Jump to content

redirect virus


Recommended Posts

virus is redirecting web pages

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.07.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: JDRNOTEBOOK [administrator]

Protection: Enabled

1/7/2013 3:13:05 PM

mbam-log-2013-01-07 (15-13-05).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 348232

Time elapsed: 1 hour(s), 19 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 17:42:03 on 2013-01-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.1978 [GMT -8:00]

.

AV: TELUS security services Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: TELUS security services Firewall *Enabled*

.

============== Running Processes ================

.

C:\Program Files\TELUS\TELUS security services\Fws.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\o2flash.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TELUS\TELUS security services\rps.exe

C:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Softex\OmniPass\scureapp.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe

C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe

C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe

C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\TELUS\TELUS security advisor\Tsa.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://service1.symantec.com/support/tsgeninfo.nsf/docid/2005071512012139

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [indicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe

mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe

mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe

mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe

mRun: [sSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe

mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\fjdvrupd.exe

mRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exe

mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground

mRun: [WatcherHelper] "c:\program files\sierra wireless inc\watcher\WaHelper.exe"

mRun: [EPSON_UD_START] "c:\program files\epson projector\epson usb display v1.4\EMP_UD.exe" -UDCONNECT

mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveAutoRun = dword:16

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214084715500

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355272027468

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254 75.153.176.9

TCP: Interfaces\{910C4504-73A4-466E-8141-CEE63059D8A9} : DHCPNameServer = 192.168.1.254 75.153.176.9

Notify: igfxcui - igfxdev.dll

Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\39j5oo2s.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

FF - plugin: c:\program files\telus\telus security advisor\nprpspa.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2007-4-24 10496]

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-4-24 7168]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-11-19 25608]

R2 EMP_UDSA;EMP_UDSA;c:\program files\epson projector\epson usb display v1.4\EMP_UDSA.exe [2010-7-21 94208]

R2 FJSPA;FJSPA;c:\program files\fujitsu\fjspa\FJSPA.sys [2006-12-7 17712]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-7 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-7 682344]

R2 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2010-6-2 166944]

R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\telus\telus security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-19 5832712]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]

R2 ServicepointService;ServicepointService;c:\program files\telus\telus security advisor\ServicepointService.exe [2011-1-20 689464]

R2 wwanSvc;wwanSvc;c:\program files\sony ericsson\sony ericsson md400 wireless modem\wwanSvc.exe [2008-10-14 106496]

R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2010-7-21 17664]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-4-24 4864]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-24 35968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-7 21104]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2006-3-7 92550]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-11-19 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-11-19 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\telus\telus security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-11-19 25736]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-2-23 76576]

S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]

S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\system32\drivers\FjGenIo.sys [2008-6-21 7680]

S3 jbridgep;jbridgep;\??\c:\docume~1\admini~1\locals~1\temp\jbridgep.sys --> c:\docume~1\admini~1\locals~1\temp\jbridgep.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\drivers\seu3bus.sys [2011-12-2 307200]

.

=============== Created Last 30 ================

.

2013-01-07 23:10:35 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2013-01-07 23:10:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-01-07 23:10:23 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-07 23:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2013-01-08 00:50:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-08 00:50:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-28 19:07:46 131072 --sha-r- c:\windows\system32\usrcntra2.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 17:48:33.78 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/21/2008 1:44:34 PM

System Uptime: 1/7/2013 5:06:19 PM (0 hours ago)

.

Motherboard: FUJITSU | | FJNB1CF

Processor: Intel Pentium III Xeon processor | Onboard | 2094/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 92 GiB total, 30.901 GiB free.

D: is FIXED (NTFS) - 1 GiB total, 1.115 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 11/28/2012 3:42:36 PM - System Checkpoint

RP2: 12/11/2012 4:34:06 PM - Software Distribution Service 3.0

RP3: 12/11/2012 8:10:17 PM - Printer Driver CutePDF Writer Installed

RP4: 12/14/2012 8:35:57 AM - System Checkpoint

RP5: 12/17/2012 5:29:41 PM - System Checkpoint

RP6: 12/21/2012 9:00:32 AM - Software Distribution Service 3.0

RP7: 12/23/2012 12:35:25 PM - System Checkpoint

RP8: 12/28/2012 10:20:10 AM - Software Distribution Service 3.0

RP9: 12/29/2012 6:34:14 PM - System Checkpoint

RP10: 1/5/2013 6:19:36 PM - Software Distribution Service 3.0

RP11: 1/7/2013 12:50:42 PM - System Checkpoint

.

==== Installed Programs ======================

.

20-20 Design Version 9.0

20-20 Multimedia Product Guide

20-20 Version 8.1

Acrobat.com

Ad-Aware Browsing Protection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Agere Systems HDA Modem

Apple Application Support

Apple Software Update

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 7.1

BlackBerry Device Software Updater

Bluetooth Stack for Windows by Toshiba

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 3.0

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EPSON USB Display

EverNote

Fingerprint Sensor Minimum Install

Fujitsu Display Manager

Fujitsu Driver Update

Fujitsu Hotkey Utility

Fujitsu System Extension Utility

Fujitsu WebCam Driver (32-bit)

Garmin City Navigator North America NT 2010.40

Garmin Lifetime Updater

Garmin USB Drivers

Garmin WebUpdater

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP LaserJet P1500 series

HPCarePackProducts

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

Java Auto Updater

Java™ 6 Update 31

LifeBook Application Panel

Malwarebytes Anti-Malware version 1.70.0.1100

mCore

mDriver

mDrWiFi

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft English TTS Engine

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access database engine 2007 (English)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Publisher 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Windows Journal Viewer

Microsoft WSE 3.0 Runtime

mIWA

mLogView

mMHouse

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

mSCfg

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MSXML 6.0 Parser (KB927977)

mWlsSafe

mZConfig

O2Micro Flash Memory Card Windows Driver

O2Micro Smartcard Driver

OmniPass

PerfectDisk 10 Professional

PowerDVD

QuickTime

Realtek High Definition Audio Driver

RPS CRT

RPS PerfectDiskStub

RPS RpsCore

SAPI Wrapper

Security Panel

Security Panel Application

Security Panel Application for Supervisor

Security Panel for Supervisor

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentinel Protection Installer 7.5.0

Shock Sensor Utility

Sierra Wireless Watcher

Sony Ericsson MD400 Wireless Modem

Sony Ericsson Wireless Manager 5

Synaptics Pointing Device Driver

TELUS security advisor 3.7.44

TELUS security services

TTS Wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Winamp

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see KB887626 for more information]

Windows Media Player 11

Windows PowerShell™ 1.0

Windows Search 4.0

Windows XP Service Pack 3

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

1/7/2013 11:54:32 AM, error: Print [6161] - The document DOCUMENT-2020 owned by Administrator failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 530644. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\JDRNOTEBOOK. Win32 error code returned by the print processor: 6 (0x6).

1/5/2013 4:45:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

1/5/2013 12:07:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Please run the following:

Download ComboFix from the following location:

Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cfRC_screen_2.png

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Link to post
Share on other sites

ComboFix 13-01-08.01 - Administrator 01/08/2013 7:40.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.1828 [GMT -8:00]

Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

AV: TELUS security services Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: TELUS security services Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

C:\install.exe

C:\prefs.js

c:\windows\~GLC0000.TMP

c:\windows\~GLH0000.TMP

c:\windows\system32\AegisI5Installer.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-07 23:10 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-07 18:57 . 2013-01-07 18:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2013-01-07 18:57 . 2013-01-07 18:57 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 00:50 . 2012-04-10 20:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-08 00:50 . 2011-12-07 00:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2007-04-24 16:57 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2007-04-24 16:59 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2007-04-24 16:57 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2007-04-24 16:59 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2007-04-24 16:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2007-04-24 16:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2007-04-24 16:58 385024 ----a-w- c:\windows\system32\html.iec

2012-11-29 08:27 . 2013-01-07 18:57 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-09 794713]

"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-07-13 90112]

"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]

"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-01 242688]

"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-01 61440]

"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 233472]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]

"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-23 252704]

"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]

"TELUS_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2008-02-25 1468256]

"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-03-09 554264]

"WatcherHelper"="c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-04-20 53248]

"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2008-05-22 329632]

"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-04-26 21:52 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-03-09 15:49 37888 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe"=

"c:\\Program Files\\Sierra Wireless Inc\\Watcher\\TRUUpdater.exe"= c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\TRUUpdater.exe

"c:\\Program Files\\TELUS\\TELUS security advisor\\ServicepointService.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [4/24/2007 10:20 AM 10496]

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [4/24/2007 10:34 AM 7168]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/3/2006 12:23 PM 36640]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/12/2006 10:47 AM 33152]

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/19/2010 12:39 PM 25608]

R2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [7/21/2010 6:55 AM 94208]

R2 FJSPA;FJSPA;c:\program files\Fujitsu\FJSPA\FJSPA.sys [12/7/2006 4:18 PM 17712]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/7/2013 3:10 PM 398184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2013 3:10 PM 682344]

R2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [6/2/2010 6:05 PM 166944]

R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [11/19/2010 12:39 PM 5832712]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 12:02 AM 328992]

R2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [1/20/2011 11:55 AM 689464]

R2 wwanSvc;wwanSvc;c:\program files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe [10/14/2008 3:47 PM 106496]

R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [7/21/2010 6:55 AM 17664]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [4/24/2007 9:05 AM 4864]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/24/2007 9:03 AM 35968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2013 3:10 PM 21104]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [3/7/2006 9:44 PM 92550]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [11/19/2010 12:39 PM 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [11/19/2010 12:39 PM 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [11/19/2010 12:39 PM 25736]

S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2/23/2007 2:20 AM 76576]

S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 12:20 AM 3872]

S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\system32\drivers\FjGenIo.sys [6/21/2008 12:55 PM 7680]

S3 jbridgep;jbridgep;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\jbridgep.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\drivers\seu3bus.sys [12/2/2011 10:48 AM 307200]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - B501CF86

*Deregistered* - b501cf86

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan sysagent

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 00:50]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 13:59]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 13:59]

.

2013-01-08 c:\windows\Tasks\laqvkdwlk.job

- c:\windows\system32\usrcntra2.dll [2012-11-28 19:07]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.ca/

uInternet Connection Wizard,ShellNext = hxxp://service1.symantec.com/support/tsgeninfo.nsf/docid/2005071512012139

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: columbiacabinetsonline.com\www

TCP: DhcpNameServer = 192.168.1.254 75.153.176.9

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39j5oo2s.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-08 07:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3040798117-963229085-1258864297-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,0f,6b,a2,8b,b8,53,46,9c,e8,29,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,0f,6b,a2,8b,b8,53,46,9c,e8,29,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,d6,08,96,d7,5e,d4,48,ab,16,49,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,d6,08,96,d7,5e,d4,48,ab,16,49,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,d6,08,96,d7,5e,d4,48,ab,16,49,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1440)

c:\program files\Softex\OmniPass\opxpgina.dll

.

Completion time: 2013-01-08 07:50:59

ComboFix-quarantined-files.txt 2013-01-08 15:50

.

Pre-Run: 33,022,828,544 bytes free

Post-Run: 47,805,366,272 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 19A130ADEBA4C3BD3C9EAA74DA7A3747

Link to post
Share on other sites

  • Staff

there is a file I'd like to collect for analysis, so please run the following script (make sure you are connected to the internet so the file will be automatically uploaded)

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.malwarebytes.org/index.php?showtopic=120644&pid=631627&st=0entry631627

Collect::
c:\windows\system32\usrcntra2.dll

File::
c:\windows\Tasks\laqvkdwlk.job

Driver::
jbridgep

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Link to post
Share on other sites

ComboFix 13-01-08.01 - Administrator 01/08/2013 13:39:23.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2486 [GMT -8:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.htm

AV: TELUS security services Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: TELUS security services Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

.

FILE ::

"c:\windows\Tasks\laqvkdwlk.job"

.

file zipped: c:\windows\system32\usrcntra2.dll

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\usrcntra2.dll

c:\windows\Tasks\laqvkdwlk.job

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_JBRIDGEP

-------\Service_jbridgep

.

.

((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))

.

.

2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-07 23:10 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-07 18:57 . 2013-01-07 18:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2013-01-07 18:57 . 2013-01-07 18:57 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 00:50 . 2012-04-10 20:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-08 00:50 . 2011-12-07 00:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2007-04-24 16:57 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2007-04-24 16:59 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2007-04-24 16:57 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2007-04-24 16:59 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2007-04-24 16:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2007-04-24 16:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2007-04-24 16:58 385024 ----a-w- c:\windows\system32\html.iec

2012-11-29 08:27 . 2013-01-07 18:57 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-09 794713]

"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-07-13 90112]

"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]

"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-11-01 242688]

"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-01 61440]

"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-07-22 233472]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]

"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]

"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-23 252704]

"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]

"TELUS_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2008-02-25 1468256]

"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-03-09 554264]

"WatcherHelper"="c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-04-20 53248]

"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2008-05-22 329632]

"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-04-26 21:52 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-03-09 15:49 37888 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe"=

"c:\\Program Files\\Sierra Wireless Inc\\Watcher\\TRUUpdater.exe"= c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\TRUUpdater.exe

"c:\\Program Files\\TELUS\\TELUS security advisor\\ServicepointService.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [4/24/2007 10:20 AM 10496]

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [4/24/2007 10:34 AM 7168]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/3/2006 12:23 PM 36640]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/12/2006 10:47 AM 33152]

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/19/2010 12:39 PM 25608]

R2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [7/21/2010 6:55 AM 94208]

R2 FJSPA;FJSPA;c:\program files\Fujitsu\FJSPA\FJSPA.sys [12/7/2006 4:18 PM 17712]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/7/2013 3:10 PM 398184]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2013 3:10 PM 682344]

R2 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [6/2/2010 6:05 PM 166944]

R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [11/19/2010 12:39 PM 5832712]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 12:02 AM 328992]

R2 ServicepointService;ServicepointService;c:\program files\TELUS\TELUS security advisor\ServicepointService.exe [1/20/2011 11:55 AM 689464]

R2 wwanSvc;wwanSvc;c:\program files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe [10/14/2008 3:47 PM 106496]

R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [7/21/2010 6:55 AM 17664]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [4/24/2007 9:05 AM 4864]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/24/2007 9:03 AM 35968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2013 3:10 PM 21104]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [3/7/2006 9:44 PM 92550]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [11/19/2010 12:39 PM 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [11/19/2010 12:39 PM 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [11/19/2010 12:39 PM 25736]

S2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2/23/2007 2:20 AM 76576]

S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 12:20 AM 3872]

S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\system32\drivers\FjGenIo.sys [6/21/2008 12:55 PM 7680]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\drivers\seu3bus.sys [12/2/2011 10:48 AM 307200]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - A530DA12

*Deregistered* - a530da12

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan sysagent

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 00:50]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 13:59]

.

2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 13:59]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.ca/

uInternet Connection Wizard,ShellNext = hxxp://service1.symantec.com/support/tsgeninfo.nsf/docid/2005071512012139

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: columbiacabinetsonline.com\www

TCP: DhcpNameServer = 192.168.1.254 75.153.176.9

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39j5oo2s.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-08 13:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3040798117-963229085-1258864297-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,0f,6b,a2,8b,b8,53,46,9c,e8,29,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,0f,6b,a2,8b,b8,53,46,9c,e8,29,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,d6,08,96,d7,5e,d4,48,ab,16,49,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,d6,08,96,d7,5e,d4,48,ab,16,49,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8e,d6,08,96,d7,5e,d4,48,ab,16,49,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1856)

c:\program files\Softex\OmniPass\opxpgina.dll

.

- - - - - - - > 'explorer.exe'(2992)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\xpsp3res.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\TELUS\TELUS security services\Fws.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\o2flash.exe

c:\program files\Softex\OmniPass\Omniserv.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Fingerprint Sensor\ATSwpNav.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2013-01-08 14:01:59 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-08 22:01

ComboFix2.txt 2013-01-08 15:51

.

Pre-Run: 47,868,628,992 bytes free

Post-Run: 47,708,815,360 bytes free

.

- - End Of File - - 8A3CC00921ABA23F852192DDB95F02CC

Link to post
Share on other sites

  • Staff

it doesn't appear that the file uploaded, please do the following:

Please open this link HERE in a new window.

In the box marked Link to topic where this file was requested: please paste in the following text


http://forums.malwarebytes.org/index.php?showtopic=120644&view=findpost&p=631783

Click the Browse button and navigate to C:\Qoobox\Quarantine

There should be a zip file there called [4]-Submit_****-**-**_**.**.**.zip ( the * denotes Date and Time stamp )

Select this file and click Open

In the Largest box please put


File Requested By CatByte
Failed Collect::

Finally click SendFile

Please return here and let me know when that file has been uploaded.

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Microsoft Windows XP x86

Ran by Administrator on Tue 01/08/2013 at 19:20:25.53

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\adawarebp"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 01/08/2013 at 19:37:34.28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 19:50:07

# Updated 08/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - JDRNOTEBOOK

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\39j5oo2s.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s2].txt - [1079 octets] - [08/01/2013 19:50:07]

########## EOF - C:\AdwCleaner[s2].txt - [1139 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.09.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: JDRNOTEBOOK [administrator]

Protection: Enabled

1/8/2013 7:58:18 PM

mbam-log-2013-01-08 (19-58-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205210

Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

that's good to hear, the items in ESET are in quarantine or an old system restore point, which we will clear up at the end when we uninstall the tools.

please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

javaicon.jpg

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u10
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

Please let me know if there are any outstanding issues

Link to post
Share on other sites

  • Staff

they didn't attach

please run the following:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    BASESERVICES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Link to post
Share on other sites

OTL logfile created on: 1/9/2013 5:49:28 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.29% Memory free

5.08 Gb Paging File | 3.87 Gb Available in Paging File | 76.12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 92.00 Gb Total Space | 42.67 Gb Free Space | 46.38% Space Free | Partition Type: NTFS

Drive D: | 1.16 Gb Total Space | 1.11 Gb Free Space | 96.38% Space Free | Partition Type: NTFS

Computer Name: JDRNOTEBOOK | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/09 17:48:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2013/01/09 08:29:17 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/06/04 08:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

PRC - [2011/11/02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/12/15 18:20:28 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe

PRC - [2010/12/15 18:20:22 | 004,318,520 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS security advisor\Tsa.exe

PRC - [2010/12/15 18:20:22 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exe

PRC - [2010/06/02 18:05:48 | 000,166,944 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe

PRC - [2010/06/02 18:05:46 | 000,650,008 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS security services\RPS.exe

PRC - [2010/06/02 18:04:48 | 000,382,208 | ---- | M] (TELUS) -- C:\Program Files\TELUS\TELUS security services\Fws.exe

PRC - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe

PRC - [2009/04/20 09:48:42 | 000,053,248 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe

PRC - [2009/03/09 14:07:04 | 000,554,264 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe

PRC - [2008/10/14 15:47:36 | 000,106,496 | R--- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

PRC - [2008/07/11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

PRC - [2008/07/11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

PRC - [2008/05/28 12:19:10 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe

PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/25 07:22:54 | 001,468,256 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe

PRC - [2007/09/10 14:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2007/03/06 15:47:02 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/03/06 15:44:48 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/03/06 15:40:30 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2007/02/23 02:20:14 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

PRC - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2006/11/17 14:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

PRC - [2006/07/21 17:10:08 | 000,233,472 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

PRC - [2006/07/12 16:43:28 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

PRC - [2006/04/26 14:13:12 | 001,908,736 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe

PRC - [2006/04/26 14:09:16 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe

PRC - [2006/04/26 13:46:20 | 000,014,848 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe

PRC - [2005/11/18 01:44:08 | 000,303,104 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe

PRC - [2005/11/04 01:35:18 | 001,052,672 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

PRC - [2005/11/01 10:11:56 | 000,242,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

PRC - [2005/11/01 10:06:36 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

PRC - [2005/09/13 14:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\o2flash.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/09 10:57:06 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll

MOD - [2013/01/09 10:57:05 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll

MOD - [2013/01/09 08:44:39 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll

MOD - [2013/01/09 08:44:30 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll

MOD - [2013/01/09 08:44:26 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\471ffd2d91c4e06f89c84c93cfeddedf\PresentationFramework.Classic.ni.dll

MOD - [2013/01/09 08:44:23 | 000,739,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\b8cef9be9e5e7e9c533b639c9ef6dfe8\System.Security.ni.dll

MOD - [2013/01/09 08:44:14 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll

MOD - [2013/01/09 08:44:09 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll

MOD - [2013/01/09 08:43:59 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll

MOD - [2013/01/09 08:43:50 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll

MOD - [2013/01/09 08:43:49 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll

MOD - [2013/01/09 08:43:43 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll

MOD - [2013/01/09 08:43:33 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll

MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

MOD - [2011/06/22 10:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

MOD - [2011/05/26 19:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL

MOD - [2010/12/15 18:11:34 | 000,158,208 | ---- | M] () -- C:\Program Files\TELUS\TELUS security advisor\Windows7Features.dll

MOD - [2009/11/06 12:53:08 | 000,202,752 | ---- | M] () -- C:\Program Files\TELUS\TELUS security services\BitDefender\smartscn.dll

MOD - [2009/11/02 16:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll

MOD - [2009/11/02 16:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll

MOD - [2009/10/23 14:25:54 | 000,225,280 | ---- | M] () -- C:\Program Files\TELUS\TELUS security services\BitDefender\bdfltlib.dll

MOD - [2009/03/09 13:59:24 | 000,218,392 | ---- | M] () -- C:\Program Files\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll

MOD - [2008/10/14 15:47:36 | 000,106,496 | R--- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll

MOD - [2007/03/06 15:40:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/10/17 16:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll

MOD - [2006/04/26 14:13:34 | 000,025,024 | ---- | M] () -- C:\Program Files\Softex\OmniPass\hdddrv.dll

MOD - [2006/04/26 14:13:12 | 001,908,736 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scureapp.exe

MOD - [2006/04/26 14:08:24 | 000,307,200 | ---- | M] () -- C:\Program Files\Softex\OmniPass\userdata.dll

MOD - [2006/04/26 14:08:12 | 000,888,832 | ---- | M] () -- C:\Program Files\Softex\OmniPass\autheng.dll

MOD - [2006/04/26 14:07:58 | 000,364,544 | ---- | M] () -- C:\Program Files\Softex\OmniPass\storeng.dll

MOD - [2006/04/26 13:52:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll

MOD - [2006/04/26 13:46:20 | 000,014,848 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe

MOD - [2006/04/26 13:43:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\scuredll.dll

MOD - [2006/04/26 13:43:46 | 000,110,592 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll

MOD - [2006/04/26 13:43:04 | 000,012,288 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll

MOD - [2006/04/26 13:42:46 | 000,010,752 | ---- | M] () -- C:\Program Files\Softex\OmniPass\SSPLogon.dll

MOD - [2006/04/26 13:14:08 | 002,188,224 | ---- | M] () -- C:\Program Files\Softex\OmniPass\sftxtgp.dll

MOD - [1998/05/20 23:04:10 | 000,007,168 | ---- | M] () -- C:\Program Files\Fujitsu\fjdvrupd\ADVNTLIB.DLL

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/01/09 08:29:17 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/01/07 16:50:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/29 00:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010/12/15 18:20:28 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe -- (ServicepointService)

SRV - [2010/11/19 15:45:04 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\TELUS\TELUS security services\BitDefender\scan.dll -- (scan)

SRV - [2010/06/02 18:05:48 | 000,166,944 | ---- | M] (TELUS) [Auto | Running] -- C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)

SRV - [2010/06/02 18:04:48 | 000,382,208 | ---- | M] (TELUS) [Auto | Running] -- C:\Program Files\TELUS\TELUS security services\Fws.exe -- (RP_FWS)

SRV - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)

SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)

SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)

SRV - [2008/10/14 15:47:36 | 000,106,496 | R--- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe -- (wwanSvc)

SRV - [2008/07/11 06:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2008/07/11 00:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)

SRV - [2008/05/28 12:19:10 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA)

SRV - [2007/02/23 02:23:40 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/02/23 02:20:48 | 000,076,576 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe -- (LvIBTSvr)

SRV - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2006/04/26 14:09:16 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)

SRV - [2005/09/13 14:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (o2flash)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)

DRV - File not found [File_System | System | Stopped] -- -- (StarOpen)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/19 12:38:45 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)

DRV - [2009/11/26 10:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\TELUS\TELUS security services\BitDefender\trufos.sys -- (Trufos)

DRV - [2009/11/26 10:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\TELUS\TELUS security services\BitDefender\profos.sys -- (Profos)

DRV - [2009/11/02 16:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)

DRV - [2009/11/02 16:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)

DRV - [2009/11/02 16:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\TELUS\TELUS security services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)

DRV - [2009/11/02 16:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)

DRV - [2009/10/23 14:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)

DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2009/02/27 15:51:40 | 000,171,400 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00)

DRV - [2009/02/27 15:51:36 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00)

DRV - [2008/09/16 14:18:32 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2008/08/13 11:52:32 | 000,307,200 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seu3bus.sys -- (seu3bus)

DRV - [2008/07/11 06:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)

DRV - [2008/07/11 06:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)

DRV - [2008/05/14 19:06:06 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMP_UDAU.sys -- (eppvad_simple)

DRV - [2007/11/16 17:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/16 17:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2007/04/24 10:34:24 | 000,007,168 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FJGSDisk.sys -- (FJGSDisk)

DRV - [2007/04/02 01:30:28 | 002,204,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2007/03/01 00:27:26 | 004,484,608 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/02/23 02:21:24 | 001,952,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/02/07 02:59:06 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2007/02/07 02:58:50 | 001,939,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2007/02/07 02:57:50 | 000,066,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2007/01/24 13:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2007/01/22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2007/01/12 20:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007/01/12 20:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)

DRV - [2006/12/08 07:20:30 | 000,007,680 | R--- | M] (Fujitsu Computer Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FjGenIo.sys -- (FjGenIo)

DRV - [2006/12/07 16:18:40 | 000,017,712 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\FJSPA\FJSPA.sys -- (FJSPA)

DRV - [2006/11/20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2006/10/12 10:47:16 | 000,033,152 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)

DRV - [2006/10/10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2006/10/03 12:23:50 | 000,036,640 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)

DRV - [2006/06/28 20:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/03/30 14:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)

DRV - [2006/03/07 21:44:00 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (OZSCR)

DRV - [2006/01/11 00:21:54 | 000,010,496 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FJGPNV.SYS -- (FJGPNV)

DRV - [2005/11/01 10:06:36 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)

DRV - [2005/08/01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2005/06/09 20:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2005/01/06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2004/01/17 03:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)

DRV - [2002/06/20 17:45:44 | 000,013,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)

DRV - [2002/06/20 17:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2002/06/20 17:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2002/06/20 17:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2002/06/20 17:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2001/08/17 04:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/01 04:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)

DRV - [1999/11/18 00:20:00 | 000,003,872 | ---- | M] (FUJITSU LIMITED.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADVNTDRV.SYS -- (ADVNTDRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\..\SearchScopes\{7BE19EC8-85B5-40C0-B127-D398D4A98D16}: "URL" =

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\..\SearchScopes\{917B7E5D-14C5-42E0-9D76-CFB517A05A4D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=A3265F3F-2165-41D2-B5F8-640B56A9A9CB&apn_sauid=BAD635E5-F0B7-45A0-AE9E-B99E4138E0FF

IE - HKU\S-1-5-21-3040798117-963229085-1258864297-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\TELUS\TELUS security advisor\nprpspa.dll (TELUS)

FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/07 10:57:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/07 10:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2013/01/07 10:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/08 13:51:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)

O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)

O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)

O4 - HKLM..\Run: [Tsa.exe] C:\Program Files\TELUS\TELUS security advisor\Tsa.exe (TELUS)

O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\Watcher\WaHelper.exe (Sierra Wireless Inc.)

O4 - HKLM..\RunOnce: [indexCleaner] C:\Program Files\TELUS\TELUS security services\IdxClnR.exe (TELUS)

O4 - HKU\S-1-5-21-3040798117-963229085-1258864297-500..\RunOnce: [indexCleaner] C:\Program Files\TELUS\TELUS security services\IdxClnR.exe (TELUS)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3040798117-963229085-1258864297-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)

O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)

O15 - HKU\S-1-5-21-3040798117-963229085-1258864297-500\..Trusted Domains: columbiacabinetsonline.com ([www] http in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)

O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214084715500 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355272027468 (MUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{910C4504-73A4-466E-8141-CEE63059D8A9}: DhcpNameServer = 192.168.1.254 75.153.176.9

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/04/24 09:16:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (PDBoot.exe)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

%SYSTEMDRIVE%\$RECYCLE.BIN|@;TRUE;TRUE;TRUE /FP DRIVES BASESERVICES CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/09 17:48:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/01/09 14:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth

[2013/01/09 08:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun

[2013/01/09 08:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/01/09 08:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2013/01/08 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/01/08 19:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/01/08 19:20:15 | 000,000,000 | ---D | C] -- C:\JRT

[2013/01/08 16:07:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/01/08 07:38:23 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/01/08 07:35:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/01/07 15:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2013/01/07 15:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/07 15:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/01/07 15:10:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/01/07 15:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/07 15:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2013/01/07 10:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2013/01/07 10:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2013/01/07 10:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013/01/07 10:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/12/12 16:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Home Show FINAL PLANS

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/09 17:48:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/01/09 17:44:39 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk

[2013/01/09 17:41:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/01/09 17:39:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/09 17:39:54 | 3479,486,464 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/09 17:39:54 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/01/09 17:15:53 | 001,262,022 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show rendering.bmp

[2013/01/09 17:15:48 | 000,022,820 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show rendering.pdf

[2013/01/09 16:36:26 | 000,013,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show 2013 FLOOR PLAN Walls.pdf

[2013/01/09 16:25:48 | 000,048,297 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 4 reverse TV.JPG

[2013/01/09 15:14:35 | 000,015,898 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error report details Quicktime.JPG

[2013/01/09 14:09:16 | 000,014,762 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error report contents.JPG

[2013/01/09 14:07:01 | 000,046,065 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error report details.JPG

[2013/01/09 14:04:18 | 000,043,116 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\error report.JPG

[2013/01/09 09:19:18 | 000,087,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Eco-Arc Halogen 25W, Black - 11022900.pdf

[2013/01/09 08:58:30 | 000,069,041 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show misc parts order.pdf

[2013/01/09 08:53:41 | 000,009,070 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ISLAND countertop.pdf

[2013/01/09 08:51:54 | 000,529,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/09 08:51:54 | 000,096,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/09 08:02:28 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2013/01/09 08:01:38 | 000,327,338 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum 4.pdf

[2013/01/08 19:48:14 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe

[2013/01/08 19:13:45 | 000,278,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum 3.pdf

[2013/01/08 19:00:55 | 000,047,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 4 MERCHANDISER.JPG

[2013/01/08 18:46:03 | 000,059,289 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 2 MODERN.JPG

[2013/01/08 18:41:36 | 000,082,669 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 3 HUTCH.JPG

[2013/01/08 17:36:56 | 000,065,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 1 MODERN.JPG

[2013/01/08 16:06:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/01/08 13:51:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/01/08 13:24:56 | 000,225,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum 2.pdf

[2013/01/08 07:38:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/01/08 07:33:46 | 000,175,875 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum.pdf

[2013/01/07 17:10:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/07 15:10:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/07 10:57:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/01/05 16:35:08 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fwd Port Coquitlam Cabinet Shop.msg

[2013/01/05 16:33:26 | 000,207,193 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Home Show rendering.JPG

[2013/01/05 15:10:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\FUJITSU_AZ7AG1E506B52032_WXPPRO.MKR

[2013/01/05 15:10:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\FUJITSU_AZ7AG1E506B52032_WXPPRO.MKR

[2013/01/03 21:48:30 | 000,029,489 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Okanagan PROSPECTING.pdf

[2013/01/03 21:01:12 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SASKATOON Tait Kitchens.msg

[2013/01/03 20:52:09 | 000,038,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lee Fireplace revised quote 3 Jan 13.pdf

[2013/01/03 20:16:24 | 000,123,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lee Fireplace dimensioned.pdf

[2013/01/03 20:16:09 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Re FW Lee Cabinetry.msg

[2013/01/03 08:28:09 | 000,053,869 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\B&B Chris Quotation.pdf

[2013/01/03 07:54:48 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Name Request Results from Corporate Registry.msg

[2013/01/03 07:07:06 | 000,037,201 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Momentum Lee fireplace QUOTE.pdf

[2013/01/03 06:51:57 | 000,352,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chris Layout 2.pdf

[2013/01/03 06:49:13 | 000,110,651 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Gildenstern.PDF

[2013/01/03 06:48:42 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Westjet New Year's sale.msg

[2012/12/28 11:45:39 | 000,071,133 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lee Updated Drawings.pdf

[2012/12/28 10:24:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/12/19 16:11:34 | 000,169,006 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Incorporating in BC.pdf

[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/12/13 15:30:46 | 000,025,585 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\A start on the Columbia Showroom display.jpg

[2012/12/13 15:30:29 | 000,385,849 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\photo.JPG

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/09 17:09:21 | 000,022,820 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show rendering.pdf

[2013/01/09 16:36:25 | 000,013,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show 2013 FLOOR PLAN Walls.pdf

[2013/01/09 16:25:47 | 000,048,297 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 4 reverse TV.JPG

[2013/01/09 15:14:34 | 000,015,898 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error report details Quicktime.JPG

[2013/01/09 14:09:16 | 000,014,762 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error report contents.JPG

[2013/01/09 14:06:33 | 000,046,065 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error report details.JPG

[2013/01/09 14:03:58 | 000,043,116 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\error report.JPG

[2013/01/09 09:19:17 | 000,087,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Eco-Arc Halogen 25W, Black - 11022900.pdf

[2013/01/09 08:58:29 | 000,069,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show misc parts order.pdf

[2013/01/09 08:51:37 | 000,009,070 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ISLAND countertop.pdf

[2013/01/09 08:02:28 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2013/01/09 08:02:28 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2013/01/09 08:01:28 | 000,327,338 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum 4.pdf

[2013/01/08 19:48:11 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe

[2013/01/08 19:13:42 | 000,278,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum 3.pdf

[2013/01/08 19:00:54 | 000,047,248 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 4 MERCHANDISER.JPG

[2013/01/08 18:41:36 | 000,082,669 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 3 HUTCH.JPG

[2013/01/08 17:58:34 | 000,059,289 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 2 MODERN.JPG

[2013/01/08 17:31:42 | 000,065,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show Booth wall 1 MODERN.JPG

[2013/01/08 13:24:54 | 000,225,285 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum 2.pdf

[2013/01/08 07:38:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/01/08 07:38:27 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/01/08 07:33:42 | 000,175,875 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\redirect virus - Malwarebytes Forum.pdf

[2013/01/07 15:10:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/07 10:57:22 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/01/07 10:57:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2013/01/05 16:35:08 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fwd Port Coquitlam Cabinet Shop.msg

[2013/01/05 15:40:05 | 000,207,193 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show rendering.JPG

[2013/01/05 13:29:30 | 001,262,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Home Show rendering.bmp

[2013/01/03 21:48:29 | 000,029,489 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Okanagan PROSPECTING.pdf

[2013/01/03 21:01:12 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SASKATOON Tait Kitchens.msg

[2013/01/03 20:34:59 | 000,038,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lee Fireplace revised quote 3 Jan 13.pdf

[2013/01/03 20:16:24 | 000,123,481 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lee Fireplace dimensioned.pdf

[2013/01/03 20:16:09 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Re FW Lee Cabinetry.msg

[2013/01/03 08:28:06 | 000,053,869 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\B&B Chris Quotation.pdf

[2013/01/03 07:54:48 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Name Request Results from Corporate Registry.msg

[2013/01/03 07:07:03 | 000,037,201 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Momentum Lee fireplace QUOTE.pdf

[2013/01/03 06:51:57 | 000,352,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chris Layout 2.pdf

[2013/01/03 06:49:13 | 000,110,651 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Gildenstern.PDF

[2013/01/03 06:48:42 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Westjet New Year's sale.msg

[2012/12/28 11:45:39 | 000,071,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lee Updated Drawings.pdf

[2012/12/19 16:11:29 | 000,169,006 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Incorporating in BC.pdf

[2012/12/13 15:30:12 | 000,385,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\photo.JPG

[2012/02/15 15:12:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/23 07:07:43 | 000,879,558 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3040798117-963229085-1258864297-500-0.dat

[2011/11/22 07:09:52 | 000,295,766 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2010/11/19 19:30:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2010/06/15 07:52:30 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Administrator\pool.bin

[2009/03/07 16:58:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2007/04/24 09:33:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 00:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/16 13:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop

[2009/05/27 07:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/10/18 16:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics

[2012/07/26 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN

[2010/09/08 08:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion

[2010/01/12 10:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless

[2010/11/19 15:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TELUS

[2009/03/17 11:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search

[2009/04/15 13:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search

[2011/11/20 18:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2012/06/06 12:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software

[2009/02/10 12:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless

[2012/10/06 06:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2010/09/08 08:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2010/11/19 12:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS

[2012/06/06 10:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe

[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe

[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

[2004/08/04 04:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >

[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe

[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe

[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe

[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction

[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 1/9/2013 5:49:28 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.29% Memory free

5.08 Gb Paging File | 3.87 Gb Available in Paging File | 76.12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 92.00 Gb Total Space | 42.67 Gb Free Space | 46.38% Space Free | Partition Type: NTFS

Drive D: | 1.16 Gb Total Space | 1.11 Gb Free Space | 96.38% Space Free | Partition Type: NTFS

Computer Name: JDRNOTEBOOK | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3040798117-963229085-1258864297-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer

"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer

"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)

"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Sierra Wireless Inc\Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files\Sierra Wireless Inc\Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)

"C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe" = C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)

"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote

"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package

"{0A63D896-12F1-409C-A26C-47500CF31DF4}" = 20-20 Version 8.1

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater

"{1630DB4A-3FCE-4C52-AB7A-E8A9A3A7D86B}" = 20-20 Version 8.1

"{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel Application for Supervisor

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT

"{21E35658-6496-46D9-908F-36310F5B2047}" = 20-20 Version 8.1

"{2390A3F7-A334-46BF-B3BC-324C9679CE0F}" = 20-20 Design Version 9.0

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29B2043C-EACC-4E58-97EE-70C30FD68202}" = 20-20 Version 8.1

"{2C42B80A-82CE-4BBD-B51D-7C597C3B7C40}" = 20-20 Version 8.1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{404D2B62-75DD-4E8A-9C04-AAC81A756FE9}" = Fujitsu Hotkey Utility

"{41D60663-CBA3-4654-AB8D-7BF1D007EB45}" = 20-20 Design Version 9.0

"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer

"{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel Application

"{45EE003F-42C7-40DB-9916-51723B32D605}" = 20-20 Version 8.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5BBD7CEF-134B-4AA6-8D82-EFFA4B6B8FD5}" = O2Micro Flash Memory Card Windows Driver

"{5C1E3F85-3FBA-40F0-9BA6-3A640E505357}" = RPS PerfectDiskStub

"{5CF81B66-941B-4890-8D73-E6B8E848681F}" = 20-20 Design Version 9.0

"{5D8CC168-A12E-422D-A3DF-53AD64E4F1ED}" = RPS CRT

"{63239152-8845-41BB-B423-CE10058816A1}" = 20-20 Design Version 9.0

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6A103845-1A90-47F1-B512-42E5A426C078}" = 20-20 Design Version 9.0

"{6ABAB3AE-817A-4EEC-B9D9-3276964D4D13}" = 20-20 Version 8.1

"{6E3D173D-EEB6-4EB7-9559-420C1AF0D274}" = 20-20 Design Version 9.0

"{6F65EF05-38BE-44D6-A94A-73443C8BB187}" = 20-20 Design Version 9.0

"{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility

"{70D9A80E-0E58-4F62-951F-D5246E8D6C6C}" = LifeBook Application Panel

"{75F48471-3EEB-4E62-B817-95124145BE48}" = 20-20 Version 8.1

"{7650F538-6274-44EA-8F50-843479073333}" = EPSON USB Display

"{77D3E037-7D5A-439B-A8EF-C6B52169F15F}" = 20-20 Version 8.1

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional

"{7C3911B4-3763-4037-B37E-8D7A305967B8}" = BlackBerry App World Browser Plugin

"{7D8EB6EC-82C2-47CA-99BA-05DE6C3D4D45}" = RPS RpsCore

"{7EE5EAF3-D311-410D-9F68-CCE962EE4617}" = Fujitsu WebCam Driver (32-bit)

"{8265D6DA-AE00-45B6-8763-5E6FC0E32028}" = TELUS security services

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{86524147-52DA-4BB5-A578-BC9099D474B3}" = 20-20 Design Version 9.0

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8B993121-CF5C-43C0-9296-0C1B7F515B27}" = O2Micro Smartcard Driver

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8D26775F-A7A3-4689-B825-69DD3E022DED}" = Fujitsu Display Manager

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010

"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine

"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper

"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1

"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1D11949-25D7-4C0F-AA72-7759FD8A089B}" = Sierra Wireless Watcher

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D2C6DAC2-6AB2-4749-8AAF-538AFF5A981A}" = Sony Ericsson Wireless Manager 5

"{DE14ACC5-83C0-4304-AF6C-0AD3A7173BE7}" = 20-20 Version 8.1

"{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}" = Fujitsu Driver Update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC2CE4B8-AA11-4A11-B494-FCF248A24BDC}" = Sony Ericsson MD400 Wireless Modem

"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2B9ED16-CD39-4428-8958-2F12E5DBDEBA}" = 20-20 Design Version 9.0

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F493BD0E-A385-41DC-A604-B8B00878FD54}" = 20-20 Version 8.1

"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater

"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F64394E6-46D6-48F3-9701-3629D6CDD092}" = Fingerprint Sensor Minimum Install

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"20-20 Multimedia Product Guide" = 20-20 Multimedia Product Guide

"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1

"CutePDF Writer Installation" = CutePDF Writer 3.0

"ESET Online Scanner" = ESET Online Scanner v3

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP LaserJet P1500 series" = HP LaserJet P1500 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel for Supervisor

"InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel

"InstallShield_{5BBD7CEF-134B-4AA6-8D82-EFFA4B6B8FD5}" = O2Micro Flash Memory Card Windows Driver

"InstallShield_{70B6A483-F815-4879-9AA4-3DCE9BCC61A0}" = Shock Sensor Utility

"InstallShield_{8B993121-CF5C-43C0-9296-0C1B7F515B27}" = O2Micro Smartcard Driver

"InstallShield_{8D26775F-A7A3-4689-B825-69DD3E022DED}" = Fujitsu Display Manager

"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Office14.PUBLISHERR" = Microsoft Publisher 2010

"OUTLOOKR" = Microsoft Office Outlook 2007

"ProInst" = Intel® PROSet/Wireless Software

"PROSet" = Intel® PRO Network Connections Drivers

"RadialpointClientGateway_is1" = TELUS security advisor 3.7.44

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/29/2012 10:17:08 PM | Computer Name = JDRNOTEBOOK | Source = Application Hang | ID = 1002

Description = Hanging application AcroRd32.exe, version 9.5.2.295, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2012 10:17:08 PM | Computer Name = JDRNOTEBOOK | Source = Application Hang | ID = 1002

Description = Hanging application AcroRd32.exe, version 9.5.2.295, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 1/3/2013 10:14:29 AM | Computer Name = JDRNOTEBOOK | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Application, SystemIndex

Catalog

Error - 1/3/2013 12:56:48 PM | Computer Name = JDRNOTEBOOK | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 rim.desktop.exe, P2 7.1.0.32, P3 4ffd97ce, P4

mscorlib, P5 2.0.0.0, P6 5040540e, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb,

P10 NIL.

Error - 1/3/2013 11:26:13 PM | Computer Name = JDRNOTEBOOK | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 rim.desktop.exe, P2 7.1.0.32, P3 4ffd97ce, P4

rim.desktop.datasync.pisynchfacade, P5 7.1.0.30, P6 4ffd9e43, P7 ff, P8 25, P9

system.nullreferenceexception, P10 NIL.

Error - 1/9/2013 12:38:28 PM | Computer Name = JDRNOTEBOOK | Source = MsiInstaller | ID = 11706

Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source

could be found for product Microsoft .NET Framework 1.1. The Windows installer

cannot continue.

Error - 1/9/2013 12:38:29 PM | Computer Name = JDRNOTEBOOK | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}'

could not be installed. Error code 1603. Additional information is available in

the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error - 1/9/2013 12:38:32 PM | Computer Name = JDRNOTEBOOK | Source = NativeWrapper | ID = 5000

Description =

Error - 1/9/2013 2:47:25 PM | Computer Name = JDRNOTEBOOK | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

Error - 1/9/2013 6:35:00 PM | Computer Name = JDRNOTEBOOK | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Application, SystemIndex

Catalog

[ OSession Events ]

Error - 3/30/2009 11:01:06 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3516

seconds with 1140 seconds of active time. This session ended with a crash.

Error - 3/30/2009 11:01:31 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18

seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/30/2009 11:02:50 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 75

seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/30/2009 11:03:05 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10

seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/30/2009 11:06:49 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 212

seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/30/2009 6:23:51 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/11/2010 1:29:31 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3404

seconds with 2340 seconds of active time. This session ended with a crash.

Error - 6/23/2010 4:50:32 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 408

seconds with 300 seconds of active time. This session ended with a crash.

Error - 6/28/2010 1:53:08 PM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2686

seconds with 960 seconds of active time. This session ended with a crash.

Error - 11/3/2010 11:10:57 AM | Computer Name = JDRNOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 748

seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 1/9/2013 12:46:05 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Search service

to connect.

Error - 1/9/2013 12:46:05 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 1/9/2013 12:46:06 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Search service

to connect.

Error - 1/9/2013 12:46:06 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 1/9/2013 2:47:25 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

StarOpen

Error - 1/9/2013 6:35:24 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

StarOpen

Error - 1/9/2013 6:35:53 PM | Computer Name = JDRNOTEBOOK | Source = DCOM | ID = 10010

Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register

with DCOM within the required timeout.

Error - 1/9/2013 7:53:28 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the wwanSvc service.

Error - 1/9/2013 9:26:59 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the wwanSvc service.

Error - 1/9/2013 9:41:39 PM | Computer Name = JDRNOTEBOOK | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

StarOpen

< End of report >

Link to post
Share on other sites

  • Staff

what errors are you receiving?

Please run the following:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab => Click the Start

7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.