Jump to content

jmanzella7

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jmanzella7
    Seems ok. Am I malware-free now? Should I do anything further?
  2. jmanzella7
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=96e016d9bc8a564786eb29eca5e3ad34 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-18 06:38:21 # local_time=2012-10-17 11:38:21 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 81157998 81157998 0 0 # compatibility_mode=5892 16776638 100 100 0 187141372 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=165455 # found=1 # cleaned=1 # scan_time=8460 C:\FRST\Quarantine\khtbwxtb.dll Win32/Kryptik.AMNR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  3. jmanzella7
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-10-2012 Ran by SYSTEM at 2012-10-15 20:50:55 Run:1 Running from F:\ ============================================== HKEY_USERS\Joe\Software\Microsoft\Windows\CurrentVersion\Run\\Dropbox Value deleted successfully. C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll moved successfully. ==== End of Fixlog ====
  4. jmanzella7
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-10-2012 Ran by SYSTEM at 14-10-2012 20:21:46 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x] HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2006-11-21] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [7757824 2006-11-21] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2006-11-21] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-22] (Synaptics, Inc.) HKLM\...\Run: [] [x] HKLM\...\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [1020248 2010-01-25] (Trend Micro Inc.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated) HKU\Joe\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\Joe\...\Run: [Dropbox] rundll32.exe C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll,GetImporterInterface [354304 2012-09-09] () HKU\Joe\...\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [x] Winlogon\Notify\ScCertProp: wlnotify.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\Joe\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) =================== 2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) 2 DeviceMonitorService; "C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe" [87368 2011-09-19] (Nero AG) 3 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-11-30] (Acer Inc.) 2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [118784 2006-11-20] (Acer Inc.) 2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [45056 2006-11-16] (Acer Inc.) 2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2006-11-13] () 2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [218992 2011-09-14] () 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-05] (Mozilla Foundation) 3 RosettaStoneLtdController; "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" [354648 2007-10-31] (Rosetta Stone Ltd.) 2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [715440 2010-11-08] (Trend Micro Inc.) 3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [345352 2010-03-12] (Trend Micro Inc.) 3 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [689416 2010-03-12] (Trend Micro Inc.) 2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [131072 2006-12-01] (acer) 2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] 2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [x] 2 XAudioService; C:\Windows\System32\DRIVERS\xaudio.exe [x] ==================== Drivers (Whitelisted) ==================== 1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) 3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-10-24] (ENE Technology Inc.) 3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-10-24] (ENE Technology Inc.) 3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-10-24] (ENE Technology Inc.) 2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] () 3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.) 0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST) 0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST) 0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST) 3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.) 3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.) 2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.) 3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.) 2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36624 2011-07-12] (Trend Micro Inc.) 1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2010-03-12] (Trend Micro Inc.) 2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [262416 2011-07-12] (Trend Micro Inc.) 3 TrueSight; \??\C:\Windows\system32\drivers\TrueSight.sys [14080 2012-10-09] () 2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1405720 2011-07-12] (Trend Micro Inc.) 3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2005-04-12] (Logitech Inc.) 3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [22240 2005-04-12] (Logitech Inc.) 3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2005-04-12] (Logitech Inc.) 3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [45504 2005-04-12] (Logitech Inc.) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 catchme; \??\C:\Users\Joe\AppData\Local\Temp\catchme.sys [x] 3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [x] 3 MFE_RR; \??\C:\Users\Joe\AppData\Local\Temp\mfe_rr.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x] 2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-10-14 20:21 - 2012-10-14 20:21 - 00000000 ____D C:\FRST 2012-10-12 20:51 - 2012-10-12 20:52 - 00000240 ____A C:\Users\Joe\Desktop\RootkitRemover20121012215140.txt 2012-10-12 20:50 - 2012-10-12 20:50 - 00475752 ____A (McAfee, Inc.) C:\Users\Joe\Desktop\rootkitremover.exe 2012-10-12 09:01 - 2012-10-12 09:02 - 00000000 ___SD C:\ComboFix 2012-10-12 07:43 - 2012-10-12 07:43 - 00138384 ____A C:\Windows\Minidump\Mini101212-01.dmp 2012-10-12 07:42 - 2012-10-12 07:42 - 340175182 ____A C:\Windows\MEMORY.DMP 2012-10-11 14:55 - 2012-10-11 14:55 - 00000000 ____D C:\Windows\erdnt 2012-10-11 14:55 - 2012-10-11 14:55 - 00000000 ____D C:\Qoobox 2012-10-11 14:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-10-11 14:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-10-11 14:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-10-11 14:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-10-11 14:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-10-11 14:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-10-11 14:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-10-11 14:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-10-11 14:52 - 2012-10-12 09:00 - 04771502 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe 2012-10-10 09:05 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-10-10 09:05 - 2012-08-29 03:27 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-10-10 09:05 - 2012-08-29 03:27 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-10-10 09:05 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-10-10 09:05 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-10-10 09:05 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-10-10 09:05 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-10-10 07:52 - 2012-10-10 07:52 - 00070536 ____A C:\Users\Joe\Desktop\Extras.Txt 2012-10-10 07:51 - 2012-10-10 07:51 - 00091476 ____A C:\Users\Joe\Desktop\OTL.Txt 2012-10-10 07:38 - 2012-10-10 07:38 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.exe 2012-10-10 07:38 - 2012-10-10 07:38 - 00001728 ____A C:\Users\Joe\Desktop\aswMBR.txt 2012-10-10 07:38 - 2012-10-10 07:38 - 00000512 ____A C:\Users\Joe\Desktop\MBR.dat 2012-10-10 07:33 - 2012-10-10 07:33 - 04731392 ____A (AVAST Software) C:\Users\Joe\Desktop\aswMBR.exe 2012-10-10 07:00 - 2012-10-10 07:00 - 00002855 ____A C:\Users\Joe\Desktop\dds.PIF 2012-10-10 06:22 - 2012-10-10 06:22 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.com 2012-10-09 21:00 - 2012-10-09 21:00 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.scr 2012-10-09 21:00 - 2012-10-09 20:45 - 01422336 ____A C:\Users\Joe\Desktop\RogueKiller.exe 2012-10-09 20:48 - 2012-10-09 20:48 - 00003851 ____A C:\Users\Joe\Desktop\RKreport[1].txt 2012-10-09 20:47 - 2012-10-09 20:48 - 00000000 ____D C:\Users\Joe\Desktop\RK_Quarantine 2012-10-09 20:47 - 2012-10-09 20:47 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys 2012-10-09 20:04 - 2012-10-09 20:04 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-10-09 19:40 - 2012-10-09 19:40 - 00000000 ____D C:\Users\All Users\Mozilla 2012-10-09 19:40 - 2012-10-09 19:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2012-09-21 15:01 - 2012-08-25 03:50 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-21 15:01 - 2012-08-25 03:50 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-21 15:01 - 2012-08-25 03:50 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-21 15:01 - 2012-08-25 03:48 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-09-21 15:01 - 2012-08-25 03:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2012-09-21 15:01 - 2012-08-25 03:45 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-21 15:01 - 2012-08-25 03:45 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-21 15:01 - 2012-08-25 03:45 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-21 15:01 - 2012-08-25 03:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-21 15:01 - 2012-08-25 03:44 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-09-21 15:01 - 2012-08-25 03:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-21 15:01 - 2012-08-25 02:11 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-09-21 15:01 - 2012-08-25 00:31 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-09-21 15:01 - 2012-08-25 00:31 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-21 15:01 - 2012-08-25 00:30 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-09-21 15:01 - 2012-08-25 00:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb ==================== 3 Months Modified Files ================== 2012-10-14 19:17 - 2011-08-19 10:26 - 01878624 ____A C:\Windows\WindowsUpdate.log 2012-10-14 19:17 - 2006-11-02 05:01 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-10-14 19:17 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-14 19:17 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-14 19:17 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-14 19:16 - 2006-11-02 02:33 - 00703404 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-14 18:46 - 2012-04-02 20:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-10-12 20:52 - 2012-10-12 20:51 - 00000240 ____A C:\Users\Joe\Desktop\RootkitRemover20121012215140.txt 2012-10-12 20:50 - 2012-10-12 20:50 - 00475752 ____A (McAfee, Inc.) C:\Users\Joe\Desktop\rootkitremover.exe 2012-10-12 20:33 - 2012-08-16 02:30 - 00002110 ____A C:\Windows\PFRO.log 2012-10-12 09:00 - 2012-10-11 14:52 - 04771502 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe 2012-10-12 07:43 - 2012-10-12 07:43 - 00138384 ____A C:\Windows\Minidump\Mini101212-01.dmp 2012-10-12 07:42 - 2012-10-12 07:42 - 340175182 ____A C:\Windows\MEMORY.DMP 2012-10-11 14:54 - 2012-08-20 06:01 - 00000540 ____A C:\Windows\TMFilter.log 2012-10-11 02:05 - 2006-11-02 02:24 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-10-10 07:52 - 2012-10-10 07:52 - 00070536 ____A C:\Users\Joe\Desktop\Extras.Txt 2012-10-10 07:51 - 2012-10-10 07:51 - 00091476 ____A C:\Users\Joe\Desktop\OTL.Txt 2012-10-10 07:38 - 2012-10-10 07:38 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.exe 2012-10-10 07:38 - 2012-10-10 07:38 - 00001728 ____A C:\Users\Joe\Desktop\aswMBR.txt 2012-10-10 07:38 - 2012-10-10 07:38 - 00000512 ____A C:\Users\Joe\Desktop\MBR.dat 2012-10-10 07:33 - 2012-10-10 07:33 - 04731392 ____A (AVAST Software) C:\Users\Joe\Desktop\aswMBR.exe 2012-10-10 07:00 - 2012-10-10 07:00 - 00002855 ____A C:\Users\Joe\Desktop\dds.PIF 2012-10-10 06:22 - 2012-10-10 06:22 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.com 2012-10-09 21:00 - 2012-10-09 21:00 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.scr 2012-10-09 20:48 - 2012-10-09 20:48 - 00003851 ____A C:\Users\Joe\Desktop\RKreport[1].txt 2012-10-09 20:47 - 2012-10-09 20:47 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys 2012-10-09 20:45 - 2012-10-09 21:00 - 01422336 ____A C:\Users\Joe\Desktop\RogueKiller.exe 2012-10-09 20:04 - 2012-10-09 20:04 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-10-09 19:40 - 2008-12-21 16:46 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-10-08 14:47 - 2012-04-02 20:15 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-10-08 14:47 - 2011-07-16 17:02 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-09-13 20:22 - 2012-07-13 14:30 - 00003570 ____A C:\Windows\setupact.log 2012-09-13 05:28 - 2012-10-10 09:05 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-09-11 20:32 - 2012-09-11 20:32 - 00001867 ____A C:\Users\Joe\.powerupdate.user.properties 2012-09-09 07:01 - 2012-09-09 07:01 - 00001739 ____A C:\Users\Public\Desktop\MotoCast.lnk 2012-09-07 16:04 - 2011-07-16 13:36 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-29 03:27 - 2012-10-10 09:05 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-08-29 03:27 - 2012-10-10 09:05 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-08-25 03:50 - 2012-09-21 15:01 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-25 03:50 - 2012-09-21 15:01 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-25 03:50 - 2012-09-21 15:01 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-25 03:48 - 2012-09-21 15:01 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-08-25 03:46 - 2012-09-21 15:01 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2012-08-25 03:45 - 2012-09-21 15:01 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-25 03:45 - 2012-09-21 15:01 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-25 03:45 - 2012-09-21 15:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-25 03:45 - 2012-09-21 15:01 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-25 03:44 - 2012-09-21 15:01 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-08-25 03:44 - 2012-09-21 15:01 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-25 02:11 - 2012-09-21 15:01 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-08-25 00:31 - 2012-09-21 15:01 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-08-25 00:31 - 2012-09-21 15:01 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-25 00:30 - 2012-09-21 15:01 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-08-25 00:29 - 2012-09-21 15:01 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 07:53 - 2012-10-10 09:05 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-08-20 05:58 - 2012-08-20 05:58 - 00062399 ____A C:\Users\Joe\Desktop\Copy of Issues with August 2012 Update List-internal and external.xlsx 2012-08-16 02:32 - 2006-11-02 04:47 - 00372920 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-14 19:54 - 2012-08-14 19:54 - 00134144 ____A C:\Users\Joe\Desktop\Body_Fat_Worksheet_v6.0.xls 2012-08-10 12:29 - 2012-08-10 12:29 - 00001896 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-12 08:19:45 Restore point made on: 2012-10-14 19:00:31 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 3061.5 MB Available physical RAM: 2765.15 MB Total Pagefile: 2960.31 MB Available Pagefile: 2833.23 MB Total Virtual: 2047.88 MB Available Virtual: 1983.72 MB ==================== Partitions ============================= 1 Drive c: (ACER) (Fixed) (Total:138.61 GB) (Free:82.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:137.71 GB) (Free:96.44 GB) NTFS 4 Drive f: (LEXAR) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT 5 Drive x: (PQSERVICE) (Fixed) (Total:21.76 GB) (Free:15.72 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 968 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 22 GB 32 KB Partition 2 Primary 139 GB 22 GB Partition 3 Primary 138 GB 160 GB ========================================================= Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 X PQSERVICE NTFS Partition 22 GB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 C ACER NTFS Partition 139 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D DATA NTFS Partition 138 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 967 MB 16 KB ========================================================= Disk: 1 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 F LEXAR FAT Removable 967 MB Healthy ========================================================= Last Boot: 2012-10-14 18:30 ==================== End Of Log ============================
  5. jmanzella7
    Before I do any of the steps you described should I back-up files to an external drive? Will this delete any files from my computer? Also, if I transfer files to an external hard drive, is there a risk that I can spread the infection to another computer?
  6. jmanzella7
    Maniac, I don't think the issue is resolved. I wouldlike to continue to try to fix the issue.
  7. jmanzella7
    After several hours of ComboFix being stuck on the scan screen, I was forced to do a hard re-start on my computer. Just out of curiosity, I downloaded McAfee's rootkitremover software (since it's supposed to eliminate rootkit.zeroaccess) and ran it. When it did the initial scan, it said that it did not find any trojans. Is it possible that ComboFix ended up working, even though it looked like it was stuck? I just launched Google in FireFox and clicked several links, with no redirects.
  8. jmanzella7
    Ok. I decided to try to re-run ComboFix. Apparently I missed the first part of the message it showed last time. It said that I'm infected withrootkit.zeroaccess. ComboFix is still getting stuck at the initial scan screen. Something seems to be stopping it from running.
  9. jmanzella7
    Sorry, tried to paste screen captures of the error messages into the post but it didn't work for some reason. Anyway, here's the text from the "Windows has recovered from an unexpected shutdown" message: Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 9f BCP1: 00000003 BCP2: 8A849C70 BCP3: 8A849C70 BCP4: 8659E100 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini101212-01.dmp C:\Users\Joe\AppData\Local\Temp\WER-160805-0.sysdata.xml C:\Users\Joe\AppData\Local\Temp\WERC476.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
  10. jmanzella7
    My computer just woke up. Looks like something happened overnight. Here are the error messages that were up this morning:
  11. jmanzella7
    I let ComboFix run overnight, just in case it was working very slowly. Now my computer shows only a black screen. No desktop, nothing, just a black screen.
  12. jmanzella7
    Hi Maniac, I carefully read all the instructions before downloading and running ComboFix. A few minutes into the scan, a window popped up that said something like "Rootkit found, this may take a long time". I clicked ok. ComboFix has been running for over an hour now, and it is still on the scan page, but it doesn't look like it's making any progress. Is this normal? Thanks.
  13. jmanzella7
    Hi Maniac, Here's the link: https://www.virustotal.com/file/035281e2825a57714e78e3a97fc9a7eae410046f0c178808688b95ccbe688691/analysis/1349971322/ Thanks!
  14. jmanzella7
    Hi Maniac, here are the logs you requested. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19328 Joe :: JOE-PC [administrator] 10/10/2012 8:15:24 AM mbam-log-2012-10-10 (08-15-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189004 Time elapsed: 13 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------------- aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-10 08:36:18 ----------------------------- 08:36:18.173 OS Version: Windows 6.0.6002 Service Pack 2 08:36:18.173 Number of processors: 2 586 0xE08 08:36:18.175 ComputerName: JOE-PC UserName: Joe 08:36:44.142 Initialize success 08:37:06.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:37:06.248 Disk 0 Vendor: ST9320325AS 0001SDM1 Size: 305245MB BusType: 3 08:37:06.262 Disk 0 MBR read successfully 08:37:06.264 Disk 0 MBR scan 08:37:06.266 Disk 0 unknown MBR code 08:37:06.268 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22285 MB offset 63 08:37:06.289 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 141941 MB offset 45640665 08:37:06.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141018 MB offset 336336840 08:37:06.317 Disk 0 scanning sectors +625142448 08:37:06.377 Disk 0 scanning C:\Windows\system32\drivers 08:37:24.334 Service scanning 08:37:45.179 Modules scanning 08:37:52.119 Disk 0 trace - called modules: 08:37:52.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 08:37:52.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866649d8] 08:37:52.157 3 CLASSPNP.SYS[8abb58b3] -> nt!IofCallDriver -> [0x85379020] 08:37:52.160 5 acpi.sys[82a9b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d18b98] 08:37:52.164 Scan finished successfully 08:38:03.776 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat" 08:38:03.784 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt" --------------------------------------------------------------------------------------------------------------------------------------- OTL logfile created on: 10/10/2012 8:40:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.20% Memory free 6.20 Gb Paging File | 5.17 Gb Available in Paging File | 83.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.61 Gb Total Space | 84.55 Gb Free Space | 60.99% Space Free | Partition Type: NTFS Drive D: | 137.71 Gb Total Space | 96.44 Gb Free Space | 70.03% Space Free | Partition Type: NTFS Drive E: | 2.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/10 08:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/09/19 16:29:48 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe PRC - [2011/09/15 10:26:02 | 000,166,864 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe PRC - [2011/09/15 10:25:52 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe PRC - [2011/09/14 16:09:04 | 000,218,992 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/09/14 16:08:08 | 000,804,720 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/08/16 22:38:03 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Joe\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010/11/08 09:40:56 | 000,715,440 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe PRC - [2010/03/12 22:07:17 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe PRC - [2010/03/12 22:07:17 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2010/01/26 00:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/12/01 11:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006/11/20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006/11/19 23:13:00 | 004,018,176 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/11/16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006/11/13 01:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ========== Modules (No Company Name) ========== MOD - [2012/10/10 08:11:17 | 000,379,904 | ---- | M] () -- C:\Users\Joe\AppData\Local\Temp\libsqlitejdbc-8175058078959342349.lib MOD - [2012/10/10 08:10:29 | 000,205,824 | ---- | M] () -- C:\Users\Joe\AppData\Local\Temp\WindowsAPI.dll1235610244091184470.lib MOD - [2012/09/09 09:01:04 | 000,354,304 | ---- | M] () -- C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll MOD - [2011/09/15 10:26:02 | 000,071,680 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll MOD - [2011/09/15 10:26:02 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll MOD - [2011/09/15 10:26:02 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll MOD - [2011/09/15 10:26:02 | 000,054,784 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll MOD - [2011/09/15 10:26:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll MOD - [2011/09/15 10:26:02 | 000,051,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll MOD - [2011/09/15 10:26:02 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll MOD - [2011/09/15 10:26:02 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll MOD - [2011/09/15 10:26:02 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll MOD - [2011/09/15 10:26:02 | 000,032,768 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll MOD - [2011/09/15 10:26:02 | 000,024,576 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll MOD - [2011/09/15 10:26:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll MOD - [2011/09/15 10:26:02 | 000,011,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll MOD - [2011/09/15 10:26:00 | 000,163,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll MOD - [2011/09/15 10:26:00 | 000,150,528 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll MOD - [2011/09/15 10:26:00 | 000,149,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll MOD - [2011/09/15 10:26:00 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll MOD - [2011/09/15 10:26:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll MOD - [2011/09/15 10:26:00 | 000,061,952 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll MOD - [2011/09/15 10:26:00 | 000,047,616 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll MOD - [2011/09/15 10:26:00 | 000,039,424 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll MOD - [2011/09/15 10:26:00 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll MOD - [2011/09/15 10:26:00 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll MOD - [2011/09/15 10:26:00 | 000,035,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll MOD - [2011/09/15 10:26:00 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll MOD - [2011/09/15 10:26:00 | 000,032,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll MOD - [2011/09/15 10:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll MOD - [2011/09/15 10:26:00 | 000,025,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll MOD - [2011/09/15 10:26:00 | 000,025,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll MOD - [2011/09/15 10:26:00 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll MOD - [2011/09/15 10:26:00 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll MOD - [2011/09/15 10:26:00 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll MOD - [2011/09/15 10:25:58 | 000,531,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll MOD - [2011/09/15 10:25:58 | 000,119,296 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll MOD - [2011/09/15 10:25:58 | 000,074,240 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll MOD - [2011/09/15 10:25:58 | 000,037,888 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll MOD - [2011/09/15 10:25:58 | 000,029,696 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll MOD - [2011/09/15 10:25:54 | 002,009,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll MOD - [2011/09/15 10:25:54 | 001,694,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll MOD - [2011/09/15 10:25:54 | 001,563,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll MOD - [2011/09/15 10:25:54 | 001,520,128 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll MOD - [2011/09/15 10:25:54 | 001,396,736 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll MOD - [2011/09/15 10:25:54 | 001,376,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll MOD - [2011/09/15 10:25:54 | 000,682,496 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll MOD - [2011/09/15 10:25:54 | 000,563,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll MOD - [2011/09/15 10:25:54 | 000,363,008 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll MOD - [2011/09/15 10:25:54 | 000,276,992 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll MOD - [2011/09/15 10:25:54 | 000,248,352 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll MOD - [2011/09/15 10:25:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll MOD - [2011/09/15 10:25:54 | 000,190,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll MOD - [2011/09/15 10:25:54 | 000,187,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll MOD - [2011/09/15 10:25:54 | 000,179,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll MOD - [2011/09/15 10:25:54 | 000,162,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll MOD - [2011/09/15 10:25:54 | 000,125,440 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll MOD - [2011/09/15 10:25:54 | 000,123,947 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll MOD - [2011/09/15 10:25:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll MOD - [2011/09/15 10:25:54 | 000,122,368 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll MOD - [2011/09/15 10:25:54 | 000,091,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll MOD - [2011/09/15 10:25:54 | 000,088,064 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll MOD - [2011/09/15 10:25:54 | 000,085,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll MOD - [2011/09/15 10:25:54 | 000,083,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll MOD - [2011/09/15 10:25:54 | 000,079,872 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll MOD - [2011/09/15 10:25:54 | 000,078,336 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll MOD - [2011/09/15 10:25:54 | 000,073,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll MOD - [2011/09/15 10:25:54 | 000,070,144 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll MOD - [2011/09/15 10:25:54 | 000,067,584 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll MOD - [2011/09/15 10:25:54 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll MOD - [2011/09/15 10:25:54 | 000,048,640 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll MOD - [2011/09/15 10:25:54 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll MOD - [2011/09/15 10:25:54 | 000,038,912 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll MOD - [2011/09/15 10:25:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll MOD - [2011/09/15 10:25:54 | 000,036,864 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll MOD - [2011/09/15 10:25:54 | 000,033,280 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll MOD - [2011/09/15 10:25:54 | 000,030,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll MOD - [2011/09/15 10:25:54 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll MOD - [2011/09/15 10:25:54 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll MOD - [2011/09/15 10:25:54 | 000,026,624 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll MOD - [2011/09/15 10:25:54 | 000,023,552 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll MOD - [2011/09/15 10:25:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll MOD - [2011/09/15 10:25:54 | 000,019,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll MOD - [2011/09/15 10:25:54 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll MOD - [2011/09/15 10:25:54 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll MOD - [2011/09/15 10:25:54 | 000,017,920 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll MOD - [2011/09/15 10:25:54 | 000,016,896 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll MOD - [2011/09/15 10:25:54 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll MOD - [2011/09/15 10:25:54 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll MOD - [2011/09/15 10:25:54 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll MOD - [2011/09/15 10:25:54 | 000,011,776 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll MOD - [2011/09/15 10:25:54 | 000,008,192 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll MOD - [2011/09/15 10:25:52 | 000,331,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll MOD - [2011/09/15 10:25:52 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe MOD - [2011/09/15 10:25:52 | 000,199,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll MOD - [2011/09/15 10:25:52 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll MOD - [2011/09/15 10:25:52 | 000,108,544 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll MOD - [2011/09/15 10:25:52 | 000,053,760 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll MOD - [2011/09/15 10:25:52 | 000,038,400 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll MOD - [2011/09/15 10:25:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll MOD - [2011/09/14 16:08:08 | 000,804,720 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2007/03/30 11:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService) SRV - File not found [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012/10/08 15:47:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/05 19:15:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/19 16:29:48 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2011/09/14 16:09:04 | 000,218,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/11/08 09:40:56 | 000,715,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2010/03/12 22:07:17 | 000,689,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2010/03/12 22:07:17 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2009/07/20 10:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/31 15:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [On_Demand | Stopped] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController) SRV - [2006/12/01 11:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006/11/30 20:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006/11/20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006/11/16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006/11/13 01:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\xaudio.sys -- (XAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Joe\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/10/09 21:47:45 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight) DRV - [2011/07/12 03:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt) DRV - [2011/07/12 03:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt) DRV - [2011/07/12 03:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint) DRV - [2010/07/19 11:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon) DRV - [2010/07/19 11:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr) DRV - [2010/07/19 11:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm) DRV - [2010/03/12 22:07:25 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2006/11/22 00:29:00 | 004,455,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/11/02 01:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2006/11/02 00:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/10/29 18:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006/10/24 23:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006/10/24 23:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006/10/24 23:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006/10/18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com/ IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{5E3967A3-FFDB-427E-968D-3EE8486D14FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_en IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Joe\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/09 20:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/10 13:29:02 | 000,000,000 | ---D | M] [2008/12/21 17:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions [2012/07/24 20:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions [2012/02/08 19:19:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/08 19:19:19 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\2020Player@2020Technologies.com [2012/02/08 19:19:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\moveplayer@movenetworks.com [2012/07/24 20:09:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/09 20:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/23 21:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/10/05 19:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2004/08/18 12:00:00 | 000,270,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCAENTU.dll [2004/08/18 12:00:00 | 001,294,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCARSA.dll [2004/08/18 12:00:00 | 000,348,160 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\GuiUtils.dll [2004/08/18 12:00:00 | 000,393,216 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDBsignWeb.dll [2011/02/02 19:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2004/08/18 12:00:00 | 000,122,880 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\mozilla firefox\plugins\nsldap32v30.dll [2012/10/05 19:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/05 19:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000..\Run: [Dropbox] C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll () O4 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk () O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A46013-805B-456C-91FF-75978ACDE10B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95BCE07-1B66-4DFD-92B4-B94208B884FE}: DhcpNameServer = 10.61.32.1 4.2.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/01 23:15:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1cdaa7cf-84f3-11de-96cf-0016d467f43c}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe O33 - MountPoints2\{75ff7d10-75c6-11df-93c9-0014d11b3ffe}\Shell - "" = AutoRun O33 - MountPoints2\{75ff7d10-75c6-11df-93c9-0014d11b3ffe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{9d108e69-693f-11dc-af33-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{9d108e69-693f-11dc-af33-0016d467f43c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{eeaa0b04-fa8c-11e1-8878-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{eeaa0b04-fa8c-11e1-8878-0016d467f43c}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a O33 - MountPoints2\{fc2cddde-3c46-11e1-a0dd-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{fc2cddde-3c46-11e1-a0dd-0016d467f43c}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a O33 - MountPoints2\{fc2cde07-3c46-11e1-a0dd-0016d467f43c}\Shell - "" = AutoRun O33 - MountPoints2\{fc2cde07-3c46-11e1-a0dd-0016d467f43c}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/10 08:38:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2012/10/10 08:33:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2012/10/10 07:22:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.com [2012/10/09 22:00:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.scr [2012/10/09 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\RK_Quarantine [2012/10/09 20:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/10/09 20:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/09/11 21:33:19 | 000,000,000 | ---D | C] -- C:\Dropbox [2012/09/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Cmaps [2012/09/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\CmapTools [2012/09/11 21:33:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\CmapToolsLogs ========== Files - Modified Within 30 Days ========== [2012/10/10 08:46:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/10 08:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2012/10/10 08:38:03 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat [2012/10/10 08:33:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe [2012/10/10 08:16:24 | 000,604,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/10/10 08:16:24 | 000,104,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/10/10 08:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/10 08:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/10 08:10:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/10 08:00:49 | 000,002,855 | ---- | M] () -- C:\Users\Joe\Desktop\dds.PIF [2012/10/10 07:22:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.com [2012/10/09 22:00:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.scr [2012/10/09 21:47:45 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/10/09 21:45:35 | 001,422,336 | ---- | M] () -- C:\Users\Joe\Desktop\RogueKiller.exe [2012/10/09 21:04:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/09 20:40:40 | 000,000,874 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/09 20:40:40 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/09/11 21:32:07 | 000,001,867 | ---- | M] () -- C:\Users\Joe\.powerupdate.user.properties ========== Files Created - No Company Name ========== [2012/10/10 08:38:03 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat [2012/10/10 08:00:49 | 000,002,855 | ---- | C] () -- C:\Users\Joe\Desktop\dds.PIF [2012/10/09 22:00:54 | 001,422,336 | ---- | C] () -- C:\Users\Joe\Desktop\RogueKiller.exe [2012/10/09 21:47:45 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/10/09 21:04:57 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/11 21:32:07 | 000,001,867 | ---- | C] () -- C:\Users\Joe\.powerupdate.user.properties [2011/08/16 21:57:50 | 000,000,680 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat [2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll [2009/02/13 07:49:36 | 000,002,716 | -H-- | C] () -- C:\Users\Joe\.strange-eons-settings [2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Users\Joe\.strange-eons-editor-session [2009/02/13 07:49:16 | 000,000,000 | -H-- | C] () -- C:\Users\Joe\.strange-eons-user-dict [2007/02/18 20:20:45 | 000,000,552 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d8caps.dat [2007/02/15 20:41:11 | 000,099,328 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2012/02/08 13:19:59 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB38361$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N4P7ZWKR\t.cxt.ms\lso.swf\u.sol [2012/02/08 09:09:05 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB38361$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N4P7ZWKR\wbads.vo.llnwd.net\o25\u [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007/02/12 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Acer [2010/06/09 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Amazon [2010/08/24 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\AVICFeeds [2012/09/11 21:45:19 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\CmapTools [2012/10/10 08:10:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Dropbox [2011/12/02 22:23:38 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Electronic Arts [2009/01/04 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Flickr [2009/02/10 16:47:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FloodLightGames [2012/02/08 19:19:16 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FreeAudioPack [2007/02/12 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech [2012/10/10 08:12:02 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\MotoCast [2012/09/09 08:02:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola [2007/05/19 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PureEdge [2011/04/25 17:18:20 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ScanSoft [2012/07/16 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Unity ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB38361$] -> Error: Cannot create file handle -> Unknown point type < End of report > ------------------------------------------------------------------------------------------------------------------------------------- OTL Extras logfile created on: 10/10/2012 8:40:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.20% Memory free 6.20 Gb Paging File | 5.17 Gb Available in Paging File | 83.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.61 Gb Total Space | 84.55 Gb Free Space | 60.99% Space Free | Partition Type: NTFS Drive D: | 137.71 Gb Total Space | 96.44 Gb Free Space | 70.03% Space Free | Partition Type: NTFS Drive E: | 2.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567 "55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568 "55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569 "55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570 "55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567 "55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570 "55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568 "55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569 "55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.) "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- () "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.) "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- () "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0689650B-C576-472B-A3BC-70E124B2EE02}" = lport=55566 | protocol=6 | dir=out | name=rosettastoneltdservices port 55566 | "{09E58C8A-D4CE-42DF-9DF0-F19A9D90F098}" = lport=2869 | protocol=6 | dir=in | app=system | "{15CEEB51-BDF4-4227-9E80-81E70040DE3F}" = lport=55570 | protocol=6 | dir=out | name=rosettastoneltdservices port 55570 | "{18D1CDCB-BB08-4903-9391-E34D3545E692}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D677432-C2E1-429D-9674-94A606BE6645}" = lport=55569 | protocol=6 | dir=out | name=rosettastoneltdcontroller port 55569 | "{31C2A865-1DCE-4FF3-9BD1-BA558CA11D97}" = lport=55567 | protocol=6 | dir=out | name=rosettastoneltdservices port 55567 | "{40416435-F35B-4868-928F-8BE1383C8D4F}" = lport=10243 | protocol=6 | dir=in | app=system | "{49519BCF-5135-4742-90AF-48470C71ABD4}" = lport=55569 | protocol=6 | dir=in | name=rosettastoneltdcontroller port 55569 | "{56B32F68-26F2-490C-A4C9-EBCD30979A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{58DCC18D-7E06-4188-8BCE-F846F4853ED3}" = lport=55567 | protocol=6 | dir=in | name=rosettastoneltdservices port 55567 | "{690D2EB7-B944-468D-AA51-CE1C8A5F8847}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8465F3A1-5737-4028-8212-3E90FF15D09D}" = lport=55568 | protocol=6 | dir=out | name=rosettastoneltdserver port 55568 | "{87BF9FE7-A418-46EE-A0F0-3792E2992E59}" = rport=10243 | protocol=6 | dir=out | app=system | "{88C99F19-3F3C-4B9B-90AA-B44A3EFA7408}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A5009E28-65B2-47C6-A38A-CD3867CA44C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D659C140-9608-4CBA-9412-5DDB3708F1B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DAE12C66-097B-499D-907A-CF3479FC055C}" = lport=55568 | protocol=6 | dir=in | name=rosettastoneltdserver port 55568 | "{EE8C9053-A812-4492-B172-D3BEEEFC206D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F712A96A-4E52-47BB-AFC1-AD397FB45E85}" = lport=55566 | protocol=6 | dir=in | name=rosettastoneltdservices port 55566 | "{FB89B564-6614-42A0-9D3F-8638B800900E}" = lport=55570 | protocol=6 | dir=in | name=rosettastoneltdservices port 55570 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02409618-3ABD-468B-97C9-762B2C55FE44}" = protocol=6 | dir=out | app=system | "{07DC014F-7BF4-47E3-A78C-6F55F97819C5}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdserver.exe | "{0ABC62F1-B29E-4564-AC59-EFD3649C1865}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe | "{0F45AE59-9004-45D8-BE9C-158480CD42CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24834E4C-3087-4CB8-9737-1861FA19C972}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdcontroller.exe | "{300FC74B-2318-4D14-AC53-306200A8835E}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | "{3386C163-E6F4-438A-9882-E9A8FCF60B6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{40295A2A-3A92-4C66-ADB9-BA76F74DC7B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{47C39F74-3446-4FB4-B64D-B39E7559E330}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | "{4F8E4EAB-25F5-4C75-95FC-31EE6B7C5A64}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{51590D0B-8961-443C-8915-44929F3ACA39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{51FD9217-0408-4F1D-A7B1-A65B22EB27F5}" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "{593C912D-576F-4E21-9543-B9250C0A28D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A594B6A-1F8E-443D-901A-E7CAEE929B65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6D00E858-E1DA-49AC-B921-43501069DE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7248EE68-76C1-45C7-9C47-044DD681AC90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7800F2C0-61EC-46EF-9BD3-FE42189A9553}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe | "{78402537-7529-404A-A2E9-A8D68697B596}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdcontroller.exe | "{7967405D-3F42-4CB4-B8B4-717F407013A2}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe | "{8B06D77D-2F86-43A3-8B5B-39C2DF393B13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C4DD988-5704-493D-8616-DEEFE1C614B6}" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "{9CE01A5F-513C-439F-BFE0-079DCF3FF552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9F893350-2C76-43AA-8588-ADD332EA2997}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A928FCD1-4276-4B12-AB94-4E638A5BE2A8}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe | "{B580988E-2F00-444E-BFE5-A9F39CC5966C}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe | "{C5FFB29A-8D5D-4F9E-BF6C-5121C513CAD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCA16330-532E-471C-915C-9085BC35F2EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E101189B-4644-4E5F-952B-8AB20BBCB70A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E6F32A35-4EC1-4998-8D7C-B64A5B6B4133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F3DCEC0F-2610-496D-AA55-0C1019D3EA55}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdserver.exe | "TCP Query User{3C00E1D7-9488-4F0C-B997-96697B48DD5E}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe | "TCP Query User{3F602C5D-0321-49B8-86D7-BBD05CC30B4E}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "TCP Query User{408BF19B-BAEA-4348-8D3E-7637A4E9E0EF}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | "TCP Query User{6B44D16D-3815-4904-9F50-D5DC011FF14C}C:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{8DC87BD9-9973-4197-B828-F4E96C536C3A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9A200B56-DC7C-49F9-AF88-A982BCF87724}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{AA69FA27-C0D2-4568-8B25-0116AA4F2F3F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{ACBF0BBB-FA4E-4300-81DD-5AC39E4471B9}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | "UDP Query User{24A8F7B3-9F00-4388-9A27-5210981D33CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{607F7202-8CCA-4FF7-8019-3EA6FBD2BB92}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe | "UDP Query User{6E81629D-83BE-4EC7-9B82-D147F917E6D4}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | "UDP Query User{7FE35512-8F91-4EAC-8465-FC9E1E2CC58A}C:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{90041FF3-0B93-4E7F-94C1-0B6348C61344}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{911C4B21-4A86-4BF8-A998-663AA5D06763}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{D3FB173B-531C-4C27-AED3-CFF3A5E4E5FE}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | "UDP Query User{D6667EE9-6CCF-41C4-9941-BEB978347864}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver "{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86 "{1D8BBD52-90D4-4B20-8C4C-2160C21A07DE}" = AVIC FEEDS "{20F8DC31-F965-4DD6-BC8A-2820C25A3ED0}" = ApproveIt Desktop 5.8.2 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2F6CF9E4-91EC-45BB-B5C5-9B31DACC429C}" = Motorola Mobile Drivers Installation 5.3.0 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK "{3960C3B3-4F51-47EA-815E-EC73AA525ADE}" = Sun Java System Connector for Microsoft Outlook 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11 "{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5 "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Acer Registration" = Acer Registration "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agatha Christie - Death on the Nile" = Agatha Christie - Death on the Nile (remove only) "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10 "CCleaner" = CCleaner "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22 "Defraggler" = Defraggler "ENTERPRISER" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02 "Inspector Parker" = Inspector Parker "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MotoHelper" = MotoHelper 2.1.9 Driver 5.3.0 "Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Recuva" = Recuva "Speccy" = Speccy "STANDARDR" = Microsoft Office Standard 2007 Trial "StrangeEons" = Strange Eons "SynTPDeinstKey" = Synaptics Pointing Device Driver "VASSAL (3.1.15)" = VASSAL (3.1.15) "VUE" = VUE 3.1.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.2.0 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ ActivIdentity Events ] Error - 2/24/2010 12:32:13 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769 Description = No exchange account Error - 2/24/2010 12:38:21 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769 Description = No exchange account Error - 2/24/2010 1:19:23 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769 Description = No exchange account [ Application Events ] Error - 7/12/2012 5:43:07 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp 0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xaa4, application start time 0x01cd607751d62d90. Error - 7/13/2012 1:20:44 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp 0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xbf8, application start time 0x01cd611bd47c3509. Error - 7/13/2012 1:26:53 PM | Computer Name = Joe-PC | Source = MsiInstaller | ID = 11719 Description = Error - 7/13/2012 1:30:24 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp 0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xebc, application start time 0x01cd611d2c5ee223. Error - 7/13/2012 4:57:02 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000 Description = Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp 0x4de50c7e, faulting module ppcore.dll, version 12.0.6654.5000, time stamp 0x4e8d280f, exception code 0xc0000005, fault offset 0x0000b2c3, process id 0x900, application start time 0x01cd611d0a141323. Error - 8/1/2012 10:35:49 PM | Computer Name = Joe-PC | Source = Perflib | ID = 1010 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 9/17/2009 11:54:45 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ OSession Events ] Error - 2/23/2011 4:26:33 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 232 seconds with 120 seconds of active time. This session ended with a crash. Error - 2/23/2011 4:28:49 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time. This session ended with a crash. Error - 2/23/2011 4:31:05 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124 seconds with 60 seconds of active time. This session ended with a crash. Error - 2/23/2011 4:32:21 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/2/2011 12:40:27 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/10/2011 8:22:21 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 616 seconds with 600 seconds of active time. This session ended with a crash. Error - 12/22/2011 5:44:08 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/12/2012 5:43:07 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/13/2012 1:20:43 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/13/2012 1:30:24 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/10/2012 10:07:21 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:19:29 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:13:45 AM on 10/10/2012 was unexpected. Error - 10/10/2012 10:19:51 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:19:51 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:27:46 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:24:29 AM on 10/10/2012 was unexpected. Error - 10/10/2012 10:28:02 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 10:28:02 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 11:10:05 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:01:46 AM on 10/10/2012 was unexpected. Error - 10/10/2012 11:10:19 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10/10/2012 11:10:19 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > ----------------------------------------------------------------------------------- Thanks again for your help.
  15. jmanzella7
    My computer has been infected by malware that redirects my google search results to random websites. When the problem first started, Malwarebytes was actually able to find it and supposedly get rid of it, but now the problem is back and neither my TrendMicro or Malwarebytes seem to be able to see it. As directed, I downloaded DDS and tried to run it, but every time I open it it results in my computer freezing. It opens, runs for a few minutes, seems to be working, then everything freezes. I have turned off my TrendMicro and the active protection feature in Windows Defender in order to enable the script to run without interference. Is there something I'm missing? Before I read about DDS I had downloaded and run RogueKiller. The report is pasted below. Don't know if this helps or not. RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Joe [Admin rights] Mode : Scan -- Date : 10/09/2012 21:48:47 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll -> UNLOADED [sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll -> KILLED [TermProc] [sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Dropbox (rundll32.exe C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll,GetImporterInterface) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-452256800-3484198201-3087025338-1000[...]\Run : Dropbox (rundll32.exe C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll,GetImporterInterface) -> FOUND [TASK][sUSP PATH] {5C83FDEC-3EEC-4420-86F9-BF192C89220D} : C:\Windows\System32\pcalua.exe -a "C:\Users\Joe\Desktop\ActiveClientCAC_DoDRoot\InstallRootCerts\InstallRoot v2.16(A).exe" -d C:\Users\Joe\Desktop\ActiveClientCAC_DoDRoot\InstallRootCerts -> FOUND [TASK][sUSP PATH] {D3E9814B-C704-45CE-A3AE-885BE5F36D63} : C:\Windows\System32\pcalua.exe -a C:\Users\Joe\Desktop\InstallRoot_v2_20A-B-S\InstallRoot_v2.20A.exe -d C:\Users\Joe\Desktop\InstallRoot_v2_20A-B-S -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[64] : NtCreateKey @ 0x825FD140 -> HOOKED (Unknown @ 0x884FD0A0) SSDT[67] : NtCreateMutant @ 0x8262E812 -> HOOKED (Unknown @ 0x884FE3E0) SSDT[72] : NtCreateProcess @ 0x8269FDAB -> HOOKED (Unknown @ 0x884FC2E0) SSDT[73] : NtCreateProcessEx @ 0x8269FDF6 -> HOOKED (Unknown @ 0x884FC5A0) SSDT[78] : NtCreateThread @ 0x8269FBE0 -> HOOKED (Unknown @ 0x884FDF00) SSDT[123] : NtDeleteKey @ 0x825C0727 -> HOOKED (Unknown @ 0x884FD620) SSDT[126] : NtDeleteValueKey @ 0x825BBCC8 -> HOOKED (Unknown @ 0x884FD8E0) SSDT[165] : NtLoadDriver @ 0x82579DEE -> HOOKED (Unknown @ 0x884FE240) SSDT[194] : NtOpenProcess @ 0x8262EFAE -> HOOKED (Unknown @ 0x884FCB20) SSDT[317] : NtSetSystemInformation @ 0x825F4EEB -> HOOKED (Unknown @ 0x884FE580) SSDT[324] : NtSetValueKey @ 0x825EC3C2 -> HOOKED (Unknown @ 0x884FD360) SSDT[334] : NtTerminateProcess @ 0x825FF143 -> HOOKED (Unknown @ 0x884FCDE0) SSDT[358] : NtWriteVirtualMemory @ 0x8261B92D -> HOOKED (Unknown @ 0x884FDD60) SSDT[382] : NtCreateThreadEx @ 0x82629FE9 -> HOOKED (Unknown @ 0x884FE0A0) SSDT[383] : NtCreateUserProcess @ 0x825D7C11 -> HOOKED (Unknown @ 0x884FC860) S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x884FEBE0) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x884FEA00) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320325AS ATA Device +++++ --- User --- Thanks for your help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.