alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.30.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DESKTOP [administrator]
6/30/2013 7:35:32 PM
mbam-log-2013-06-30 (19-35-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229354
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 0e757b9c73d7023f93ba9dcf3c6558f1 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:58:09 on 2013-06-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.403 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1001972039&ir=
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=Reimage&dpid=Reimage&co=US&userid=b5079a01-7526-47de-b4ef-cded40a24ca8&searchtype=ds&q={searchTerms}
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} -
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265636415781
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341329426546
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8EAFD537-C9DF-458B-8EC2-2F4CF5BFB8A0} : DHCPNameServer = 208.67.220.220 208.67.222.222
TCP: Interfaces\{F31C2AE7-FEA6-4CFA-9BAF-69D13500EC52} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\nve8mhts.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-dlcomaol-chromesbox-en-us&tb_uuid=20120703143541515&tb_oid=11-07-2012&tb_mrud=14-07-2012
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1001972039&ir=
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1001972039&ir=
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-06-24 17:48; mcciwbch@motive.com; c:\program files\mozilla firefox\extensions\mcciwbch@motive.com
FF - ExtSQL: !HIDDEN! 2012-04-15 11:04; hotfix@mozilla.org; c:\documents and settings\administrator\application data\mozilla\firefox\extensions\MozillaHotfix
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 5c8b1f180000000000000013207d6469
FF - user.js: extensions.BabylonToolbar_i.hardId - 5c8b1f180000000000000013207d6469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15432
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:07:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vwl2r6d&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5c8b1f180000000000000013207d6469
FF - user.js: extensions.incredibar_i.instlDay - 15501
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:06:41
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8vwl2r6d
FF - user.js: extensions.incredibar_i.upn2n - 92824508224868077
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5c8b1f180000000000000013207d6469
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15862
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:32:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1001972039&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1001972039&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1001972039&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0013207D64691F18
FF - user.js: extensions.mysearchdial.instlDay - 15873
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 0:8:46
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd62
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1001972039
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB
FF - user.js: extensions.irmysearch.aflt - irmsd62
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1001972039
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCtAtBtDyB0DyCyEyCzytC0FtCzztN0D0Tzu0SyDtAtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-7 37664]
R1 MpKsl43f4e0d6;MpKsl43f4e0d6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ce541fb-6a45-4033-a36e-d200b5d473fc}\MpKsl43f4e0d6.sys [2013-6-30 29904]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-6-27 1598128]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-30 23:21:31 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-06-30 23:21:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-30 23:21:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-30 23:20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-30 16:51:02 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ce541fb-6a45-4033-a36e-d200b5d473fc}\offreg.dll
2013-06-30 16:51:02 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ce541fb-6a45-4033-a36e-d200b5d473fc}\MpKsl43f4e0d6.sys
2013-06-30 15:54:47 -------- dc----w- C:\ComboFix
2013-06-30 15:44:27 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ce541fb-6a45-4033-a36e-d200b5d473fc}\mpengine.dll
2013-06-29 04:27:21 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-24 21:48:42 -------- d-----w- c:\program files\common files\Motive
2013-06-19 15:01:21 -------- d-----w- c:\program files\iPod
2013-06-19 15:01:17 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-17 04:09:54 -------- d-----w- c:\documents and settings\administrator\application data\mysearchdial
2013-06-06 02:33:22 -------- d-----w- c:\documents and settings\administrator\application data\1O1L1I1PtF1F1C1N
.
==================== Find3M ====================
.
2013-06-27 16:20:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-14 18:03:13 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-14 18:03:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-06 00:21:10 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 16:48:10 55520 ----a-w- c:\windows\system32\drivers\mozy.sys
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-24 20:02:51 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:58:53.20 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/7/2010 10:57:06 PM
System Uptime: 6/30/2013 7:29:10 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 164.016 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP796: 4/1/2013 11:40:18 PM - Software Distribution Service 3.0
RP797: 4/3/2013 12:06:30 AM - Software Distribution Service 3.0
RP798: 4/3/2013 10:09:41 AM - Software Distribution Service 3.0
RP799: 4/4/2013 12:29:05 AM - Software Distribution Service 3.0
RP800: 4/4/2013 4:28:24 PM - Installed MozyHome
RP801: 4/4/2013 10:34:25 PM - Installed PowerDVD
RP802: 4/5/2013 12:13:17 AM - Software Distribution Service 3.0
RP803: 4/5/2013 11:39:08 PM - Software Distribution Service 3.0
RP804: 4/7/2013 12:10:15 AM - System Checkpoint
RP805: 4/7/2013 12:15:57 AM - Software Distribution Service 3.0
RP806: 4/7/2013 11:49:37 PM - Software Distribution Service 3.0
RP807: 4/9/2013 12:11:41 AM - Software Distribution Service 3.0
RP808: 4/9/2013 2:22:07 PM - Software Distribution Service 3.0
RP809: 4/10/2013 12:26:03 AM - Software Distribution Service 3.0
RP810: 4/10/2013 11:43:12 PM - Software Distribution Service 3.0
RP811: 4/12/2013 12:12:20 AM - Software Distribution Service 3.0
RP812: 4/12/2013 11:39:22 PM - Software Distribution Service 3.0
RP813: 4/13/2013 11:48:29 PM - Software Distribution Service 3.0
RP814: 4/14/2013 10:26:05 AM - Removed KingTranslate
RP815: 4/14/2013 12:15:10 PM - Configured PowerDVD
RP816: 4/14/2013 11:45:11 PM - Software Distribution Service 3.0
RP817: 4/16/2013 12:33:35 AM - System Checkpoint
RP818: 4/16/2013 1:07:22 AM - Software Distribution Service 3.0
RP819: 4/16/2013 6:48:48 PM - Removed Java 7 Update 17
RP820: 4/16/2013 6:49:45 PM - Removed JavaFX 2.1.1
RP821: 4/16/2013 11:37:31 PM - Software Distribution Service 3.0
RP822: 4/18/2013 12:15:43 AM - Software Distribution Service 3.0
RP823: 4/18/2013 11:43:25 PM - Software Distribution Service 3.0
RP824: 4/20/2013 12:00:26 AM - Software Distribution Service 3.0
RP825: 4/21/2013 12:13:25 AM - Software Distribution Service 3.0
RP826: 4/22/2013 12:28:58 AM - Software Distribution Service 3.0
RP827: 4/22/2013 11:40:31 PM - Software Distribution Service 3.0
RP828: 4/23/2013 11:40:45 PM - System Checkpoint
RP829: 4/24/2013 12:04:22 AM - Software Distribution Service 3.0
RP830: 4/25/2013 12:09:37 AM - Software Distribution Service 3.0
RP831: 4/25/2013 11:51:15 PM - Software Distribution Service 3.0
RP832: 4/26/2013 11:31:03 PM - Software Distribution Service 3.0
RP833: 4/27/2013 11:37:28 PM - Software Distribution Service 3.0
RP834: 4/28/2013 11:37:38 PM - Software Distribution Service 3.0
RP835: 4/29/2013 11:44:02 PM - Software Distribution Service 3.0
RP836: 4/30/2013 11:52:54 PM - System Checkpoint
RP837: 5/1/2013 12:07:30 AM - Software Distribution Service 3.0
RP838: 5/2/2013 12:29:29 AM - Software Distribution Service 3.0
RP839: 5/3/2013 12:15:13 AM - Software Distribution Service 3.0
RP840: 5/3/2013 11:51:20 PM - Software Distribution Service 3.0
RP841: 5/4/2013 11:59:02 PM - Software Distribution Service 3.0
RP842: 5/5/2013 1:06:42 PM - Installed MozyHome
RP843: 5/6/2013 12:09:44 AM - Software Distribution Service 3.0
RP844: 5/6/2013 11:48:45 PM - Software Distribution Service 3.0
RP845: 5/8/2013 12:13:47 AM - Software Distribution Service 3.0
RP846: 5/8/2013 11:53:48 PM - Software Distribution Service 3.0
RP847: 5/10/2013 12:22:34 AM - Software Distribution Service 3.0
RP848: 5/11/2013 12:20:13 AM - Software Distribution Service 3.0
RP849: 5/11/2013 11:59:05 PM - Software Distribution Service 3.0
RP850: 5/13/2013 12:08:11 AM - System Checkpoint
RP851: 5/13/2013 12:19:35 AM - Software Distribution Service 3.0
RP852: 5/13/2013 11:58:15 PM - Software Distribution Service 3.0
RP853: 5/14/2013 11:38:43 PM - Software Distribution Service 3.0
RP854: 5/15/2013 9:55:42 AM - Software Distribution Service 3.0
RP855: 5/16/2013 12:11:39 AM - Software Distribution Service 3.0
RP856: 5/17/2013 12:28:53 AM - Software Distribution Service 3.0
RP857: 5/17/2013 11:22:34 AM - Installed Windows Windows Easy Transfer for Windows 7.
RP858: 5/17/2013 11:59:49 PM - Software Distribution Service 3.0
RP859: 5/18/2013 8:36:36 AM - Installed Windows Windows Easy Transfer for Windows 7.
RP860: 5/18/2013 11:52:18 PM - Software Distribution Service 3.0
RP861: 5/19/2013 1:48:14 PM - Installed MozyHome
RP862: 5/19/2013 11:37:24 PM - Software Distribution Service 3.0
RP863: 5/20/2013 11:19:03 AM - Installed Microsoft Picture It! Publishing 2001
RP864: 5/21/2013 10:06:51 AM - Software Distribution Service 3.0
RP865: 5/22/2013 12:20:34 AM - Software Distribution Service 3.0
RP866: 5/23/2013 12:03:14 AM - Software Distribution Service 3.0
RP867: 5/23/2013 11:45:11 PM - Software Distribution Service 3.0
RP868: 5/24/2013 9:34:12 AM - Installed MozyHome
RP869: 5/24/2013 11:58:02 PM - Software Distribution Service 3.0
RP870: 5/25/2013 11:50:04 PM - Software Distribution Service 3.0
RP871: 5/27/2013 12:12:49 AM - Software Distribution Service 3.0
RP872: 5/27/2013 11:45:32 PM - Software Distribution Service 3.0
RP873: 5/29/2013 12:15:15 AM - Software Distribution Service 3.0
RP874: 5/29/2013 11:34:32 PM - Software Distribution Service 3.0
RP875: 5/31/2013 12:04:01 AM - Software Distribution Service 3.0
RP876: 6/1/2013 8:32:21 PM - Software Distribution Service 3.0
RP877: 6/1/2013 11:49:32 PM - Software Distribution Service 3.0
RP878: 6/2/2013 11:45:05 PM - Software Distribution Service 3.0
RP879: 6/3/2013 11:39:10 PM - Software Distribution Service 3.0
RP880: 6/4/2013 11:46:59 PM - Software Distribution Service 3.0
RP881: 6/6/2013 12:13:00 AM - System Checkpoint
RP882: 6/6/2013 12:26:21 AM - Software Distribution Service 3.0
RP883: 6/6/2013 11:34:10 PM - Software Distribution Service 3.0
RP884: 6/7/2013 11:53:51 PM - Software Distribution Service 3.0
RP885: 6/9/2013 12:01:35 AM - Software Distribution Service 3.0
RP886: 6/9/2013 11:36:21 PM - Software Distribution Service 3.0
RP887: 6/10/2013 11:32:38 PM - Software Distribution Service 3.0
RP888: 6/11/2013 2:51:08 PM - Software Distribution Service 3.0
RP889: 6/11/2013 11:58:05 PM - Software Distribution Service 3.0
RP890: 6/13/2013 12:22:10 AM - System Checkpoint
RP891: 6/13/2013 12:29:57 AM - Software Distribution Service 3.0
RP892: 6/13/2013 8:46:11 PM - Installed Microsoft Fix it 50620
RP893: 6/13/2013 11:52:43 PM - Software Distribution Service 3.0
RP894: 6/14/2013 11:44:42 PM - Software Distribution Service 3.0
RP895: 6/15/2013 11:47:52 PM - Software Distribution Service 3.0
RP896: 6/17/2013 12:05:23 AM - System Checkpoint
RP897: 6/17/2013 12:17:09 AM - Software Distribution Service 3.0
RP898: 6/17/2013 1:23:10 PM - ARO 2013 - Before Installation
RP899: 6/17/2013 1:23:49 PM - ARO 2013 - FIRST RUN
RP900: 6/17/2013 1:27:42 PM - ARO 2013 Mon, Jun 17, 13 13:27
RP901: 6/17/2013 1:31:25 PM - ARO 2013 - Before Installation
RP902: 6/17/2013 11:43:45 PM - Software Distribution Service 3.0
RP903: 6/18/2013 11:56:51 PM - Software Distribution Service 3.0
RP904: 6/20/2013 12:08:20 AM - System Checkpoint
RP905: 6/20/2013 12:29:46 AM - Software Distribution Service 3.0
RP906: 6/21/2013 8:50:44 AM - Software Distribution Service 3.0
RP907: 6/22/2013 12:15:03 AM - Software Distribution Service 3.0
RP908: 6/22/2013 11:38:57 PM - Software Distribution Service 3.0
RP909: 6/23/2013 4:56:12 PM - Removed Adobe Community Help
RP910: 6/23/2013 11:34:00 PM - Software Distribution Service 3.0
RP911: 6/24/2013 11:46:21 PM - System Checkpoint
RP912: 6/25/2013 12:11:23 AM - Software Distribution Service 3.0
RP913: 6/26/2013 12:19:53 AM - Software Distribution Service 3.0
RP914: 6/27/2013 1:10:20 AM - System Checkpoint
RP915: 6/27/2013 12:29:52 PM - Software Distribution Service 3.0
RP916: 6/28/2013 1:39:16 PM - Restore Operation
RP917: 6/28/2013 1:51:38 PM - Software Distribution Service 3.0
RP918: 6/29/2013 12:27:17 AM - Software Distribution Service 3.0
RP919: 6/30/2013 11:44:19 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe AIR Free Download Packages
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Amazon MP3 Downloader 1.0.18
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Photo Book
Audacity 1.2.6
Avery DesignPro
AviSynth 2.5
Bonjour
Canon CanoScan LiDE 200 User Registration
Canon iP3500 series
Canon iP3500 series User Registration
Canon MP Navigator EX 2.0
Canon My Printer
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint EX
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CanoScan LiDE 200 Scanner Driver
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Dell ResourceCD
DesignPro 5.0 Limited Edition
DrawPlus 3.0
DVD Flick 1.3.0.7
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Fender FUSE 2.6.0.25
ffdshow v1.1.3572 [2010-09-13]
File Type Assistant
Final Media Player 2012
FoxTab Music Converter
Free MP4 Video Converter version 5.0.21.1212
Free YouTube Download version 3.2.2.430
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Image Editor Packages
Image Resizer Powertoy for Windows XP
Inkjet Printer/Scanner Extended Survey Program
InstaCodecs
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
IrfanView (remove only)
Itibiti RTC
iTunes
Kodak EasyShare software
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.1.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2001
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Picture It! Publishing 2001
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 7.0.1 (x86 en-US)
MozyHome
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Nike+ Connect
OfotoXMI
Photo Organizer
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923789)
SFR
SHASTA
Shockwave
skin0001
SKINXSDK
SoundMAX
staticcr
Update for Image Editor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Video Converter
VLC media player 2.0.7
VLC media player Free Download Packages
VPRINTOL
WebFldrs XP
Windows Easy Transfer for Windows 7
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
WIRELESS
Works Suite OS Pack
Works Synchronization
XviD & MP3 Codec Pack (remove only)
Xvid Video Codec
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/30/2013 7:30:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
6/30/2013 1:26:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.876.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80072f76 Error description: The requested header was not found
6/29/2013 4:33:02 PM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
6/28/2013 1:33:48 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf86601e, parameter3 eda9fadc, parameter4 00000000.
6/26/2013 11:39:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80072f76 Error description: The requested header was not found
6/24/2013 10:58:20 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
.
==== End Of File ===========================