dreadree
Honorary Members-
Posts
29 -
Joined
-
Last visited
Reputation
0 Neutral-
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
All cleaned up! Thank your for you time and patience -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Maurice, To answer your question, the system seems to be running fine. I just don't have any of the files that were there just last week. My laptop is quite old, maybe it is something to do with my hardware. Like I said before, this was a valuable lesson about backing up my data. I spent a lot of time gathering and creating resources for my classroom. I appreciate all of your help here. -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.31.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Deirdre :: DEIRDRE-PC [administrator] Protection: Enabled 1/30/2013 10:32:40 PM mbam-log-2013-01-30 (22-32-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 263135 Time elapsed: 6 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28275A70-6C0C-4098-90B7-82AC87AD5581}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28275A70-6C0C-4098-90B7-82AC87AD5581}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28275A70-6C0C-4098-90B7-82AC87AD5581}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28275A70-6C0C-4098-90B7-82AC87AD5581}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\LaunchU3.exe -a not found. ========== SERVICES/DRIVERS ========== Service avg8emc stopped successfully! Service avg8emc deleted successfully! Service avg8wd stopped successfully! Service avg8wd deleted successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 58264 bytes User: Default User ->Flash cache emptied: 0 bytes User: Deirdre ->Flash cache emptied: 58981 bytes User: Deirdre New ->Flash cache emptied: 58264 bytes User: Guest ->Flash cache emptied: 58264 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Deirdre User: Deirdre New User: Guest User: Public Total Java Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 01302013_220841 -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
OTL Extras logfile created on: 1/29/2013 7:58:55 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deirdre\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.46% Memory free 6.09 Gb Paging File | 4.75 Gb Available in Paging File | 78.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223.02 Gb Total Space | 175.03 Gb Free Space | 78.48% Space Free | Partition Type: NTFS Drive D: | 9.86 Gb Total Space | 8.81 Gb Free Space | 89.33% Space Free | Partition Type: NTFS Drive F: | 495.22 Mb Total Space | 408.26 Mb Free Space | 82.44% Space Free | Partition Type: FAT Computer Name: DEIRDRE-PC | User Name: Deirdre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{085199AC-E94E-4669-8F9C-7A4799A801CB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1253DF43-5B8E-439E-BE40-B3C35400B257}" = rport=138 | protocol=17 | dir=out | app=system | "{199AB625-19B4-4BE6-94F2-0B7C344AE24E}" = lport=137 | protocol=17 | dir=in | app=system | "{1D7D59A7-1E35-4E64-B434-D990005B7CD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{346E91E9-1217-4D50-B8F1-32335121AB72}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{365F397B-86EE-4B17-A21C-1C2808BCCAF1}" = lport=445 | protocol=6 | dir=in | app=system | "{47CFDB72-FC66-469B-81B4-215CF044EE5A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4DF0BCB6-7BA1-47C7-AC4B-FC5CBBC3CD9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4E073FBB-2C93-4180-9438-F2F3874E23A7}" = rport=445 | protocol=6 | dir=out | app=system | "{6506DBA9-C221-453E-A918-86EF3E16BCE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{678749EE-6804-4A85-A75B-D1E19AFF4851}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B0411D0-C082-4C8E-A724-768D2EF8868F}" = rport=137 | protocol=17 | dir=out | app=system | "{846F0030-8F1A-4A47-9501-E513119624EF}" = lport=138 | protocol=17 | dir=in | app=system | "{BA929633-13C9-4425-9D6F-06A12DAA00A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D04C945D-23FA-4C19-BAE3-D18BC98DFFBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5A29DC5-0C24-4DD5-9BA7-233B5D2A79EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D856A296-424D-47B3-ABED-2F7952712FF8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ED6DEBE9-5BBC-488C-8AD1-D50BCD8F40EF}" = rport=139 | protocol=6 | dir=out | app=system | "{EDFEBEB8-C480-4334-909D-4C09D4FB2EE5}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FCA133-62DA-4896-91B3-C396F8DBAD12}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{0AF92051-CFCF-4726-81FB-4026937F9F6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{0D114C58-EF9B-420C-83C8-F4496972C780}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{0DC46BE4-0F23-40FF-BB55-344E23E550F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3592B772-D3FF-495C-B2A6-08D93D8BC57E}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{3A6A6595-A77B-4ECA-84B8-345D06E1124C}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{43EE4C52-0D1F-4D9B-BE25-6814D40721AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{469AD5F6-8B25-49E3-A139-B1779361FA4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{515EC35A-CF0E-4BDC-B98C-39C6ADA0369A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{5A2315C0-45C6-4392-B329-2DD8C239BF3D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{5D500A14-07EB-4251-995C-A11A6DB4967B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{676BB2D9-4A25-4F39-A369-3D3F3E3E157D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{789F6140-9190-4B96-B6C4-2712ECBD77D2}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{8454C891-500E-4F2E-B082-21ED4AB360D5}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{8B4FDCFE-E1C1-4A91-BF5B-04D1BE974263}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{90EFE7A9-89DE-4DB5-B454-49302C7558A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{95059C8B-5286-4555-BF3B-1A9BE2738C74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A28A0EAD-6691-4AD0-A6F5-BC95DE9CCDF7}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | "{BABE679C-A20C-4B13-8C34-DBD81AB6D2BA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{C0EA8201-8DF2-460B-8FA0-CA6DF34E6153}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{C20EC397-AD07-48CB-B006-A8B0A7228154}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{C663825D-692B-4086-8BA7-D7D75E09A447}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{D10554F7-8301-4592-8842-C07523F564EC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{D3DA7F49-2308-4C24-8C5B-580112B0B3E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DDC235EF-5DDD-4A1A-AFCA-1E7791FC1B35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E91B899B-7E8B-4946-8DD3-7A0432467C68}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{4553A73F-844C-4E3A-BDDB-CDE3FEB5AAC9}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | "TCP Query User{4F4A85C3-A918-4A58-9A76-E3741ECBC04E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{90FDBC08-7B3E-4119-B6C3-E45321FF0221}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | "TCP Query User{A6D3CEEA-A864-4625-9F3B-944ED683812D}C:\windows\system32\spool\drivers\w32x86\3\e_dupa30.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\e_dupa30.exe | "TCP Query User{AFF378F4-BCB7-4F24-9977-F9CD4BCFEB9F}E:\web\securwebcd.exe" = protocol=6 | dir=in | app=e:\web\securwebcd.exe | "TCP Query User{F8CEE17B-959F-456B-831C-8BEBE1E3568F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{21EFAB39-7408-406C-8E4E-E8BE718EAEF6}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | "UDP Query User{44724ACB-C079-427C-A5EF-7D289B590383}C:\windows\system32\spool\drivers\w32x86\3\e_dupa30.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\e_dupa30.exe | "UDP Query User{969F957D-5B33-427B-BC55-03CC1470FC30}E:\web\securwebcd.exe" = protocol=17 | dir=in | app=e:\web\securwebcd.exe | "UDP Query User{BD8A3247-4BC9-4B1C-AEF4-D370C6C6981B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{EBEB5D37-0E12-404E-A25D-C1D9707F6794}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | "UDP Query User{EF46C767-5BC1-457D-8968-D8BC40BFEF44}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00AA68AB-6F0A-4D90-96DF-8C13B993CAA3}_is1" = Pavtube Video DVD Converter Suite version 1.0.1.43 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{14C8EF72-23A2-416C-B70C-CFE2138BB6DA}" = AssessmentAsst_Gr3 "{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker "{15482D1C-117B-4201-8D39-985A91ED8433}" = PhotoJoy "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer "{2348B97D-C991-438F-BC44-294C931E7B8B}" = SMART Essentials for Educators "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1 "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1 "{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}" = HP User Guides 0121 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2 "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0 "{83036763-5d82-4a9d-bab9-ec0fba5bcc0b}.sdb" = ISB Guitar Tutor One SDB "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{896C6BC9-F655-4179-9BE9-E102953B9DAE}_is1" = Pavtube DVD Ripper version 1.0.1.33 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B4EE51E6-2C80-4B04-BDE0-ED4E87BEFECD}_is1" = Video Converter version 1.0.1.43 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C277A5D5-463E-4C55-B6CE-3E3ED0CBDEA8}" = Punch! Weekend Project "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CAFECAFE-0013-0001-0126-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.26 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone "{E7DB49CE-3856-4AE4-AD5F-4077F07CE47C}" = REM Rate 12 "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}" = Motorola Phone Tools "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F4415576-418A-1721-9177-BB4ADDDC66B3}" = Legalsounds Download Manager "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{F9001C89-8036-4673-9577-E7CD8564807C}" = The Print Shop 20 "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04) "A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10 "AIM_6" = AIM 6 "AVG9Uninstall" = AVG Free 9.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Cricut DesignStudio" = Cricut DesignStudio "dBpowerAMP Music Converter" = dBpowerAMP Music Converter "EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall "EPSON Scanner" = EPSON Scan "ERUNT_is1" = ERUNT 1.1j "HDMI" = Intel® Graphics Media Accelerator Driver "Hooked on Math Learn to Count" = Hooked on Math Learn to Count "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "IncrediMail" = IncrediMail 2.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{14C8EF72-23A2-416C-B70C-CFE2138BB6DA}" = AssessmentAsst_Gr3 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "iTGA Grade K" = iTGA Grade K "iTLG Grade 3" = iTLG Grade 3 "LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.8 "LegalsoundsDownloadManager" = Legalsounds Download Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MVApplication1" = Memorex exPressit Label Design Studio "New LEGO Digital Designer" = LEGO Digital Designer "PhonicsWorks" = PhonicsWorks "PhotoJoy" = PhotoJoy "PhotoMail" = PhotoMail Maker "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "PROPLUS" = Microsoft Office Professional Plus 2007 "Punch! Home Design - AS4000" = Punch! Home Design - AS4000 "RCA Detective™_is1" = RCA Detective™ 3.0.0.101 "RCA easyRip_is1" = RCA easyRip 2.4.6.0 "RCA Updater_is1" = RCA Updater 2.0.0.0 "Recuva" = Recuva "Shockwave" = Shockwave "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Talking Flash Cards" = Talking Flash Cards "TeamViewer 5" = TeamViewer 5 "UnityWebPlayer" = Unity Web Player (All users) "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6d "WebPost" = Microsoft Web Publishing Wizard 1.52 "WildTangent hp Master Uninstall" = My HP Games "Zune" = Zune ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Facebook Plug-In" = Facebook Plug-In "Smilebox" = Smilebox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/27/2013 1:55:05 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/27/2013 2:15:46 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/27/2013 2:24:47 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/27/2013 8:11:42 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/27/2013 9:04:39 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/28/2013 8:56:21 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/28/2013 9:14:20 PM | Computer Name = Deirdre-PC | Source = Perflib | ID = 1010 Description = Error - 1/28/2013 9:29:57 PM | Computer Name = Deirdre-PC | Source = Application Error | ID = 1000 Description = Faulting application mbar.exe, version 1.1.0.1017, time stamp 0x50f9ae57, faulting module QtGui4.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x16b4, application start time 0x01cdfdc01d3b25ed. Error - 1/28/2013 9:31:19 PM | Computer Name = Deirdre-PC | Source = Application Error | ID = 1000 Description = Faulting application mbar.exe, version 1.1.0.1017, time stamp 0x50f9ae57, faulting module QtGui4.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xf0c, application start time 0x01cdfdc0552b75ed. Error - 1/29/2013 8:17:59 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = Error - 1/29/2013 8:53:00 PM | Computer Name = Deirdre-PC | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect VPN Client Events ] Error - 1/27/2013 2:17:43 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service Error - 1/27/2013 2:29:12 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 9: Client PC is shutting down. Error - 1/27/2013 2:29:12 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service Error - 1/27/2013 9:01:48 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 9: Client PC is shutting down. Error - 1/27/2013 9:01:48 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service Error - 1/27/2013 10:47:49 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 9: Client PC is shutting down. Error - 1/27/2013 10:47:49 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service Error - 1/28/2013 10:38:25 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 9: Client PC is shutting down. Error - 1/29/2013 8:25:48 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 9: Client PC is shutting down. Error - 1/29/2013 8:25:48 PM | Computer Name = Deirdre-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service [ Media Center Events ] Error - 7/17/2009 9:32:02 PM | Computer Name = Deirdre-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 7/30/2009 9:28:10 PM | Computer Name = Deirdre-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 9/25/2009 9:31:25 PM | Computer Name = Deirdre-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 11/1/2010 8:06:08 PM | Computer Name = Deirdre-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ OSession Events ] Error - 5/6/2009 10:02:17 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2092 seconds with 1020 seconds of active time. This session ended with a crash. Error - 5/7/2009 9:41:18 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 244 seconds with 180 seconds of active time. This session ended with a crash. Error - 5/9/2009 7:52:34 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 149 seconds with 60 seconds of active time. This session ended with a crash. Error - 5/27/2009 8:00:20 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 657 seconds with 300 seconds of active time. This session ended with a crash. Error - 6/23/2009 3:16:26 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1553 seconds with 1380 seconds of active time. This session ended with a crash. Error - 7/9/2009 4:09:53 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5684 seconds with 2400 seconds of active time. This session ended with a crash. Error - 7/9/2009 11:39:48 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8616 seconds with 2340 seconds of active time. This session ended with a crash. Error - 8/18/2009 10:10:14 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 348 seconds with 300 seconds of active time. This session ended with a crash. Error - 9/2/2009 9:21:21 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3396 seconds with 900 seconds of active time. This session ended with a crash. Error - 12/24/2011 5:20:54 PM | Computer Name = Deirdre-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19424 seconds with 9600 seconds of active time. This session ended with a crash. [ System Events ] Error - 1/27/2013 10:46:42 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 10:46:42 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 10:46:42 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10016 Description = Error - 1/28/2013 8:56:21 PM | Computer Name = Deirdre-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/28/2013 10:37:40 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10010 Description = Error - 1/28/2013 10:37:42 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10010 Description = Error - 1/29/2013 8:18:00 PM | Computer Name = Deirdre-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/29/2013 8:25:09 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10010 Description = Error - 1/29/2013 8:25:14 PM | Computer Name = Deirdre-PC | Source = DCOM | ID = 10010 Description = Error - 1/29/2013 8:53:01 PM | Computer Name = Deirdre-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
OTL logfile created on: 1/29/2013 7:58:55 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deirdre\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.93 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 61.46% Memory free 6.09 Gb Paging File | 4.75 Gb Available in Paging File | 78.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223.02 Gb Total Space | 175.03 Gb Free Space | 78.48% Space Free | Partition Type: NTFS Drive D: | 9.86 Gb Total Space | 8.81 Gb Free Space | 89.33% Space Free | Partition Type: NTFS Drive F: | 495.22 Mb Total Space | 408.26 Mb Free Space | 82.44% Space Free | Partition Type: FAT Computer Name: DEIRDRE-PC | User Name: Deirdre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/29 19:57:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deirdre\Desktop\OTL.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/04/29 17:07:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2012/04/29 17:07:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2012/04/29 17:07:22 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2012/03/12 18:59:16 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe PRC - [2012/03/12 18:59:16 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe PRC - [2012/01/29 10:03:45 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011/08/05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2010/09/28 16:38:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/07/16 08:08:06 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/04/29 09:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe PRC - [2010/03/18 04:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009/11/25 13:20:02 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2009/11/25 13:19:58 | 000,277,760 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/03 15:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009/01/12 08:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008/10/19 14:30:14 | 000,378,160 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\PhotoJoy\Bin\PjApp.exe PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe PRC - [2007/11/02 04:48:32 | 001,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe PRC - [2007/03/29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (No Company Name) ========== MOD - [2012/03/12 18:59:17 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll MOD - [2012/03/12 18:59:16 | 000,267,720 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll MOD - [2012/03/12 18:59:16 | 000,132,552 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImComUtlU.dll MOD - [2012/03/12 18:59:16 | 000,079,304 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImAppRU.dll MOD - [2012/03/12 18:59:16 | 000,032,136 | ---- | M] () -- C:\Program Files\IncrediMail\bin\IMHttpComm.dll MOD - [2011/06/10 12:09:07 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\bin\PMC.dll MOD - [2009/11/03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008/12/22 08:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll MOD - [2008/10/19 14:24:00 | 000,274,432 | ---- | M] () -- C:\Program Files\PhotoJoy\Bin\NeoComm.dll MOD - [2008/09/29 08:01:24 | 005,124,096 | R--- | M] () -- C:\Program Files\PhotoJoy\Bin\Im3DEngine.dll MOD - [2008/09/25 10:10:32 | 000,026,112 | ---- | M] () -- C:\Program Files\PhotoJoy\Bin\IMHttpComm.dll MOD - [2008/06/12 00:18:38 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2008/06/12 00:18:36 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2008/06/12 00:18:34 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll MOD - [2008/06/12 00:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2007/03/29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007/03/29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2013/01/19 13:10:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 20:36:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/29 17:07:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011/08/05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011/08/05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010/03/18 04:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009/11/25 13:20:02 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2009/08/15 15:06:33 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/02/03 15:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder iPod Edition\SysInfo.sys -- (CrystalSysInfo) DRV - [2013/01/19 12:49:24 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/09/15 16:23:31 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/05/08 16:06:31 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/02/02 21:40:16 | 000,735,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u) DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009/07/08 16:55:50 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf) DRV - [2009/02/03 15:23:46 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008/06/04 12:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007/11/14 00:19:00 | 000,014,480 | ---- | M] (SMART Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/06/27 16:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2007/06/27 16:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {5DB6D26C-B21C-43F9-B61F-D52F406DF942} IE - HKLM\..\SearchScopes\{28275A70-6C0C-4098-90B7-82AC87AD5581}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE - HKLM\..\SearchScopes\{5DB6D26C-B21C-43F9-B61F-D52F406DF942}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=6PPUGMG2pd IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AUD&o=14556&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=WS&apn_dtid=YYYYYYYYUS&apn_uid=31C0FBF6-65D2-434B-A119-68288BF6A17C&apn_sauid=2F3FF338-254C-4C6C-85C3-F28000AFB216 IE - HKCU\..\SearchScopes\{28275A70-6C0C-4098-90B7-82AC87AD5581}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql IE - HKCU\..\SearchScopes\{5DB6D26C-B21C-43F9-B61F-D52F406DF942}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=6PPUGMG2pd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com?a=6PPUGMG2pd" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&a=6PPUGMG2pd&search=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Deirdre\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/04 18:00:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 13:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 13:10:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 13:10:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 13:10:14 | 000,000,000 | ---D | M] [2013/01/20 21:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deirdre\AppData\Roaming\Mozilla\Extensions [2013/01/20 15:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deirdre\AppData\Roaming\Mozilla\Firefox\Profiles\4w20d9by.default\extensions [2013/01/20 15:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deirdre\AppData\Roaming\Mozilla\Firefox\Profiles\4w20d9by.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/01/19 13:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/19 13:10:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/09/03 14:33:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/14 18:28:04 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/01/20 23:58:24 | 000,000,724 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_07\bin\jp2ssv.dll File not found O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll () O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade File not found O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola) O4 - HKLM..\Run: [sMART Board Service] C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe (SMART Technologies Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON85AC33] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe" File not found O4 - HKCU..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - Startup: C:\Users\Deirdre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legalsounds Download Manager.lnk = C:\Program Files\Legalsounds Download Manager\Legalsounds Download Manager.exe () O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: access-k12.org ([esis] https in Trusted sites) O15 - HKCU\..Trusted Domains: access-k12.org ([webvpn] https in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://webvpn.access-k12.org/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.access-k12.org/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5A467E-789F-4532-8ABF-335EACDC0257}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEB9B09A-4DBC-40CD-A65B-6041C56C7517}: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/27 13:16:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/12/25 09:14:13 | 000,001,280 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/29 19:57:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Deirdre\Desktop\OTL.exe [2013/01/28 20:31:39 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Desktop\mbar-1.01.0.1017 [2013/01/27 01:50:25 | 000,000,000 | ---D | C] -- C:\FRST [2013/01/26 22:24:58 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Deirdre\Desktop\tdsskiller.exe [2013/01/23 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Doctor Web [2013/01/23 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Riverdeep Interactive Learning Limited [2013/01/23 18:51:02 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\ApplicationHistory [2013/01/23 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\Broderbund Software [2013/01/22 19:43:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2013/01/22 19:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/01/22 19:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2013/01/22 19:28:27 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Deirdre\Desktop\rkill.exe [2013/01/21 18:56:30 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Documents\The Fun [2013/01/21 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\LegalsoundsDownloadManager [2013/01/21 18:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legalsounds Download Manager [2013/01/21 18:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Legalsounds Download Manager [2013/01/21 17:54:12 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\Apple [2013/01/21 01:28:11 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\Apple Computer [2013/01/21 01:28:11 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\Apple Computer [2013/01/21 01:03:56 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Documents\Cricut [2013/01/21 01:02:02 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\Microsoft Help [2013/01/21 00:22:10 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\Malwarebytes [2013/01/21 00:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/21 00:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/21 00:21:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/01/21 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/20 23:57:07 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Desktop\RK_Quarantine [2013/01/20 21:31:08 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\Macromedia [2013/01/20 21:23:26 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Bluetooth Software [2013/01/20 21:23:26 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\Documents\Bluetooth Exchange Folder [2013/01/20 21:21:44 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\WeatherBug [2013/01/20 21:21:44 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Local\WeatherBug [2013/01/20 21:21:34 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\Epson [2013/01/20 15:13:19 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\Macromedia [2013/01/20 15:13:16 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\Adobe [2013/01/20 15:12:28 | 000,000,000 | ---D | C] -- C:\Users\Deirdre\AppData\Roaming\LegalSounds [2013/01/20 15:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IM [2013/01/19 13:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/18 17:56:38 | 001,358,408 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Deirdre\Desktop\mbar.exe [2013/01/09 20:12:32 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/09 20:11:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/01/07 19:31:29 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/01/07 19:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/01/04 17:01:57 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe ========== Files - Modified Within 30 Days ========== [2013/01/29 19:57:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deirdre\Desktop\OTL.exe [2013/01/29 19:53:51 | 000,000,988 | ---- | M] () -- C:\Users\Deirdre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legalsounds Download Manager.lnk [2013/01/29 19:53:08 | 000,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2013/01/29 19:52:56 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/29 19:52:31 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/29 19:52:31 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/29 19:52:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/29 19:52:18 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys [2013/01/29 19:25:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/01/29 19:21:18 | 108,187,308 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2013/01/28 21:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/28 21:05:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/28 20:29:08 | 001,358,408 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Deirdre\Desktop\mbar.exe [2013/01/28 20:27:23 | 013,562,257 | ---- | M] () -- C:\Users\Deirdre\Desktop\mbar-1.01.0.1017.zip [2013/01/28 20:08:21 | 000,365,568 | ---- | M] () -- C:\Users\Deirdre\Desktop\gmer.exe [2013/01/28 20:05:43 | 000,356,174 | ---- | M] () -- C:\Users\Deirdre\Desktop\gmer.zip [2013/01/28 20:01:43 | 000,160,350 | ---- | M] () -- C:\Users\Deirdre\Desktop\JavaRa.zip [2013/01/26 22:42:13 | 000,643,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/26 22:42:13 | 000,120,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/26 22:25:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Deirdre\Desktop\tdsskiller.exe [2013/01/26 10:03:42 | 000,749,568 | ---- | M] () -- C:\Users\Deirdre\Desktop\RogueKiller.exe [2013/01/24 19:17:22 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/01/22 19:38:37 | 000,000,733 | ---- | M] () -- C:\Users\Deirdre\Desktop\NTREGOPT.lnk [2013/01/22 19:38:37 | 000,000,714 | ---- | M] () -- C:\Users\Deirdre\Desktop\ERUNT.lnk [2013/01/22 19:28:28 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Deirdre\Desktop\rkill.exe [2013/01/21 18:50:37 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Legalsounds Download Manager.lnk [2013/01/21 09:53:24 | 000,852,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/21 00:21:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/19 12:49:24 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2013/01/13 20:08:52 | 348,687,706 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/01/09 20:36:18 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/09 20:36:18 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/01/07 19:30:52 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/01/07 19:30:52 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2013/01/28 20:23:29 | 013,562,257 | ---- | C] () -- C:\Users\Deirdre\Desktop\mbar-1.01.0.1017.zip [2013/01/28 20:05:42 | 000,356,174 | ---- | C] () -- C:\Users\Deirdre\Desktop\gmer.zip [2013/01/28 20:01:13 | 000,160,350 | ---- | C] () -- C:\Users\Deirdre\Desktop\JavaRa.zip [2013/01/27 22:21:10 | 000,365,568 | ---- | C] () -- C:\Users\Deirdre\Desktop\gmer.exe [2013/01/26 10:03:36 | 000,749,568 | ---- | C] () -- C:\Users\Deirdre\Desktop\RogueKiller.exe [2013/01/24 19:17:22 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/01/22 19:38:37 | 000,000,733 | ---- | C] () -- C:\Users\Deirdre\Desktop\NTREGOPT.lnk [2013/01/22 19:38:37 | 000,000,714 | ---- | C] () -- C:\Users\Deirdre\Desktop\ERUNT.lnk [2013/01/21 18:50:40 | 000,000,988 | ---- | C] () -- C:\Users\Deirdre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legalsounds Download Manager.lnk [2013/01/21 18:50:37 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Legalsounds Download Manager.lnk [2013/01/21 00:21:59 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/21 00:15:03 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys [2013/01/20 21:21:43 | 000,000,284 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini [2013/01/04 17:08:24 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013/01/04 17:01:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011/02/07 19:48:54 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2011/02/07 19:45:06 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/01/20 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\Epson [2013/01/20 15:12:28 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\LegalSounds [2013/01/21 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\LegalsoundsDownloadManager [2013/01/20 15:12:53 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\SMART Technologies Inc [2013/01/20 15:14:29 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\Smilebox [2009/11/16 18:44:08 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\Template [2013/01/20 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\Deirdre\AppData\Roaming\WeatherBug ========== Purity Check ========== < End of report > -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Here's the system log...sorry about that. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3148292096, free: 1905922048 ------------ Kernel report ------------ 01/28/2013 20:56:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\isapnp.sys \SystemRoot\system32\drivers\mpio.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\aliide.sys \SystemRoot\system32\drivers\amdide.sys \SystemRoot\system32\drivers\cmdide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\msdsm.sys \SystemRoot\system32\drivers\nvraid.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\viaide.sys \SystemRoot\system32\drivers\iastorv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\lsi_scsi.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\hpcisss.sys \SystemRoot\system32\drivers\adp94xx.sys \SystemRoot\system32\drivers\adpahci.sys \SystemRoot\system32\drivers\adpu160m.sys \SystemRoot\system32\drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\adpu320.sys \SystemRoot\system32\drivers\djsvs.sys \SystemRoot\system32\drivers\arc.sys \SystemRoot\system32\drivers\arcsas.sys \SystemRoot\system32\drivers\elxstor.sys \SystemRoot\system32\drivers\i2omp.sys \SystemRoot\system32\drivers\iirsp.sys \SystemRoot\system32\drivers\iteatapi.sys \SystemRoot\system32\drivers\iteraid.sys \SystemRoot\system32\drivers\lsi_fc.sys \SystemRoot\system32\drivers\lsi_sas.sys \SystemRoot\system32\drivers\megasas.sys \SystemRoot\system32\drivers\megasr.sys \SystemRoot\system32\drivers\mraid35x.sys \SystemRoot\system32\drivers\nfrd960.sys \SystemRoot\system32\drivers\ql2300.sys \SystemRoot\system32\drivers\ql40xx.sys \SystemRoot\system32\drivers\sisraid2.sys \SystemRoot\system32\drivers\sisraid4.sys \SystemRoot\system32\drivers\symc8xx.sys \SystemRoot\system32\drivers\sym_hi.sys \SystemRoot\system32\drivers\sym_u3.sys \SystemRoot\system32\drivers\uliahci.sys \SystemRoot\system32\drivers\ulsata.sys \SystemRoot\system32\drivers\ulsata2.sys \SystemRoot\system32\drivers\vsmraid.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\drivers\sbp2port.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rtlh86.sys \SystemRoot\system32\DRIVERS\athr.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\SMARTVHidMini2000x86.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDRT32.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\HSXHWAZL.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\avgtdix.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\RTSTOR.SYS \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\anodlwf.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\avgmfx86.sys \SystemRoot\System32\Drivers\avgldx86.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\xaudio.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Users\Deirdre\AppData\Local\Temp\pfdiifob.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR12 Upper Device Object: 0xffffffff85808ac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\000000c9\ Lower Device Object: 0xffffffffd26dfcb8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff867f8388 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff85eeab20 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.01.28.13 Downloaded database version: v2013.01.23.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff867f8388, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff868fbd18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff867f8388, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff85eeab20, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffffffface99348, 0xffffffff867f8388, 0xffffffff86092958 Lower DeviceData: 0xffffffffba9f4518, 0xffffffff85eeab20, 0xffffffffcc1bfc90 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2F41570E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 467716033 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 467716096 Numsec = 20674560 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffffcd21b3c8, DeviceName: \Device\Harddisk1\DR13\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff857ebd18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffffcd21b3c8, DeviceName: \Device\Harddisk1\DR13\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff857eb9a0, DeviceName: \Device\000000cd\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: C3072E18 Partition information: Partition 0 type is Other (0x4) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 1014752 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 519569408 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3148292096, free: 1611206656 ======================================= -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
After my little panic attack, I realized that it would let me run the prgram "as is" and so here is the log that resulted: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3148292096, free: 1905922048 ------------ Kernel report ------------ 01/28/2013 20:56:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\isapnp.sys \SystemRoot\system32\drivers\mpio.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\aliide.sys \SystemRoot\system32\drivers\amdide.sys \SystemRoot\system32\drivers\cmdide.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\msdsm.sys \SystemRoot\system32\drivers\nvraid.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\viaide.sys \SystemRoot\system32\drivers\iastorv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\lsi_scsi.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\hpcisss.sys \SystemRoot\system32\drivers\adp94xx.sys \SystemRoot\system32\drivers\adpahci.sys \SystemRoot\system32\drivers\adpu160m.sys \SystemRoot\system32\drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\adpu320.sys \SystemRoot\system32\drivers\djsvs.sys \SystemRoot\system32\drivers\arc.sys \SystemRoot\system32\drivers\arcsas.sys \SystemRoot\system32\drivers\elxstor.sys \SystemRoot\system32\drivers\i2omp.sys \SystemRoot\system32\drivers\iirsp.sys \SystemRoot\system32\drivers\iteatapi.sys \SystemRoot\system32\drivers\iteraid.sys \SystemRoot\system32\drivers\lsi_fc.sys \SystemRoot\system32\drivers\lsi_sas.sys \SystemRoot\system32\drivers\megasas.sys \SystemRoot\system32\drivers\megasr.sys \SystemRoot\system32\drivers\mraid35x.sys \SystemRoot\system32\drivers\nfrd960.sys \SystemRoot\system32\drivers\ql2300.sys \SystemRoot\system32\drivers\ql40xx.sys \SystemRoot\system32\drivers\sisraid2.sys \SystemRoot\system32\drivers\sisraid4.sys \SystemRoot\system32\drivers\symc8xx.sys \SystemRoot\system32\drivers\sym_hi.sys \SystemRoot\system32\drivers\sym_u3.sys \SystemRoot\system32\drivers\uliahci.sys \SystemRoot\system32\drivers\ulsata.sys \SystemRoot\system32\drivers\ulsata2.sys \SystemRoot\system32\drivers\vsmraid.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\drivers\sbp2port.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rtlh86.sys \SystemRoot\system32\DRIVERS\athr.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\SMARTVHidMini2000x86.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\CHDRT32.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\HSXHWAZL.sys \SystemRoot\system32\DRIVERS\HSX_DPV.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\System32\Drivers\avgtdix.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\RTSTOR.SYS \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\anodlwf.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\avgmfx86.sys \SystemRoot\System32\Drivers\avgldx86.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\xaudio.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Users\Deirdre\AppData\Local\Temp\pfdiifob.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR12 Upper Device Object: 0xffffffff85808ac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\000000c9\ Lower Device Object: 0xffffffffd26dfcb8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff867f8388 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff85eeab20 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.01.28.13 Downloaded database version: v2013.01.23.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff867f8388, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff868fbd18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff867f8388, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff85eeab20, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffffffface99348, 0xffffffff867f8388, 0xffffffff86092958 Lower DeviceData: 0xffffffffba9f4518, 0xffffffff85eeab20, 0xffffffffcc1bfc90 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2F41570E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 467716033 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 467716096 Numsec = 20674560 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffffcd21b3c8, DeviceName: \Device\Harddisk1\DR13\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff857ebd18, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffffcd21b3c8, DeviceName: \Device\Harddisk1\DR13\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff857eb9a0, DeviceName: \Device\000000cd\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: C3072E18 Partition information: Partition 0 type is Other (0x4) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 1014752 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 519569408 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished ======================================= -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
The screenshot didn't show up so, here it is as an attachment. mbrootkitpopup.doc -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Okay, tried to run mbar.exe and this is the message I recieved once I extracted the files. It wouldn't let me run the program at all until I extreaced it becaus there was a missing .dll file. What should I do from this point. Not sure if I should contine and run it or not. Just wanted to check before I mess anything up. -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Here is the gmer log: GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-01-28 20:19:36 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-60ZCT1 rev.13.01A13 232.89GB Running: gmer.exe; Driver: C:\Users\Deirdre\AppData\Local\Temp\pfdiifob.sys ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a4e89a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a4e89a@68ebaea31a82 0xCC 0xC5 0x1A 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a4e89a@0023aff70720 0x03 0xF4 0xC2 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a4e89a@c0e422aec7f7 0xD7 0x5C 0xF0 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@001a771d00b7 0x2E 0xDB 0x3F 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@001fccc73516 0xEA 0xE1 0xC4 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@0021fb462d66 0x93 0xE6 0x8F 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@0023aff70720 0x2C 0xB1 0xC9 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@000fe46de54b 0x32 0xCC 0x1E 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@002268e070e7 0xC0 0x07 0x87 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@00265d217985 0x5F 0x05 0xFE 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018e736d879@0017e2015545 0xFB 0x64 0x07 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a4e89a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a4e89a@68ebaea31a82 0xCC 0xC5 0x1A 0x09 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a4e89a@0023aff70720 0x03 0xF4 0xC2 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a4e89a@c0e422aec7f7 0xD7 0x5C 0xF0 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@001a771d00b7 0x2E 0xDB 0x3F 0x0B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@001fccc73516 0xEA 0xE1 0xC4 0x39 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@0021fb462d66 0x93 0xE6 0x8F 0x06 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@0023aff70720 0x2C 0xB1 0xC9 0x2A ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@000fe46de54b 0x32 0xCC 0x1E 0x93 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@002268e070e7 0xC0 0x07 0x87 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@00265d217985 0x5F 0x05 0xFE 0x82 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018e736d879@0017e2015545 0xFB 0x64 0x07 0x65 ... ---- EOF - GMER 2.0 ---- -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
No luck...any suggestions? -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
I tried to complete all of your repquests in step two however, I ran into a few problems. "Ask Toolbar Updater" will not allow me to uninstall it. I get a message that pops up stating that I do not have "sufficent access to complete the request" and that I should "contact my system administrator". I have my user account set up as an administrative accont so I am unsure why it won't allow me to uninstall. My second issue is that I could not locate the "Java Auto Updater" in the list of programs however, I am positive that I have it as every time I start my computer I get an alert that I need to update Java. I didn't want to proceed to step 3 before consulting you about these issues. I am going to try to restart and see if I have better luck with the two items listed here. If I do, I will finish the next step. -
Infected, pics missing / Trojan.FakeAlert
dreadree replied to dreadree's topic in Resolved Malware Removal Logs
Thanks for hanging in there with me Maurice. Here is the fixlog, I will have to complete the other two steps a bit later. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-01-2013 02 Ran by SYSTEM at 2013-01-27 13:22:54 Run:1 Running from G:\ ============================================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY Value deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater Value deleted successfully. HKEY_USERS\Deirdre\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock Value deleted successfully. C:\Users\Deirdre\AppData\Roaming\defender.exe not found. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8wd was disabled HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8emc was disabled ==== End of Fixlog ====