Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect virus


  • Please log in to reply
11 replies to this topic

#1 jvallee

jvallee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 14 January 2011 - 11:52 AM

Have had ongoing prob with browser (IE & Firefox) redirects and finally decided to try to fix.
have read the prep guide and got down to run DDS.SCR.

disconnected from network/internet (unplugged cable) disabled firewall and antivirus.

DDS starts to run but then I get BSOD with the following:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Stop: 0x000000D1 (0x8B14D000,0x000000ff,0x00000000,0xB14A1BB2)

mbr.sys Address BA4A1BB2 base at BA4A0000 Datestamp 4cd665da

Went on downloaded Gmer.zip and ran that. file attached per guide instructions

Attached Files

  • Attached File  ark.txt   8.99KB   4 downloads

Edited by jvallee, 14 January 2011 - 01:11 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:46 AM

Posted 19 January 2011 - 12:27 PM

Hello, and :welcome: to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 jvallee

jvallee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 19 January 2011 - 02:20 PM

Per your instructions
Thanks.. Jean



OTL logfile created on: 1/19/2011 12:39:24 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\MY DOWNLOADS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.69 Gb Total Space | 15.69 Gb Free Space | 29.23% Space Free | Partition Type: FAT32
Drive D: | 26.76 Gb Total Space | 5.64 Gb Free Space | 21.09% Space Free | Partition Type: NTFS
Drive E: | 7.55 Gb Total Space | 7.55 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive Z: | 87.25 Gb Total Space | 68.34 Gb Free Space | 78.32% Space Free | Partition Type: NTFS

Computer Name: JV | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 12:36:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\MY DOWNLOADS\OTL.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/07 15:21:50 | 000,082,776 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\qw.exe
PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/03 14:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Jean\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PCToolsFirewall\FirewallGUI.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PCToolsFirewall\FWService.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/22 05:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2009/08/20 17:35:12 | 000,305,936 | ---- | M] (IObit) -- C:\Program Files\IObit Security 360\is360srv.exe
PRC - [2009/03/30 12:30:52 | 000,124,200 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2008/09/12 11:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/12 14:40:14 | 001,342,560 | ---- | M] (SoftLogica LLC) -- C:\Program Files\Backup Platinum\bpx.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/16 23:25:18 | 000,397,312 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/02/16 23:25:08 | 000,602,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/01/12 17:45:32 | 000,897,584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
PRC - [2007/01/12 17:45:32 | 000,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
PRC - [2007/01/12 17:45:28 | 000,251,440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
PRC - [2007/01/12 17:45:24 | 000,590,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
PRC - [2006/06/30 06:31:10 | 001,106,386 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/06/29 19:06:32 | 001,848,150 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/06/29 19:06:00 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/11/30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/28 11:47:12 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005/11/28 11:41:14 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/02 15:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/02/08 09:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape) -- C:\Program Files\Netscape\Netscape\Netscp.exe
PRC - [1999/02/28 02:32:52 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011/01/19 12:36:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\MY DOWNLOADS\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:11:56 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksuser.dll
MOD - [2006/02/28 07:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2005/11/30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
MOD - [2005/11/02 15:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2011/01/13 03:47:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Jean\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PCToolsFirewall\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/09/16 13:53:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/20 17:35:12 | 000,305,936 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/03/30 12:30:52 | 000,124,200 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2008/08/12 14:40:14 | 001,342,560 | ---- | M] (SoftLogica LLC) [Auto | Running] -- C:\Program Files\Backup Platinum\bpx.exe -- (Backup Platinum Agent)
SRV - [2007/01/12 17:45:32 | 000,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/29 19:05:58 | 000,204,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/11/30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2004/11/01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:12 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:10 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/08/25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/08/25 14:45:28 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/08/25 14:45:28 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/31 18:20:30 | 000,419,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2009/10/31 18:20:30 | 000,029,312 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2009/10/31 18:20:30 | 000,012,288 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2009/03/10 14:57:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/03/10 14:56:54 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 12:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/30 10:37:44 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/22 05:04:54 | 000,018,088 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007/05/21 10:23:34 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/05/15 15:33:28 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2007/04/04 21:51:36 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/04/04 21:51:36 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/04/04 21:51:34 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/02/21 09:59:28 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/06/13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/12/01 22:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/30 05:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/30 05:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/25 17:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 15:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 15:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 15:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/02 15:11:00 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/04/05 16:38:00 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/03/05 12:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003/11/17 18:06:48 | 000,011,165 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/10/23 10:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/04/21 13:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2002/10/11 15:49:36 | 000,009,049 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2002/10/11 15:49:06 | 000,115,008 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2002/10/11 15:49:06 | 000,115,008 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1614895754-448539723-725345543-1006\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1614895754-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-448539723-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3A12FD15-DA29-43F9-95A3-4FB99C515D76}:1.9.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.63
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3A12FD15-DA29-43F9-95A3-4FB99C515D76}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3A12FD15-DA29-43F9-95A3-4FB99C515D76}\ [2010/09/16 08:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/12 17:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/12 17:01:32 | 000,000,000 | ---D | M]

[2011/01/12 17:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Extensions
[2011/01/12 17:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Firefox\Profiles\ew9d223x.default\extensions
[2011/01/12 16:20:54 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Jean\Application Data\Mozilla\Firefox\Profiles\ew9d223x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/12 16:20:48 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Firefox\Profiles\ew9d223x.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/01/12 16:20:58 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Firefox\Profiles\ew9d223x.default\extensions\LogMeInClient@logmein.com
[2011/01/12 17:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 13:19:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/05/27 10:40:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/16 08:03:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\APPLICATION DATA\{3A12FD15-DA29-43F9-95A3-4FB99C515D76}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/13 08:59:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PCToolsFirewall\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1614895754-448539723-725345543-1006..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AutorunsDisabled [2007/12/09 21:14:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jean\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Jean\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax65.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} http://www.cyberlink.com/winxp/CheckDVD.cab (ChkDVDCtl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179323383421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O22 - SharedTaskScheduler: {EE6EC551-CFCF-4496-BECC-A88B4B1DE268} - IuzasmidNvr - C:\WINDOWS\system32\iuzasmid.dll ( )
O24 - Desktop WallPaper: C:\Documents and Settings\Jean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/11/05 19:49:38 | 000,000,000 | ---D | M] - C:\Autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (13524409633472512)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 19:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HPSS
[2011/01/18 19:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\HPSS
[2011/01/18 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\HP SimpleSave Application
[2011/01/18 11:01:09 | 000,000,000 | ---D | C] -- C:\archive_db
[2011/01/18 10:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\launcher
[2011/01/18 10:18:12 | 000,056,208 | ---- | C] (Paragon Software Group) -- C:\WINDOWS\System32\drivers\hotcore3.sys
[2011/01/18 10:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Paragon Backup & Recovery™ 2010 Free Advanced
[2011/01/18 10:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2011/01/18 09:24:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jean\Start Menu\Programs\Administrative Tools
[2011/01/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\My Documents\Quicken
[2011/01/16 09:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2011/01/16 09:49:37 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2011/01/16 09:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Quicken 2011
[2011/01/16 09:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/01/16 09:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/01/16 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Intuit
[2011/01/16 09:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
[2011/01/15 18:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\gtk-2.0
[2011/01/14 13:19:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/14 13:19:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/14 13:19:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/14 11:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Desktop\gmer
[2011/01/12 18:35:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/12 18:28:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/12 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox
[2011/01/12 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/08 18:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\HpUpdate
[2011/01/08 18:55:45 | 000,273,256 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2011/01/08 18:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\HP
[2011/01/08 18:55:23 | 001,907,560 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2011/01/08 18:55:18 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2011/01/08 18:55:17 | 000,213,352 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2011/01/08 18:55:16 | 000,264,552 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2011/01/07 15:22:48 | 001,721,768 | ---- | C] (Intuit Inc.) -- C:\WINDOWS\System32\inetclnt.dll
[2007/03/31 10:00:40 | 000,319,488 | ---- | C] ( ) -- C:\WINDOWS\System32\iuzasmid.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Jean\My Documents\*.tmp files -> C:\Documents and Settings\Jean\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 11:11:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/19 11:10:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 11:06:12 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/01/19 11:02:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/18 19:50:16 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\Jean\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/01/18 18:45:56 | 001,069,056 | ---- | M] () -- C:\Documents and Settings\Jean\jan10_bank.xls
[2011/01/18 18:40:12 | 002,334,720 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Jean's Quicken Data.QDF-backup
[2011/01/18 13:53:38 | 000,000,822 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2011/01/18 10:17:56 | 000,002,124 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Paragon Backup & Recovery™ 2010 Free Advanced.lnk
[2011/01/16 09:49:30 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Quicken Deluxe 2011.lnk
[2011/01/16 09:49:30 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Free Credit Report and Score.url
[2011/01/16 09:48:56 | 000,000,120 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/01/14 14:10:40 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Jean\My Documents\Due From Albert.xls
[2011/01/14 10:59:14 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\gmer.zip
[2011/01/14 10:31:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/01/13 19:43:56 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\dds.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:12 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:10 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 18:35:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/12 17:02:08 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/12 17:02:08 | 000,001,547 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/01/11 10:52:44 | 000,000,078 | ---- | M] () -- C:\WINDOWS\TP.INI
[2011/01/08 18:55:44 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/01/08 18:55:42 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP 6500 Scan.lnk
[2011/01/08 17:45:28 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/07 15:22:56 | 004,199,768 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2011/01/07 15:22:48 | 001,721,768 | ---- | M] (Intuit Inc.) -- C:\WINDOWS\System32\inetclnt.dll
[2011/01/04 08:39:26 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Master Support List.xls
[2011/01/01 09:44:36 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2011/01/01 09:41:10 | 001,179,136 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/31 09:56:16 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/12/22 09:41:38 | 000,002,092 | ---- | M] () -- C:\Documents and Settings\Jean\My Documents\new year mix.axp
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Jean\My Documents\*.tmp files -> C:\Documents and Settings\Jean\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/18 19:50:15 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\Jean\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2011/01/18 18:40:10 | 002,334,720 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\Jean's Quicken Data.QDF-backup
[2011/01/18 10:17:55 | 000,002,124 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Paragon Backup & Recovery™ 2010 Free Advanced.lnk
[2011/01/16 09:49:28 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Quicken Deluxe 2011.lnk
[2011/01/16 09:49:28 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Free Credit Report and Score.url
[2011/01/16 09:38:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/01/14 11:24:28 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\gmer.zip
[2011/01/13 19:47:00 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\dds.scr
[2011/01/12 18:35:40 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/01/12 18:35:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/12 17:02:07 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/12 17:02:07 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/01/08 18:55:42 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/01/08 18:55:41 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP 6500 Scan.lnk
[2010/12/31 09:48:54 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\spupdwxp.log
[2010/10/21 13:03:24 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2010/10/20 11:17:11 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\msbgctb.ini
[2010/10/20 11:17:11 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\msbgcta.ini
[2010/10/10 09:08:49 | 000,000,822 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2010/10/10 09:05:51 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2010/08/25 16:40:00 | 000,047,940 | ---- | C] () -- C:\WINDOWS\utoqafarip.dll
[2010/08/09 11:06:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/09 11:04:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2010/06/06 09:20:02 | 000,065,344 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2009/11/14 09:34:06 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/04 10:33:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jean\Local Settings\Application Data\housecall.guid.cache
[2008/05/24 11:43:45 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/24 11:43:45 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/18 14:11:21 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\agissi.dll
[2008/03/18 14:11:14 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2008/03/07 12:24:03 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\˜113.›sys
[2008/03/04 14:35:40 | 000,000,133 | ---- | C] () -- C:\WINDOWS\WorldMerge.INI
[2008/01/14 16:54:04 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/10/19 13:19:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007/10/13 09:22:47 | 000,001,466 | ---- | C] () -- C:\WINDOWS\X3D.INI
[2007/10/06 09:56:36 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ÐÒÝÃÄ3113›˜.sys
[2007/10/06 08:57:24 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sys.sys
[2007/09/12 20:22:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Jean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/17 15:45:41 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MyLabel.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/07/18 11:40:09 | 000,000,843 | ---- | C] () -- C:\WINDOWS\SB30.INI
[2007/07/18 11:37:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SBFL32.DLL
[2007/07/18 11:37:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\SBORFA32.DLL
[2007/07/18 11:37:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SBSORT32.DLL
[2007/06/20 07:11:29 | 000,000,268 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2007/06/05 15:03:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\hrentebe.ini
[2007/05/23 11:23:34 | 000,000,768 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/21 07:49:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/18 12:11:07 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/04/18 17:24:30 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TP.INI
[2007/04/09 08:43:04 | 000,000,166 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2007/03/12 19:45:34 | 000,000,397 | R--- | C] () -- C:\WINDOWS\hpw9800k.ini
[2007/03/12 19:42:56 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2007/03/12 19:42:52 | 000,001,567 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007/02/23 11:51:07 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/02/22 15:14:49 | 000,000,233 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2007/02/22 12:10:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2007/02/22 11:51:30 | 000,001,153 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/22 08:16:23 | 000,001,217 | ---- | C] () -- C:\WINDOWS\Superbas.ini
[2007/02/21 08:59:54 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2007/02/21 06:14:24 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/02/21 06:00:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2007/02/21 06:00:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2007/02/21 06:00:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2007/02/21 06:00:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/02/20 08:24:20 | 000,000,719 | ---- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2007/02/20 07:25:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jean\Local Settings\Application Data\fusioncache.dat
[2007/02/19 19:01:39 | 000,003,968 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2007/02/19 18:42:13 | 000,004,532 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/02 13:28:20 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/07/26 15:09:36 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2003/12/13 21:40:42 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/07/26 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2006/12/28 20:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2007/01/10 17:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2007/01/19 07:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2006/07/26 15:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEAN.sav\Application Data\Acer
[2006/12/28 20:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEAN.sav\Application Data\Individual Software
[2007/01/04 09:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEAN.sav\Application Data\PDF reDirect
[2007/01/11 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JEAN.sav\Application Data\paywin
[2007/02/22 14:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2007/04/04 22:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2007/05/04 10:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2007/05/23 08:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NtiDvdCopy
[2007/09/18 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GoldWaveCDDB
[2007/12/10 06:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/02/25 12:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2008/08/22 09:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2009/02/09 16:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FNET
[2009/02/09 17:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftLogica
[2009/06/12 13:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PassMark
[2009/09/01 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2009/09/01 10:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
[2009/09/02 09:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009/11/14 09:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2010/02/20 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/16 09:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
[2010/07/22 13:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2010/08/09 11:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2010/10/10 09:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MyHeritage
[2010/10/22 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RootsMagic
[2010/11/11 08:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PDF reDirect
[2010/11/19 17:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/01/18 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\launcher
[2007/02/27 07:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\PDF reDirect
[2007/04/04 21:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Uniblue
[2007/05/20 09:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Sony
[2007/05/20 09:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Publish Providers
[2007/06/05 15:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\MB-Ruler
[2007/06/19 14:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Image Zone Express
[2007/08/17 15:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\BERNINA My Label
[2007/09/22 08:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Nvu
[2007/09/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\WebProse
[2007/10/05 12:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\FileZilla
[2007/10/10 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Blumentals
[2007/12/10 06:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\PCToolsFirewallPlus
[2008/02/25 12:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\TomTom
[2008/05/24 09:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Jasc
[2008/07/16 21:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Big Clock
[2008/11/11 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\paywin
[2009/02/09 17:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\SoftLogica
[2009/05/28 18:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\eMusic
[2009/09/01 10:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\DriverCure
[2009/09/01 18:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\IObit
[2009/10/23 10:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\TeamViewer
[2010/02/17 12:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Scalabium
[2010/07/22 13:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Juniper Networks
[2010/08/09 11:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Leadertech
[2010/08/24 13:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Canneverbe Limited
[2010/10/10 09:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\The Complete Genealogy Reporter - FTB
[2010/10/10 09:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\MyHeritage
[2010/10/15 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\QuickScan
[2010/10/20 11:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\The Complete Genealogy Builder
[2010/10/20 11:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\The Complete Genealogy Reporter
[2010/10/21 13:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Millennia
[2010/10/21 20:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Progeny
[2010/10/22 16:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\RootsMagic
[2010/11/14 18:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\GetRightToGo
[2011/01/15 18:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\gtk-2.0
[2011/01/08 17:45:28 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/31 21:15:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/31 21:15:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/31 21:15:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/31 21:15:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/19 18:40:18 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2007/02/19 18:40:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/19 18:40:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< End of report >

OTL Extras logfile created on: 1/19/2011 12:39:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\MY DOWNLOADS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.69 Gb Total Space | 15.69 Gb Free Space | 29.23% Space Free | Partition Type: FAT32
Drive D: | 26.76 Gb Total Space | 5.64 Gb Free Space | 21.09% Space Free | Partition Type: NTFS
Drive E: | 7.55 Gb Total Space | 7.55 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive Z: | 87.25 Gb Total Space | 68.34 Gb Free Space | 78.32% Space Free | Partition Type: NTFS

Computer Name: JV | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office2007_viewer\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\DVDSoftware\PCM4Everio\PCM4Everio.exe" = C:\Program Files\DVDSoftware\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\DVDSoftware\PCM4Everio\EverioService.exe" = C:\Program Files\DVDSoftware\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"D:\itunes\iTunes.exe" = D:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{115E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23199BD2-AFD7-450E-ADC8-3E16132F17A2}" = HP Officejet 6500 E710n-z Basic Device Software
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AFE6CD86-FB70-49D8-8340-1160DCF4A6B5}" = Legacy Charting Companion 2.0
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1914265-0D07-48E0-A937-F20A76D0032D}" = Acronis True Image Home
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2010 Free Advanced
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5278828-3232-4AED-8F24-14020F9748D4}" = Special Cursors
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"ABC Amber Paradox Converter" = ABC Amber Paradox Converter
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"avast5" = avast! Free Antivirus
"Backup Platinum 4.0 (build 2121)" = Backup Platinum 4.0
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Corel Uninstaller" = Corel Uninstaller
"CrossLoop_is1" = CrossLoop 2.41
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"doPDF 5 printer_is1" = doPDF 5.3 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"Family Tree Builder" = MyHeritage Family Tree Builder
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IObit Security 360_is1" = IObit Security 360 RC
"Juniper Networks Access Manager" = Access Manager
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Legacy 7.4" = Legacy 7.4
"LegacyChart7_is1" = Legacy Charting 7.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mirage Driver_is1" = Mirage Driver 1.1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nullsoft Tray Control Icon Pack" = Nullsoft Tray Control Icon Pack 2.2
"Office8.0" = Microsoft Office 97, Professional Edition
"PatternMaster Tailor Made 4" = PatternMaster Tailor Made 4
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"PDF reDirect" = PDF reDirect (remove only)
"Prism" = Prism Video Converter
"ProInst" = Intel® PROSet/Wireless Software
"Rainlendar2" = Rainlendar2 (remove only)
"rayatitray" = Ray Adams ATI Tray Tools
"RealPlayer 6.0" = RealPlayer
"Ruler By George!_is1" = Ruler By George! 1.31
"Selida" = Selida 2
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"Smart Defrag_is1" = Smart Defrag
"SmartSuite V98.0" = Lotus SmartSuite Release 9
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME
"Uninstall_is1" = Uninstall 1.0.0.0
"Verizon Help and Support" = Verizon Help and Support Tool
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3c
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:46 AM

Posted 20 January 2011 - 11:00 AM

Hello.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 jvallee

jvallee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 20 January 2011 - 11:32 AM

I would like to delay installing Combofix for about a week. My computer does not warm boot due to a faulty fan. Replacement on the way.
Thanks Jean

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:46 AM

Posted 20 January 2011 - 01:44 PM

okay. . . thank you for letting me know. Let me know once you've got the machine going again and we'll continue.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 jvallee

jvallee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 27 January 2011 - 02:06 PM

I have had computer repaired - thank goodness and can do warm boots again.

I will run ComboFix tonight.

Jean

#8 jvallee

jvallee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 28 January 2011 - 08:14 AM

I disconnected from network, turned off anti-virus and firewall and started ComboFix about 6PM last night and left it running. At 8AM, it still says it is scanning for infected files. (Time says 6:30 PM)

Computer frozen at this point

Must use today so will reboot in safe mode. Combofx says it created a restore point. Will use that if it really exists.

Should I try running CF in safe mode next?

Jean

Edited by jvallee, 28 January 2011 - 08:56 AM.


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:46 AM

Posted 28 January 2011 - 11:15 AM

Please try running ComboFix in Safe Mode.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 jvallee

jvallee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 28 January 2011 - 11:20 AM

have run into mup.sys hang (safe mode hangs when it gets to mup.sys) - have some solutions to try to resolve this..(does it ever end?!! some days I think my computer hates me!)
I'll run Cfx when I get safe mode working. Should be today.

Thanks for your patience.

Jean

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:46 AM

Posted 28 January 2011 - 11:27 AM

If you can't get Safe Mode going, go ahead and give CF another shot in normal mode. It could have been an isolated incident.

Let me know if you get stuck.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 jvallee

jvallee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 28 January 2011 - 01:28 PM

I am running it now in safe mode... cbfx thought my antivirus was running but I truly did disable it. how long b4 it should finish.. has been scanning 30 min already.
Jean

checked 5 min later ... no disk activity...

Now what?

Edited by jvallee, 28 January 2011 - 01:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users