - ok

20:57:55.0734 0428 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

20:57:55.0843 0428 TlntSvr - ok

20:57:55.0859 0428 TosIde - ok

20:57:55.0906 0428 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

20:57:56.0046 0428 TrkWks - ok

20:57:56.0093 0428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:57:56.0312 0428 Udfs - ok

20:57:56.0328 0428 ultra - ok

20:57:56.0453 0428 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

20:57:56.0578 0428 UMVPFSrv - ok

20:57:56.0625 0428 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe

20:57:56.0687 0428 UMWdf ( UnsignedFile.Multi.Generic ) - warning

20:57:56.0687 0428 UMWdf - detected UnsignedFile.Multi.Generic (1)

20:57:56.0734 0428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:57:56.0937 0428 Update - ok

20:57:57.0000 0428 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

20:57:57.0109 0428 upnphost - ok

20:57:57.0140 0428 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

20:57:57.0343 0428 UPS - ok

20:57:57.0359 0428 USBAAPL - ok

20:57:57.0406 0428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:57:57.0593 0428 usbaudio - ok

20:57:57.0625 0428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:57:57.0796 0428 usbccgp - ok

20:57:57.0828 0428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:57:58.0000 0428 usbehci - ok

20:57:58.0062 0428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:57:58.0265 0428 usbhub - ok

20:57:58.0281 0428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:57:58.0453 0428 usbprint - ok

20:57:58.0468 0428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:57:58.0625 0428 usbscan - ok

20:57:58.0640 0428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:57:58.0796 0428 USBSTOR - ok

20:57:58.0828 0428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:57:59.0000 0428 usbuhci - ok

20:57:59.0031 0428 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

20:57:59.0218 0428 usbvideo - ok

20:57:59.0265 0428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:57:59.0421 0428 VgaSave - ok

20:57:59.0437 0428 ViaIde - ok

20:57:59.0500 0428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:57:59.0656 0428 VolSnap - ok

20:57:59.0718 0428 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

20:57:59.0843 0428 VSS - ok

20:57:59.0875 0428 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

20:58:00.0015 0428 W32Time - ok

20:58:00.0046 0428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:58:00.0250 0428 Wanarp - ok

20:58:00.0250 0428 WDICA - ok

20:58:00.0296 0428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:58:00.0437 0428 wdmaud - ok

20:58:00.0484 0428 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

20:58:00.0656 0428 WebClient - ok

20:58:00.0765 0428 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

20:58:00.0906 0428 winmgmt - ok

20:58:00.0984 0428 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll

20:58:01.0046 0428 WmdmPmSN - ok

20:58:01.0109 0428 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

20:58:01.0171 0428 Wmi - ok

20:58:01.0218 0428 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:58:01.0468 0428 WmiApSrv - ok

20:58:01.0515 0428 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

20:58:01.0640 0428 wscsvc - ok

20:58:01.0687 0428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:58:01.0859 0428 WSTCODEC - ok

20:58:01.0875 0428 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

20:58:02.0046 0428 wuauserv - ok

20:58:02.0109 0428 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

20:58:02.0312 0428 WZCSVC - ok

20:58:02.0359 0428 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

20:58:02.0625 0428 xmlprov - ok

20:58:02.0734 0428 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

20:58:02.0750 0428 YahooAUService - ok

20:58:02.0812 0428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:58:03.0281 0428 \Device\Harddisk0\DR0 - ok

20:58:03.0796 0428 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR5

20:58:03.0937 0428 \Device\Harddisk1\DR5 - ok

20:58:03.0953 0428 Boot (0x1200) (dfe936c282cb31fae10568a60a396eac) \Device\Harddisk0\DR0\Partition0

20:58:03.0953 0428 \Device\Harddisk0\DR0\Partition0 - ok

20:58:04.0000 0428 Boot (0x1200) (00c5144d11ac75516136cf75f342f9fe) \Device\Harddisk0\DR0\Partition1

20:58:04.0000 0428 \Device\Harddisk0\DR0\Partition1 - ok

20:58:04.0015 0428 Boot (0x1200) (06ab50a088143102112db20e332ef7da) \Device\Harddisk1\DR5\Partition0

20:58:04.0031 0428 \Device\Harddisk1\DR5\Partition0 - ok

20:58:04.0031 0428 ============================================================

20:58:04.0031 0428 Scan finished

20:58:04.0031 0428 ============================================================

20:58:04.0156 1700 Detected object count: 12

20:58:04.0156 1700 Actual detected object count: 12

21:25:04.0875 1700 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0875 1700 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0875 1700 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0875 1700 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0890 1700 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0890 1700 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0906 1700 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0906 1700 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0906 1700 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0906 1700 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0921 1700 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0921 1700 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0937 1700 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0937 1700 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0937 1700 MREMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0937 1700 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0937 1700 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0937 1700 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0937 1700 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0937 1700 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0953 1700 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0953 1700 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:25:04.0968 1700 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user

21:25:04.0968 1700 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:26:47.0734 3864 Deinitialize success

Maniac · June 19, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

rusty7jr · June 20, 2012

Below is the attached log from ComboFix. I attached because the document was quite large and thought it would fit better this way:

log - combofix - 061912.txt

Maniac · June 20, 2012

Thanks!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

rusty7jr · June 22, 2012

Below is a result of the ESET scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6042059ffac3524891c4c9c6701157e0

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-22 04:04:04

# local_time=2012-06-22 12:04:04 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776533 42 92 0 7442439 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=132888

# found=2

# cleaned=2

# scan_time=13339

C:\_OTL\MovedFiles\12222010_205636\C_Documents and Settings\Jeremy.JEREMY-95D7C127\Application Data\Mozilla\Firefox\Profiles\w9qiz7c5.default\prefs.js Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\12222010_205636\C_WINDOWS\CouponBarIE.dll probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Maniac · June 22, 2012

How is your system now?

rusty7jr · June 23, 2012

A lot of my items within the start menu are still empty...see the attachment. What do I do to get those back?

screenshot of blank - 062212.bmp

Maniac · June 23, 2012

About these external applications need to manually make shortcuts.

screen317 · June 28, 2012

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Maurice Naggar · June 30, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Windows Recover Virus: Start Menu program shortcuts missing after removal

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information