jmanzella7
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jmanzella7
-
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=96e016d9bc8a564786eb29eca5e3ad34
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-18 06:38:21
# local_time=2012-10-17 11:38:21 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 81157998 81157998 0 0
# compatibility_mode=5892 16776638 100 100 0 187141372 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=165455
# found=1
# cleaned=1
# scan_time=8460
C:\FRST\Quarantine\khtbwxtb.dll Win32/Kryptik.AMNR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-10-2012
Ran by SYSTEM at 2012-10-15 20:50:55 Run:1
Running from F:\
==============================================
HKEY_USERS\Joe\Software\Microsoft\Windows\CurrentVersion\Run\\Dropbox Value deleted successfully.
C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll moved successfully.
==== End of Fixlog ====
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-10-2012
Ran by SYSTEM at 14-10-2012 20:21:46
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2006-11-21] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [7757824 2006-11-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2006-11-21] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-22] (Synaptics, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [1020248 2010-01-25] (Trend Micro Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\Joe\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Joe\...\Run: [Dropbox] rundll32.exe C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll,GetImporterInterface [354304 2012-09-09] ()
HKU\Joe\...\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [x]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Joe\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ===================
2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
2 DeviceMonitorService; "C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe" [87368 2011-09-19] (Nero AG)
3 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-11-30] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [118784 2006-11-20] (Acer Inc.)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [45056 2006-11-16] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2006-11-13] ()
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [218992 2011-09-14] ()
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-05] (Mozilla Foundation)
3 RosettaStoneLtdController; "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" [354648 2007-10-31] (Rosetta Stone Ltd.)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [715440 2010-11-08] (Trend Micro Inc.)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [345352 2010-03-12] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [689416 2010-03-12] (Trend Micro Inc.)
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [131072 2006-12-01] (acer)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [x]
2 XAudioService; C:\Windows\System32\DRIVERS\xaudio.exe [x]
==================== Drivers (Whitelisted) ====================
1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-10-24] (ENE Technology Inc.)
3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-10-24] (ENE Technology Inc.)
3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-10-24] (ENE Technology Inc.)
2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [10624 2006-11-10] (HiTRUST)
0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [7936 2006-11-10] (HiTRUST)
0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [53760 2006-11-08] (HiTRUST)
3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-10-17] (SCM Microsystems Inc.)
3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36624 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2010-03-12] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [262416 2011-07-12] (Trend Micro Inc.)
3 TrueSight; \??\C:\Windows\system32\drivers\TrueSight.sys [14080 2012-10-09] ()
2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1405720 2011-07-12] (Trend Micro Inc.)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2005-04-12] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [22240 2005-04-12] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2005-04-12] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [45504 2005-04-12] (Logitech Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\Joe\AppData\Local\Temp\catchme.sys [x]
3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [x]
3 MFE_RR; \??\C:\Users\Joe\AppData\Local\Temp\mfe_rr.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]
2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2012-10-14 20:21 - 2012-10-14 20:21 - 00000000 ____D C:\FRST
2012-10-12 20:51 - 2012-10-12 20:52 - 00000240 ____A C:\Users\Joe\Desktop\RootkitRemover20121012215140.txt
2012-10-12 20:50 - 2012-10-12 20:50 - 00475752 ____A (McAfee, Inc.) C:\Users\Joe\Desktop\rootkitremover.exe
2012-10-12 09:01 - 2012-10-12 09:02 - 00000000 ___SD C:\ComboFix
2012-10-12 07:43 - 2012-10-12 07:43 - 00138384 ____A C:\Windows\Minidump\Mini101212-01.dmp
2012-10-12 07:42 - 2012-10-12 07:42 - 340175182 ____A C:\Windows\MEMORY.DMP
2012-10-11 14:55 - 2012-10-11 14:55 - 00000000 ____D C:\Windows\erdnt
2012-10-11 14:55 - 2012-10-11 14:55 - 00000000 ____D C:\Qoobox
2012-10-11 14:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-11 14:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-11 14:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-11 14:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-11 14:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-11 14:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-11 14:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-11 14:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-11 14:52 - 2012-10-12 09:00 - 04771502 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2012-10-10 09:05 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 09:05 - 2012-08-29 03:27 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 09:05 - 2012-08-29 03:27 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 09:05 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 09:05 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 09:05 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 09:05 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 07:52 - 2012-10-10 07:52 - 00070536 ____A C:\Users\Joe\Desktop\Extras.Txt
2012-10-10 07:51 - 2012-10-10 07:51 - 00091476 ____A C:\Users\Joe\Desktop\OTL.Txt
2012-10-10 07:38 - 2012-10-10 07:38 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.exe
2012-10-10 07:38 - 2012-10-10 07:38 - 00001728 ____A C:\Users\Joe\Desktop\aswMBR.txt
2012-10-10 07:38 - 2012-10-10 07:38 - 00000512 ____A C:\Users\Joe\Desktop\MBR.dat
2012-10-10 07:33 - 2012-10-10 07:33 - 04731392 ____A (AVAST Software) C:\Users\Joe\Desktop\aswMBR.exe
2012-10-10 07:00 - 2012-10-10 07:00 - 00002855 ____A C:\Users\Joe\Desktop\dds.PIF
2012-10-10 06:22 - 2012-10-10 06:22 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.com
2012-10-09 21:00 - 2012-10-09 21:00 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.scr
2012-10-09 21:00 - 2012-10-09 20:45 - 01422336 ____A C:\Users\Joe\Desktop\RogueKiller.exe
2012-10-09 20:48 - 2012-10-09 20:48 - 00003851 ____A C:\Users\Joe\Desktop\RKreport[1].txt
2012-10-09 20:47 - 2012-10-09 20:48 - 00000000 ____D C:\Users\Joe\Desktop\RK_Quarantine
2012-10-09 20:47 - 2012-10-09 20:47 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-10-09 20:04 - 2012-10-09 20:04 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-09 19:40 - 2012-10-09 19:40 - 00000000 ____D C:\Users\All Users\Mozilla
2012-10-09 19:40 - 2012-10-09 19:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-09-21 15:01 - 2012-08-25 03:50 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 15:01 - 2012-08-25 03:50 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 15:01 - 2012-08-25 03:50 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 15:01 - 2012-08-25 03:48 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-21 15:01 - 2012-08-25 03:46 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-09-21 15:01 - 2012-08-25 03:45 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 15:01 - 2012-08-25 03:45 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 15:01 - 2012-08-25 03:45 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 15:01 - 2012-08-25 03:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-21 15:01 - 2012-08-25 03:44 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-21 15:01 - 2012-08-25 03:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 15:01 - 2012-08-25 02:11 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-21 15:01 - 2012-08-25 00:31 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-21 15:01 - 2012-08-25 00:31 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-21 15:01 - 2012-08-25 00:30 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-21 15:01 - 2012-08-25 00:29 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
==================== 3 Months Modified Files ==================
2012-10-14 19:17 - 2011-08-19 10:26 - 01878624 ____A C:\Windows\WindowsUpdate.log
2012-10-14 19:17 - 2006-11-02 05:01 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-14 19:17 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-14 19:17 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-14 19:17 - 2006-11-02 04:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-14 19:16 - 2006-11-02 02:33 - 00703404 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-14 18:46 - 2012-04-02 20:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-12 20:52 - 2012-10-12 20:51 - 00000240 ____A C:\Users\Joe\Desktop\RootkitRemover20121012215140.txt
2012-10-12 20:50 - 2012-10-12 20:50 - 00475752 ____A (McAfee, Inc.) C:\Users\Joe\Desktop\rootkitremover.exe
2012-10-12 20:33 - 2012-08-16 02:30 - 00002110 ____A C:\Windows\PFRO.log
2012-10-12 09:00 - 2012-10-11 14:52 - 04771502 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2012-10-12 07:43 - 2012-10-12 07:43 - 00138384 ____A C:\Windows\Minidump\Mini101212-01.dmp
2012-10-12 07:42 - 2012-10-12 07:42 - 340175182 ____A C:\Windows\MEMORY.DMP
2012-10-11 14:54 - 2012-08-20 06:01 - 00000540 ____A C:\Windows\TMFilter.log
2012-10-11 02:05 - 2006-11-02 02:24 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-10-10 07:52 - 2012-10-10 07:52 - 00070536 ____A C:\Users\Joe\Desktop\Extras.Txt
2012-10-10 07:51 - 2012-10-10 07:51 - 00091476 ____A C:\Users\Joe\Desktop\OTL.Txt
2012-10-10 07:38 - 2012-10-10 07:38 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.exe
2012-10-10 07:38 - 2012-10-10 07:38 - 00001728 ____A C:\Users\Joe\Desktop\aswMBR.txt
2012-10-10 07:38 - 2012-10-10 07:38 - 00000512 ____A C:\Users\Joe\Desktop\MBR.dat
2012-10-10 07:33 - 2012-10-10 07:33 - 04731392 ____A (AVAST Software) C:\Users\Joe\Desktop\aswMBR.exe
2012-10-10 07:00 - 2012-10-10 07:00 - 00002855 ____A C:\Users\Joe\Desktop\dds.PIF
2012-10-10 06:22 - 2012-10-10 06:22 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.com
2012-10-09 21:00 - 2012-10-09 21:00 - 00607260 ____R (Swearware) C:\Users\Joe\Desktop\dds.scr
2012-10-09 20:48 - 2012-10-09 20:48 - 00003851 ____A C:\Users\Joe\Desktop\RKreport[1].txt
2012-10-09 20:47 - 2012-10-09 20:47 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-10-09 20:45 - 2012-10-09 21:00 - 01422336 ____A C:\Users\Joe\Desktop\RogueKiller.exe
2012-10-09 20:04 - 2012-10-09 20:04 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-09 19:40 - 2008-12-21 16:46 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-10-08 14:47 - 2012-04-02 20:15 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-08 14:47 - 2011-07-16 17:02 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-13 20:22 - 2012-07-13 14:30 - 00003570 ____A C:\Windows\setupact.log
2012-09-13 05:28 - 2012-10-10 09:05 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-11 20:32 - 2012-09-11 20:32 - 00001867 ____A C:\Users\Joe\.powerupdate.user.properties
2012-09-09 07:01 - 2012-09-09 07:01 - 00001739 ____A C:\Users\Public\Desktop\MotoCast.lnk
2012-09-07 16:04 - 2011-07-16 13:36 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-29 03:27 - 2012-10-10 09:05 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-29 03:27 - 2012-10-10 09:05 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-25 03:50 - 2012-09-21 15:01 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-25 03:50 - 2012-09-21 15:01 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-25 03:50 - 2012-09-21 15:01 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-25 03:48 - 2012-09-21 15:01 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-25 03:46 - 2012-09-21 15:01 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-25 03:45 - 2012-09-21 15:01 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-25 03:45 - 2012-09-21 15:01 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-25 03:45 - 2012-09-21 15:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-25 03:45 - 2012-09-21 15:01 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-25 03:44 - 2012-09-21 15:01 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-25 03:44 - 2012-09-21 15:01 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-25 02:11 - 2012-09-21 15:01 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-25 00:31 - 2012-09-21 15:01 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-25 00:31 - 2012-09-21 15:01 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-25 00:30 - 2012-09-21 15:01 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-25 00:29 - 2012-09-21 15:01 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:53 - 2012-10-10 09:05 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-20 05:58 - 2012-08-20 05:58 - 00062399 ____A C:\Users\Joe\Desktop\Copy of Issues with August 2012 Update List-internal and external.xlsx
2012-08-16 02:32 - 2006-11-02 04:47 - 00372920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 19:54 - 2012-08-14 19:54 - 00134144 ____A C:\Users\Joe\Desktop\Body_Fat_Worksheet_v6.0.xls
2012-08-10 12:29 - 2012-08-10 12:29 - 00001896 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-12 08:19:45
Restore point made on: 2012-10-14 19:00:31
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 3061.5 MB
Available physical RAM: 2765.15 MB
Total Pagefile: 2960.31 MB
Available Pagefile: 2833.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
==================== Partitions =============================
1 Drive c: (ACER) (Fixed) (Total:138.61 GB) (Free:82.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:137.71 GB) (Free:96.44 GB) NTFS
4 Drive f: (LEXAR) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
5 Drive x: (PQSERVICE) (Fixed) (Total:21.76 GB) (Free:15.72 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 968 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 22 GB 32 KB
Partition 2 Primary 139 GB 22 GB
Partition 3 Primary 138 GB 160 GB
=========================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 X PQSERVICE NTFS Partition 22 GB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C ACER NTFS Partition 139 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 138 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 967 MB 16 KB
=========================================================
Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 F LEXAR FAT Removable 967 MB Healthy
=========================================================
Last Boot: 2012-10-14 18:30
==================== End Of Log ============================
-
Before I do any of the steps you described should I back-up files to an external drive? Will this delete any files from my computer? Also, if I transfer files to an external hard drive, is there a risk that I can spread the infection to another computer?
-
Maniac, I don't think the issue is resolved. I wouldlike to continue to try to fix the issue.
-
After several hours of ComboFix being stuck on the scan screen, I was forced to do a hard re-start on my computer. Just out of curiosity, I downloaded McAfee's rootkitremover software (since it's supposed to eliminate rootkit.zeroaccess) and ran it. When it did the initial scan, it said that it did not find any trojans. Is it possible that ComboFix ended up working, even though it looked like it was stuck? I just launched Google in FireFox and clicked several links, with no redirects.
-
Ok. I decided to try to re-run ComboFix. Apparently I missed the first part of the message it showed last time. It said that I'm infected withrootkit.zeroaccess. ComboFix is still getting stuck at the initial scan screen. Something seems to be stopping it from running.
-
Sorry, tried to paste screen captures of the error messages into the post but it didn't work for some reason. Anyway, here's the text from the "Windows has recovered from an unexpected shutdown" message:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 9f
BCP1: 00000003
BCP2: 8A849C70
BCP3: 8A849C70
BCP4: 8659E100
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\Mini101212-01.dmp
C:\Users\Joe\AppData\Local\Temp\WER-160805-0.sysdata.xml
C:\Users\Joe\AppData\Local\Temp\WERC476.tmp.version.txt
Read our privacy statement:
-
My computer just woke up. Looks like something happened overnight. Here are the error messages that were up this morning:
-
I let ComboFix run overnight, just in case it was working very slowly. Now my computer shows only a black screen. No desktop, nothing, just a black screen.
-
Hi Maniac,
I carefully read all the instructions before downloading and running ComboFix. A few minutes into the scan, a window popped up that said something like "Rootkit found, this may take a long time". I clicked ok. ComboFix has been running for over an hour now, and it is still on the scan page, but it doesn't look like it's making any progress. Is this normal?
Thanks.
-
-
Hi Maniac, here are the logs you requested.
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.10.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Joe :: JOE-PC [administrator]
10/10/2012 8:15:24 AM
mbam-log-2012-10-10 (08-15-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189004
Time elapsed: 13 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 08:36:18
-----------------------------
08:36:18.173 OS Version: Windows 6.0.6002 Service Pack 2
08:36:18.173 Number of processors: 2 586 0xE08
08:36:18.175 ComputerName: JOE-PC UserName: Joe
08:36:44.142 Initialize success
08:37:06.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:37:06.248 Disk 0 Vendor: ST9320325AS 0001SDM1 Size: 305245MB BusType: 3
08:37:06.262 Disk 0 MBR read successfully
08:37:06.264 Disk 0 MBR scan
08:37:06.266 Disk 0 unknown MBR code
08:37:06.268 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22285 MB offset 63
08:37:06.289 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 141941 MB offset 45640665
08:37:06.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141018 MB offset 336336840
08:37:06.317 Disk 0 scanning sectors +625142448
08:37:06.377 Disk 0 scanning C:\Windows\system32\drivers
08:37:24.334 Service scanning
08:37:45.179 Modules scanning
08:37:52.119 Disk 0 trace - called modules:
08:37:52.150 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
08:37:52.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866649d8]
08:37:52.157 3 CLASSPNP.SYS[8abb58b3] -> nt!IofCallDriver -> [0x85379020]
08:37:52.160 5 acpi.sys[82a9b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d18b98]
08:37:52.164 Scan finished successfully
08:38:03.776 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
08:38:03.784 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"
---------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 10/10/2012 8:40:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.20% Memory free
6.20 Gb Paging File | 5.17 Gb Available in Paging File | 83.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.61 Gb Total Space | 84.55 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
Drive D: | 137.71 Gb Total Space | 96.44 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive E: | 2.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/10 08:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/19 16:29:48 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/15 10:26:02 | 000,166,864 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
PRC - [2011/09/15 10:25:52 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
PRC - [2011/09/14 16:09:04 | 000,218,992 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/09/14 16:08:08 | 000,804,720 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/08/16 22:38:03 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Joe\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/11/08 09:40:56 | 000,715,440 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/03/12 22:07:17 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2010/03/12 22:07:17 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/01/26 00:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/12/01 11:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/11/20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/11/19 23:13:00 | 004,018,176 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/11/13 01:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/10 08:11:17 | 000,379,904 | ---- | M] () -- C:\Users\Joe\AppData\Local\Temp\libsqlitejdbc-8175058078959342349.lib
MOD - [2012/10/10 08:10:29 | 000,205,824 | ---- | M] () -- C:\Users\Joe\AppData\Local\Temp\WindowsAPI.dll1235610244091184470.lib
MOD - [2012/09/09 09:01:04 | 000,354,304 | ---- | M] () -- C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll
MOD - [2011/09/15 10:26:02 | 000,071,680 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
MOD - [2011/09/15 10:26:02 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
MOD - [2011/09/15 10:26:02 | 000,059,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
MOD - [2011/09/15 10:26:02 | 000,054,784 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
MOD - [2011/09/15 10:26:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
MOD - [2011/09/15 10:26:02 | 000,051,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
MOD - [2011/09/15 10:26:02 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
MOD - [2011/09/15 10:26:02 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
MOD - [2011/09/15 10:26:02 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
MOD - [2011/09/15 10:26:02 | 000,032,768 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
MOD - [2011/09/15 10:26:02 | 000,024,576 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
MOD - [2011/09/15 10:26:02 | 000,013,312 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
MOD - [2011/09/15 10:26:02 | 000,011,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libshift.dll
MOD - [2011/09/15 10:26:00 | 000,163,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
MOD - [2011/09/15 10:26:00 | 000,150,528 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
MOD - [2011/09/15 10:26:00 | 000,149,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtdemux.dll
MOD - [2011/09/15 10:26:00 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
MOD - [2011/09/15 10:26:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstqtmux.dll
MOD - [2011/09/15 10:26:00 | 000,061,952 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
MOD - [2011/09/15 10:26:00 | 000,047,616 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
MOD - [2011/09/15 10:26:00 | 000,039,424 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
MOD - [2011/09/15 10:26:00 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstselector.dll
MOD - [2011/09/15 10:26:00 | 000,035,840 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
MOD - [2011/09/15 10:26:00 | 000,035,328 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
MOD - [2011/09/15 10:26:00 | 000,034,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
MOD - [2011/09/15 10:26:00 | 000,032,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
MOD - [2011/09/15 10:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
MOD - [2011/09/15 10:26:00 | 000,025,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
MOD - [2011/09/15 10:26:00 | 000,025,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
MOD - [2011/09/15 10:26:00 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
MOD - [2011/09/15 10:26:00 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
MOD - [2011/09/15 10:26:00 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
MOD - [2011/09/15 10:25:58 | 000,531,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
MOD - [2011/09/15 10:25:58 | 000,119,296 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
MOD - [2011/09/15 10:25:58 | 000,074,240 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
MOD - [2011/09/15 10:25:58 | 000,037,888 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
MOD - [2011/09/15 10:25:58 | 000,029,696 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
MOD - [2011/09/15 10:25:54 | 002,009,600 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
MOD - [2011/09/15 10:25:54 | 001,694,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
MOD - [2011/09/15 10:25:54 | 001,563,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
MOD - [2011/09/15 10:25:54 | 001,520,128 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
MOD - [2011/09/15 10:25:54 | 001,396,736 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libxml2-2.dll
MOD - [2011/09/15 10:25:54 | 001,376,256 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
MOD - [2011/09/15 10:25:54 | 000,682,496 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
MOD - [2011/09/15 10:25:54 | 000,563,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
MOD - [2011/09/15 10:25:54 | 000,363,008 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
MOD - [2011/09/15 10:25:54 | 000,276,992 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
MOD - [2011/09/15 10:25:54 | 000,248,352 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
MOD - [2011/09/15 10:25:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
MOD - [2011/09/15 10:25:54 | 000,190,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libpng14-14.dll
MOD - [2011/09/15 10:25:54 | 000,187,904 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
MOD - [2011/09/15 10:25:54 | 000,179,712 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
MOD - [2011/09/15 10:25:54 | 000,162,304 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
MOD - [2011/09/15 10:25:54 | 000,125,440 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
MOD - [2011/09/15 10:25:54 | 000,123,947 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
MOD - [2011/09/15 10:25:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
MOD - [2011/09/15 10:25:54 | 000,122,368 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
MOD - [2011/09/15 10:25:54 | 000,091,136 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
MOD - [2011/09/15 10:25:54 | 000,088,064 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
MOD - [2011/09/15 10:25:54 | 000,085,504 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\z.dll
MOD - [2011/09/15 10:25:54 | 000,083,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
MOD - [2011/09/15 10:25:54 | 000,079,872 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
MOD - [2011/09/15 10:25:54 | 000,078,336 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
MOD - [2011/09/15 10:25:54 | 000,073,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
MOD - [2011/09/15 10:25:54 | 000,070,144 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
MOD - [2011/09/15 10:25:54 | 000,067,584 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
MOD - [2011/09/15 10:25:54 | 000,050,688 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
MOD - [2011/09/15 10:25:54 | 000,048,640 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
MOD - [2011/09/15 10:25:54 | 000,041,984 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
MOD - [2011/09/15 10:25:54 | 000,038,912 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
MOD - [2011/09/15 10:25:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
MOD - [2011/09/15 10:25:54 | 000,036,864 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
MOD - [2011/09/15 10:25:54 | 000,033,280 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
MOD - [2011/09/15 10:25:54 | 000,030,208 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
MOD - [2011/09/15 10:25:54 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
MOD - [2011/09/15 10:25:54 | 000,029,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
MOD - [2011/09/15 10:25:54 | 000,026,624 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
MOD - [2011/09/15 10:25:54 | 000,023,552 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libogg-0.dll
MOD - [2011/09/15 10:25:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
MOD - [2011/09/15 10:25:54 | 000,019,968 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
MOD - [2011/09/15 10:25:54 | 000,019,456 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
MOD - [2011/09/15 10:25:54 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
MOD - [2011/09/15 10:25:54 | 000,017,920 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
MOD - [2011/09/15 10:25:54 | 000,016,896 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
MOD - [2011/09/15 10:25:54 | 000,015,360 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
MOD - [2011/09/15 10:25:54 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
MOD - [2011/09/15 10:25:54 | 000,014,848 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
MOD - [2011/09/15 10:25:54 | 000,011,776 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
MOD - [2011/09/15 10:25:54 | 000,008,192 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\plugins\libgstapp.dll
MOD - [2011/09/15 10:25:52 | 000,331,264 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
MOD - [2011/09/15 10:25:52 | 000,237,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
MOD - [2011/09/15 10:25:52 | 000,199,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
MOD - [2011/09/15 10:25:52 | 000,126,976 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
MOD - [2011/09/15 10:25:52 | 000,108,544 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
MOD - [2011/09/15 10:25:52 | 000,053,760 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
MOD - [2011/09/15 10:25:52 | 000,038,400 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstapp-0.10.dll
MOD - [2011/09/15 10:25:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
MOD - [2011/09/14 16:08:08 | 000,804,720 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2007/03/30 11:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService)
SRV - File not found [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/10/08 15:47:02 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 19:15:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/19 16:29:48 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/09/14 16:09:04 | 000,218,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/11/08 09:40:56 | 000,715,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/03/12 22:07:17 | 000,689,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/03/12 22:07:17 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/20 10:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/31 15:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [On_Demand | Stopped] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2006/12/01 11:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/11/30 20:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/20 22:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/11/16 17:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/13 01:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\xaudio.sys -- (XAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Joe\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/10/09 21:47:45 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/07/12 03:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2011/07/12 03:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2011/07/12 03:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 11:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 11:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 11:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2010/03/12 22:07:25 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2006/11/22 00:29:00 | 004,455,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 01:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/11/02 00:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/29 18:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/24 23:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/24 23:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/24 23:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com/
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{5E3967A3-FFDB-427E-968D-3EE8486D14FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_en
IE - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Joe\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/09 20:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/10 13:29:02 | 000,000,000 | ---D | M]
[2008/12/21 17:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2012/07/24 20:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions
[2012/02/08 19:19:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/08 19:19:19 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\2020Player@2020Technologies.com
[2012/02/08 19:19:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\moveplayer@movenetworks.com
[2012/07/24 20:09:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j3a3o27h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/09 20:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/23 21:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/10/05 19:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/08/18 12:00:00 | 000,270,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCAENTU.dll
[2004/08/18 12:00:00 | 001,294,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCARSA.dll
[2004/08/18 12:00:00 | 000,348,160 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\GuiUtils.dll
[2004/08/18 12:00:00 | 000,393,216 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDBsignWeb.dll
[2011/02/02 19:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2004/08/18 12:00:00 | 000,122,880 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\mozilla firefox\plugins\nsldap32v30.dll
[2012/10/05 19:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/05 19:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000..\Run: [Dropbox] C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll ()
O4 - HKU\S-1-5-21-452256800-3484198201-3087025338-1000..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A46013-805B-456C-91FF-75978ACDE10B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A95BCE07-1B66-4DFD-92B4-B94208B884FE}: DhcpNameServer = 10.61.32.1 4.2.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/01 23:15:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cdaa7cf-84f3-11de-96cf-0016d467f43c}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\{75ff7d10-75c6-11df-93c9-0014d11b3ffe}\Shell - "" = AutoRun
O33 - MountPoints2\{75ff7d10-75c6-11df-93c9-0014d11b3ffe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{9d108e69-693f-11dc-af33-0016d467f43c}\Shell - "" = AutoRun
O33 - MountPoints2\{9d108e69-693f-11dc-af33-0016d467f43c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{eeaa0b04-fa8c-11e1-8878-0016d467f43c}\Shell - "" = AutoRun
O33 - MountPoints2\{eeaa0b04-fa8c-11e1-8878-0016d467f43c}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a
O33 - MountPoints2\{fc2cddde-3c46-11e1-a0dd-0016d467f43c}\Shell - "" = AutoRun
O33 - MountPoints2\{fc2cddde-3c46-11e1-a0dd-0016d467f43c}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a
O33 - MountPoints2\{fc2cde07-3c46-11e1-a0dd-0016d467f43c}\Shell - "" = AutoRun
O33 - MountPoints2\{fc2cde07-3c46-11e1-a0dd-0016d467f43c}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/10 08:38:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2012/10/10 08:33:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe
[2012/10/10 07:22:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.com
[2012/10/09 22:00:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\dds.scr
[2012/10/09 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\RK_Quarantine
[2012/10/09 20:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/09 20:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/11 21:33:19 | 000,000,000 | ---D | C] -- C:\Dropbox
[2012/09/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Cmaps
[2012/09/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\CmapTools
[2012/09/11 21:33:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\CmapToolsLogs
========== Files - Modified Within 30 Days ==========
[2012/10/10 08:46:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/10 08:38:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2012/10/10 08:38:03 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat
[2012/10/10 08:33:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Joe\Desktop\aswMBR.exe
[2012/10/10 08:16:24 | 000,604,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/10 08:16:24 | 000,104,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 08:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 08:10:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 08:10:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 08:00:49 | 000,002,855 | ---- | M] () -- C:\Users\Joe\Desktop\dds.PIF
[2012/10/10 07:22:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.com
[2012/10/09 22:00:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\dds.scr
[2012/10/09 21:47:45 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/10/09 21:45:35 | 001,422,336 | ---- | M] () -- C:\Users\Joe\Desktop\RogueKiller.exe
[2012/10/09 21:04:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/09 20:40:40 | 000,000,874 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/09 20:40:40 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/11 21:32:07 | 000,001,867 | ---- | M] () -- C:\Users\Joe\.powerupdate.user.properties
========== Files Created - No Company Name ==========
[2012/10/10 08:38:03 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat
[2012/10/10 08:00:49 | 000,002,855 | ---- | C] () -- C:\Users\Joe\Desktop\dds.PIF
[2012/10/09 22:00:54 | 001,422,336 | ---- | C] () -- C:\Users\Joe\Desktop\RogueKiller.exe
[2012/10/09 21:47:45 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012/10/09 21:04:57 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/11 21:32:07 | 000,001,867 | ---- | C] () -- C:\Users\Joe\.powerupdate.user.properties
[2011/08/16 21:57:50 | 000,000,680 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/02/13 07:49:36 | 000,002,716 | -H-- | C] () -- C:\Users\Joe\.strange-eons-settings
[2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Users\Joe\.strange-eons-editor-session
[2009/02/13 07:49:16 | 000,000,000 | -H-- | C] () -- C:\Users\Joe\.strange-eons-user-dict
[2007/02/18 20:20:45 | 000,000,552 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d8caps.dat
[2007/02/15 20:41:11 | 000,099,328 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2012/02/08 13:19:59 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB38361$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N4P7ZWKR\t.cxt.ms\lso.swf\u.sol
[2012/02/08 09:09:05 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB38361$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N4P7ZWKR\wbads.vo.llnwd.net\o25\u
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/02/12 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Acer
[2010/06/09 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Amazon
[2010/08/24 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\AVICFeeds
[2012/09/11 21:45:19 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\CmapTools
[2012/10/10 08:10:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Dropbox
[2011/12/02 22:23:38 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Electronic Arts
[2009/01/04 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Flickr
[2009/02/10 16:47:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FloodLightGames
[2012/02/08 19:19:16 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FreeAudioPack
[2007/02/12 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech
[2012/10/10 08:12:02 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\MotoCast
[2012/09/09 08:02:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Motorola
[2007/05/19 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PureEdge
[2011/04/25 17:18:20 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ScanSoft
[2012/07/16 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Unity
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB38361$] -> Error: Cannot create file handle -> Unknown point type
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 10/10/2012 8:40:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.20% Memory free
6.20 Gb Paging File | 5.17 Gb Available in Paging File | 83.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.61 Gb Total Space | 84.55 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
Drive D: | 137.71 Gb Total Space | 96.44 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive E: | 2.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"55567:TCP" = 55567:TCP:*:Enabled:RosettaStoneLtdServices Port 55567
"55570:TCP" = 55570:TCP:*:Enabled:RosettaStoneLtdServices Port 55570
"55568:TCP" = 55568:TCP:*:Enabled:RosettaStoneLtdServer Port 55568
"55569:TCP" = 55569:TCP:*:Enabled:RosettaStoneLtdController Port 55569
"55566:TCP" = 55566:TCP:*:Enabled:RosettaStoneLtdServices Port 55566
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe:*:Enabled:RosettaStoneLtdController -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:*:Enabled:RosettaStoneLtdServices -- ()
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe:*:Enabled:RosettaStoneLtdServer -- (Rosetta Stone Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689650B-C576-472B-A3BC-70E124B2EE02}" = lport=55566 | protocol=6 | dir=out | name=rosettastoneltdservices port 55566 |
"{09E58C8A-D4CE-42DF-9DF0-F19A9D90F098}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15CEEB51-BDF4-4227-9E80-81E70040DE3F}" = lport=55570 | protocol=6 | dir=out | name=rosettastoneltdservices port 55570 |
"{18D1CDCB-BB08-4903-9391-E34D3545E692}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D677432-C2E1-429D-9674-94A606BE6645}" = lport=55569 | protocol=6 | dir=out | name=rosettastoneltdcontroller port 55569 |
"{31C2A865-1DCE-4FF3-9BD1-BA558CA11D97}" = lport=55567 | protocol=6 | dir=out | name=rosettastoneltdservices port 55567 |
"{40416435-F35B-4868-928F-8BE1383C8D4F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49519BCF-5135-4742-90AF-48470C71ABD4}" = lport=55569 | protocol=6 | dir=in | name=rosettastoneltdcontroller port 55569 |
"{56B32F68-26F2-490C-A4C9-EBCD30979A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{58DCC18D-7E06-4188-8BCE-F846F4853ED3}" = lport=55567 | protocol=6 | dir=in | name=rosettastoneltdservices port 55567 |
"{690D2EB7-B944-468D-AA51-CE1C8A5F8847}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8465F3A1-5737-4028-8212-3E90FF15D09D}" = lport=55568 | protocol=6 | dir=out | name=rosettastoneltdserver port 55568 |
"{87BF9FE7-A418-46EE-A0F0-3792E2992E59}" = rport=10243 | protocol=6 | dir=out | app=system |
"{88C99F19-3F3C-4B9B-90AA-B44A3EFA7408}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5009E28-65B2-47C6-A38A-CD3867CA44C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D659C140-9608-4CBA-9412-5DDB3708F1B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAE12C66-097B-499D-907A-CF3479FC055C}" = lport=55568 | protocol=6 | dir=in | name=rosettastoneltdserver port 55568 |
"{EE8C9053-A812-4492-B172-D3BEEEFC206D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F712A96A-4E52-47BB-AFC1-AD397FB45E85}" = lport=55566 | protocol=6 | dir=in | name=rosettastoneltdservices port 55566 |
"{FB89B564-6614-42A0-9D3F-8638B800900E}" = lport=55570 | protocol=6 | dir=in | name=rosettastoneltdservices port 55570 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02409618-3ABD-468B-97C9-762B2C55FE44}" = protocol=6 | dir=out | app=system |
"{07DC014F-7BF4-47E3-A78C-6F55F97819C5}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdserver.exe |
"{0ABC62F1-B29E-4564-AC59-EFD3649C1865}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0F45AE59-9004-45D8-BE9C-158480CD42CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24834E4C-3087-4CB8-9737-1861FA19C972}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdcontroller.exe |
"{300FC74B-2318-4D14-AC53-306200A8835E}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{3386C163-E6F4-438A-9882-E9A8FCF60B6D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{40295A2A-3A92-4C66-ADB9-BA76F74DC7B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47C39F74-3446-4FB4-B64D-B39E7559E330}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{4F8E4EAB-25F5-4C75-95FC-31EE6B7C5A64}" = dir=in | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{51590D0B-8961-443C-8915-44929F3ACA39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51FD9217-0408-4F1D-A7B1-A65B22EB27F5}" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe |
"{593C912D-576F-4E21-9543-B9250C0A28D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A594B6A-1F8E-443D-901A-E7CAEE929B65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D00E858-E1DA-49AC-B921-43501069DE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7248EE68-76C1-45C7-9C47-044DD681AC90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7800F2C0-61EC-46EF-9BD3-FE42189A9553}" = dir=out | app=c:\program files\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{78402537-7529-404A-A2E9-A8D68697B596}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdcontroller.exe |
"{7967405D-3F42-4CB4-B8B4-717F407013A2}" = dir=in | app=c:\program files\motorola mobility\motocast\motocast.exe |
"{8B06D77D-2F86-43A3-8B5B-39C2DF393B13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C4DD988-5704-493D-8616-DEEFE1C614B6}" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe |
"{9CE01A5F-513C-439F-BFE0-079DCF3FF552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F893350-2C76-43AA-8588-ADD332EA2997}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A928FCD1-4276-4B12-AB94-4E638A5BE2A8}" = dir=out | app=c:\program files\motorola mobility\motocast\motocast.exe |
"{B580988E-2F00-444E-BFE5-A9F39CC5966C}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{C5FFB29A-8D5D-4F9E-BF6C-5121C513CAD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCA16330-532E-471C-915C-9085BC35F2EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E101189B-4644-4E5F-952B-8AB20BBCB70A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6F32A35-4EC1-4998-8D7C-B64A5B6B4133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3DCEC0F-2610-496D-AA55-0C1019D3EA55}" = dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdserver.exe |
"TCP Query User{3C00E1D7-9488-4F0C-B997-96697B48DD5E}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe |
"TCP Query User{3F602C5D-0321-49B8-86D7-BBD05CC30B4E}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{408BF19B-BAEA-4348-8D3E-7637A4E9E0EF}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe |
"TCP Query User{6B44D16D-3815-4904-9F50-D5DC011FF14C}C:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8DC87BD9-9973-4197-B828-F4E96C536C3A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9A200B56-DC7C-49F9-AF88-A982BCF87724}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AA69FA27-C0D2-4568-8B25-0116AA4F2F3F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ACBF0BBB-FA4E-4300-81DD-5AC39E4471B9}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=6 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe |
"UDP Query User{24A8F7B3-9F00-4388-9A27-5210981D33CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{607F7202-8CCA-4FF7-8019-3EA6FBD2BB92}C:\program files\java\jre6\launch4j-tmp\strange-eons.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\strange-eons.exe |
"UDP Query User{6E81629D-83BE-4EC7-9B82-D147F917E6D4}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe |
"UDP Query User{7FE35512-8F91-4EAC-8465-FC9E1E2CC58A}C:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\joe\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{90041FF3-0B93-4E7F-94C1-0B6348C61344}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{911C4B21-4A86-4BF8-A998-663AA5D06763}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D3FB173B-531C-4C27-AED3-CFF3A5E4E5FE}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{D6667EE9-6CCF-41C4-9941-BEB978347864}C:\program files\yahoo! games\inspector parker\parker.exe" = protocol=17 | dir=in | app=c:\program files\yahoo! games\inspector parker\parker.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{1D8BBD52-90D4-4B20-8C4C-2160C21A07DE}" = AVIC FEEDS
"{20F8DC31-F965-4DD6-BC8A-2820C25A3ED0}" = ApproveIt Desktop 5.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F6CF9E4-91EC-45BB-B5C5-9B31DACC429C}" = Motorola Mobile Drivers Installation 5.3.0
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3960C3B3-4F51-47EA-815E-EC73AA525ADE}" = Sun Java System Connector for Microsoft Outlook 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB1AE258-8DDD-4F54-B2EB-AC02EC4C6FAB}" = Rosetta Stone Ltd Services
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agatha Christie - Death on the Nile" = Agatha Christie - Death on the Nile (remove only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Defraggler" = Defraggler
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Inspector Parker" = Inspector Parker
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.1.9 Driver 5.3.0
"Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recuva" = Recuva
"Speccy" = Speccy
"STANDARDR" = Microsoft Office Standard 2007 Trial
"StrangeEons" = Strange Eons
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VASSAL (3.1.15)" = VASSAL (3.1.15)
"VUE" = VUE 3.1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-452256800-3484198201-3087025338-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.2.0
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ ActivIdentity Events ]
Error - 2/24/2010 12:32:13 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769
Description = No exchange account
Error - 2/24/2010 12:38:21 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769
Description = No exchange account
Error - 2/24/2010 1:19:23 AM | Computer Name = Joe-PC | Source = ActivClient | ID = 769
Description = No exchange account
[ Application Events ]
Error - 7/12/2012 5:43:07 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp
0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xaa4, application
start time 0x01cd607751d62d90.
Error - 7/13/2012 1:20:44 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp
0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xbf8, application
start time 0x01cd611bd47c3509.
Error - 7/13/2012 1:26:53 PM | Computer Name = Joe-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 7/13/2012 1:30:24 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application EXCEL.EXE, version 12.0.6661.5000, time stamp
0x4f7cda6d, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xebc, application
start time 0x01cd611d2c5ee223.
Error - 7/13/2012 4:57:02 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp
0x4de50c7e, faulting module ppcore.dll, version 12.0.6654.5000, time stamp 0x4e8d280f,
exception code 0xc0000005, fault offset 0x0000b2c3, process id 0x900, application
start time 0x01cd611d0a141323.
Error - 8/1/2012 10:35:49 PM | Computer Name = Joe-PC | Source = Perflib | ID = 1010
Description =
Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/10/2012 8:15:02 PM | Computer Name = Joe-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 9/17/2009 11:54:45 PM | Computer Name = Joe-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ OSession Events ]
Error - 2/23/2011 4:26:33 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 232
seconds with 120 seconds of active time. This session ended with a crash.
Error - 2/23/2011 4:28:49 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 115
seconds with 60 seconds of active time. This session ended with a crash.
Error - 2/23/2011 4:31:05 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
seconds with 60 seconds of active time. This session ended with a crash.
Error - 2/23/2011 4:32:21 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/2/2011 12:40:27 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/10/2011 8:22:21 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 616
seconds with 600 seconds of active time. This session ended with a crash.
Error - 12/22/2011 5:44:08 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/12/2012 5:43:07 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2012 1:20:43 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2012 1:30:24 PM | Computer Name = Joe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10/10/2012 10:07:21 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/10/2012 10:19:29 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:13:45 AM on 10/10/2012 was unexpected.
Error - 10/10/2012 10:19:51 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/10/2012 10:19:51 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/10/2012 10:27:46 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:24:29 AM on 10/10/2012 was unexpected.
Error - 10/10/2012 10:28:02 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/10/2012 10:28:02 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/10/2012 11:10:05 AM | Computer Name = Joe-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:01:46 AM on 10/10/2012 was unexpected.
Error - 10/10/2012 11:10:19 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/10/2012 11:10:19 AM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
-----------------------------------------------------------------------------------
Thanks again for your help.
-
My computer has been infected by malware that redirects my google search results to random websites. When the problem first started, Malwarebytes was actually able to find it and supposedly get rid of it, but now the problem is back and neither my TrendMicro or Malwarebytes seem to be able to see it.
As directed, I downloaded DDS and tried to run it, but every time I open it it results in my computer freezing. It opens, runs for a few minutes, seems to be working, then everything freezes. I have turned off my TrendMicro and the active protection feature in Windows Defender in order to enable the script to run without interference. Is there something I'm missing?
Before I read about DDS I had downloaded and run RogueKiller. The report is pasted below. Don't know if this helps or not.
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Joe [Admin rights]
Mode : Scan -- Date : 10/09/2012 21:48:47
¤¤¤ Bad processes : 3 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll -> UNLOADED
[sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll -> KILLED [TermProc]
[sUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Dropbox (rundll32.exe C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll,GetImporterInterface) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-452256800-3484198201-3087025338-1000[...]\Run : Dropbox (rundll32.exe C:\Users\Joe\AppData\Local\Dropbox\khtbwxtb.dll,GetImporterInterface) -> FOUND
[TASK][sUSP PATH] {5C83FDEC-3EEC-4420-86F9-BF192C89220D} : C:\Windows\System32\pcalua.exe -a "C:\Users\Joe\Desktop\ActiveClientCAC_DoDRoot\InstallRootCerts\InstallRoot v2.16(A).exe" -d C:\Users\Joe\Desktop\ActiveClientCAC_DoDRoot\InstallRootCerts -> FOUND
[TASK][sUSP PATH] {D3E9814B-C704-45CE-A3AE-885BE5F36D63} : C:\Windows\System32\pcalua.exe -a C:\Users\Joe\Desktop\InstallRoot_v2_20A-B-S\InstallRoot_v2.20A.exe -d C:\Users\Joe\Desktop\InstallRoot_v2_20A-B-S -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x825FD140 -> HOOKED (Unknown @ 0x884FD0A0)
SSDT[67] : NtCreateMutant @ 0x8262E812 -> HOOKED (Unknown @ 0x884FE3E0)
SSDT[72] : NtCreateProcess @ 0x8269FDAB -> HOOKED (Unknown @ 0x884FC2E0)
SSDT[73] : NtCreateProcessEx @ 0x8269FDF6 -> HOOKED (Unknown @ 0x884FC5A0)
SSDT[78] : NtCreateThread @ 0x8269FBE0 -> HOOKED (Unknown @ 0x884FDF00)
SSDT[123] : NtDeleteKey @ 0x825C0727 -> HOOKED (Unknown @ 0x884FD620)
SSDT[126] : NtDeleteValueKey @ 0x825BBCC8 -> HOOKED (Unknown @ 0x884FD8E0)
SSDT[165] : NtLoadDriver @ 0x82579DEE -> HOOKED (Unknown @ 0x884FE240)
SSDT[194] : NtOpenProcess @ 0x8262EFAE -> HOOKED (Unknown @ 0x884FCB20)
SSDT[317] : NtSetSystemInformation @ 0x825F4EEB -> HOOKED (Unknown @ 0x884FE580)
SSDT[324] : NtSetValueKey @ 0x825EC3C2 -> HOOKED (Unknown @ 0x884FD360)
SSDT[334] : NtTerminateProcess @ 0x825FF143 -> HOOKED (Unknown @ 0x884FCDE0)
SSDT[358] : NtWriteVirtualMemory @ 0x8261B92D -> HOOKED (Unknown @ 0x884FDD60)
SSDT[382] : NtCreateThreadEx @ 0x82629FE9 -> HOOKED (Unknown @ 0x884FE0A0)
SSDT[383] : NtCreateUserProcess @ 0x825D7C11 -> HOOKED (Unknown @ 0x884FC860)
S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x884FEBE0)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x884FEA00)
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
Thanks for your help.
Google redirect malware
in Resolved Malware Removal Logs
Posted
Seems ok. Am I malware-free now? Should I do anything further?