Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Flaky Acer Laptop Behavior [Closed]


  • This topic is locked This topic is locked

#1
girolamous

girolamous

    New Member

  • Member
  • Pip
  • 7 posts
Hi,
I have an Acer 4420 Extensa laptop with Vista Home Premium installed (OEM). About two months ago, the computer began acting weird, with the mouse hanging up during motion, and the whole computer pausing with whatever is on the screen going gradually whiter (losing contrast). Then, after anywhere between 10 seconds and 10 minutes, the computer will snap back to awareness and function normally for minutes before it happens again.
I've tried rebooting and doing hard drive scans, booting in safe mode (same whitening things happen), and rolling back to restore points as much as two years old (although system restore was not enabled, only data restore). The computer is running Windows Defender, MBAM, and Ad-Aware, and recently I downloaded House Call and did a full scan. That found two viruses, TROJ_JAVADL.A and Packed.Win32.TDSS.z which were removed. That didn't seem to change the behavior at all. I just ran ComboFix, and got this result, which seems to indicate no current infection. Any ideas are welcomed?

ComboFix 13-01-05.01 - Mom's Computer 01/06/2013 7:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.935 [GMT -7:00]
Running from: c:\users\Mom's Computer\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mom's Computer\AppData\Roaming\GetValue.vbs
c:\users\Mom's Computer\o.dat
D:\resycled
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 14:40 . 2013-01-06 14:40 -------- dc----w- c:\users\Mom's Computer\AppData\Local\temp
2013-01-06 14:40 . 2013-01-06 14:40 -------- dc----w- c:\users\Default\AppData\Local\temp
2013-01-06 14:40 . 2013-01-06 14:40 -------- d-----w- c:\users\jhelffrich\AppData\Local\temp
2013-01-04 23:43 . 2013-01-04 23:43 -------- dc----w- c:\program files\WinDirStat
2013-01-04 09:07 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{546144DB-8D6C-4DEA-9371-DB6A809B6F99}\mpengine.dll
2012-12-25 13:53 . 2012-12-25 13:53 -------- dc----w- c:\program files\LinuxLive USB Creator
2012-12-24 15:58 . 2012-12-24 15:59 -------- d-----w- c:\users\jhelffrich\AppData\Local\Microsoft Games
2012-12-23 15:10 . 2012-07-26 02:46 9728 -c--a-w- c:\windows\system32\Wdfres.dll
2012-12-23 15:10 . 2012-07-26 02:33 66560 -c--a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-23 15:10 . 2012-07-26 02:32 155136 -c--a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-23 15:10 . 2012-07-26 03:20 73216 -c--a-w- c:\windows\system32\WUDFSvc.dll
2012-12-23 15:10 . 2012-07-26 03:20 172032 -c--a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-23 15:10 . 2009-07-14 12:12 16896 -c--a-w- c:\windows\system32\winusb.dll
2012-12-23 15:10 . 2012-07-26 03:39 526952 -c--a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-23 15:10 . 2012-07-26 03:39 47720 -c--a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-23 15:10 . 2012-07-26 03:21 196608 -c--a-w- c:\windows\system32\WUDFHost.exe
2012-12-23 15:10 . 2012-07-26 03:20 38912 -c--a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-23 15:10 . 2012-07-26 03:20 613888 -c--a-w- c:\windows\system32\WUDFx.dll
2012-12-23 15:09 . 2012-08-21 11:47 224640 -c--a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-23 15:09 . 2012-11-02 10:18 376320 -c--a-w- c:\windows\system32\dpnet.dll
2012-12-23 15:09 . 2012-11-02 08:26 23040 -c--a-w- c:\windows\system32\dpnsvr.exe
2012-12-23 15:09 . 2012-11-13 01:36 2048000 -c--a-w- c:\windows\system32\win32k.sys
2012-12-23 15:08 . 2012-11-13 01:29 2048 -c--a-w- c:\windows\system32\tzres.dll
2012-12-23 15:04 . 2012-12-16 13:12 34304 -c--a-w- c:\windows\system32\atmlib.dll
2012-12-23 15:04 . 2012-12-16 10:50 293376 -c--a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 21:25 . 2012-04-09 12:49 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-23 21:25 . 2011-07-30 15:17 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-01-18 08:53 . 2011-01-18 08:53 2994688 -c--a-w- c:\program files\openofficeorg33.msi
2011-01-18 08:52 . 2011-01-18 08:52 475016 -c--a-w- c:\program files\setup.exe
2009-05-03 15:52 . 2009-05-03 15:52 53760 -c--a-w- c:\program files\DRTCP021.exe
2008-11-09 06:44 . 2008-11-09 06:43 1347072 -c--a-w- c:\program files\sherlock.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RockMelt Update"="c:\users\Mom's Computer\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-10-08 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2012-10-08 1191768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2012-06-07 663360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-29 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4069822483-3685512462-2540206582-1003]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 00044930;00044930; [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:25]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003Core.job
- c:\users\Mom's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-10 04:21]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003UA.job
- c:\users\Mom's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-10 04:21]
.
2013-01-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003Core.job
- c:\users\Mom's Computer\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-10-08 05:16]
.
2013-01-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003UA.job
- c:\users\Mom's Computer\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-10-08 05:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
HKLM-Run-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-Acer Product Registration - c:\program files\Acer\Acer Registration\ACE1.exe
HKLM-Run-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-SolutoService
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 07:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000007B0EFC43FE1FC0F470 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4069822483-3685512462-2540206582-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{895BFDE3-F199-4028-8F9D-2D5E8CDDF497}*ALID*]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Users\\Mom's Computer\\AppData\\Local\\Roblox\\Versions\\version-d2e4e6e567c64738\\"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-01-06 07:43:08
ComboFix-quarantined-files.txt 2013-01-06 14:43
.
Pre-Run: 1,542,254,592 bytes free
Post-Run: 2,051,522,560 bytes free
.
- - End Of File - - 6266AF6A489B5819AAC1D495EC5BAD5A
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hello girolamous and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi -
You should not run Combofix without supervision - having said that, no harm done.
I don't know if malware is the cause of your screen whitening issue, but we will find that out soon.
Let's take a different look at your system -

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply I would like to see:
  • OTL custom scan log
  • Extras.txt log file from OTL
  • TDSSKiller log file

  • 0

#3
girolamous

girolamous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the result of OTL
OTL logfile created on: 1/6/2013 20:11:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 58.38% Memory free
3.73 Gb Paging File | 2.86 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 1.96 Gb Free Space | 3.85% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 20.17 Gb Free Space | 39.55% Space Free | Partition Type: NTFS

Computer Name: JUDI | User Name: Mom's Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 20:25:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Public\OTL.exe
PRC - [2012/06/07 02:14:25 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 19:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/07 17:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/07 12:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/05 12:35:54 | 000,094,208 | ---- | M] (sonix) -- C:\Windows\PLFSetL.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 03:42:25 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012/11/18 03:42:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 03:40:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/18 03:39:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/18 03:39:23 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/18 03:37:37 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/18 03:37:23 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2008/05/26 19:28:34 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/05/26 19:28:34 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2990.37154__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/05/26 19:28:34 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/05/26 19:28:34 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/05/26 19:28:34 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/05/26 19:28:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/05/26 19:28:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/05/26 19:28:34 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/05/26 19:28:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/05/26 19:28:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/05/26 19:28:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/05/26 19:28:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/05/26 19:28:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/05/26 19:28:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/05/26 19:28:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/05/26 19:28:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/05/26 19:28:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/05/26 19:28:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/05/26 19:28:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/05/26 19:28:31 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/05/26 19:28:31 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/05/26 19:28:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/05/26 19:28:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/05/26 19:28:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/05/26 19:28:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/05/26 19:28:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/05/26 19:28:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/05/26 19:28:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/05/26 19:28:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/05/26 19:28:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/05/26 19:28:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/05/26 19:28:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/05/26 19:28:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/05/26 19:28:30 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/05/26 19:28:30 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/05/26 19:28:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/05/26 19:28:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/05/26 19:28:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/05/26 19:28:29 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/05/26 19:28:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/05/26 19:28:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/05/26 19:28:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/05/26 19:28:22 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/05/26 19:28:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/05/26 19:28:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/05/26 19:28:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/05/26 19:28:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/05/26 19:28:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/05/26 19:28:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/05/26 19:28:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/05/26 19:28:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/05/26 19:28:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/05/26 19:28:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/05/26 19:28:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/05/26 19:28:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll
MOD - [2008/05/26 19:28:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/05/26 19:28:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/05/26 19:28:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/03/09 23:01:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - File not found [On_Demand | Stopped] -- C:\Users\JHELFF~1\AppData\Local\Temp\FES.exe -- (FES)
SRV - [2012/12/23 14:25:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/07 02:14:25 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/06 15:24:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 19:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 19:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/11/27 18:54:36 | 000,110,592 | ---- | M] () [On_Demand | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\MOM'SC~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (00044930)
DRV - [2012/03/10 18:23:55 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/12/23 06:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/30 00:32:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 00:31:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/12/01 17:34:27 | 000,029,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisprot.sys -- (Ndisprot)
DRV - [2008/03/09 23:58:40 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/04/03 11:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 17:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007/03/20 05:21:18 | 000,046,848 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr7910.sys -- (mr7910)
DRV - [2007/03/09 15:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 19 EE 03 19 D3 CB 01 [binary data]
IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VLC Player\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mom's Computer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mom's Computer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: File not found


[2009/01/16 18:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom's Computer\AppData\Roaming\mozilla\Extensions
[2011/07/07 15:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom's Computer\AppData\Roaming\mozilla\Firefox\Profiles\79yuescn.default\extensions
[2010/05/27 21:09:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom's Computer\AppData\Roaming\mozilla\Firefox\Profiles\79yuescn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/27 21:09:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mom's Computer\AppData\Roaming\mozilla\Firefox\Profiles\79yuescn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/04 11:38:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mom's Computer\AppData\Roaming\mozilla\Firefox\Profiles\79yuescn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC Player\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mom's Computer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Mom's Computer\AppData\Local\Roblox\Versions\version-76ed5b3c6cb0467f\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Readability = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi\1.13_0\
CHR - Extension: Gmail = C:\Users\Mom's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/06 07:40:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003..\Run: [RockMelt Update] C:\Users\Mom's Computer\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D6DE68-0DCE-4EC9-BFFE-637F13F6926D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{534F7A1C-9D81-434D-B2B8-27B0F69481B7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom's Computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mom's Computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4069822483-3685512462-2540206582-1003\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 07:43:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/06 07:43:10 | 000,000,000 | ---D | C] -- C:\Users\Mom's Computer\AppData\Local\temp
[2013/01/06 07:27:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/06 07:27:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/06 07:27:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/06 07:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/04 16:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/01/04 16:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2012/12/25 06:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\LinuxLive USB Creator
[2012/03/01 17:54:51 | 002,723,264 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\vcredist_x86.exe
[2009/05/03 08:52:00 | 000,053,760 | ---- | C] (Tolunay Orkun) -- C:\Program Files\DRTCP021.exe

========== Files - Modified Within 30 Days ==========

[2013/01/06 20:08:09 | 002,623,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/06 20:08:09 | 000,825,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/06 19:35:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003UA.job
[2013/01/06 19:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/06 19:21:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003UA.job
[2013/01/06 19:13:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 19:13:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/06 17:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 07:40:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/05 23:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003Core.job
[2013/01/05 20:11:58 | 000,197,978 | ---- | M] () -- C:\Users\Mom's Computer\AppData\Local\census.cache
[2013/01/05 20:11:48 | 000,000,000 | ---- | M] () -- C:\Users\Mom's Computer\AppData\Local\ars.cache
[2013/01/05 19:28:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013/01/05 19:28:30 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013/01/05 08:28:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4069822483-3685512462-2540206582-1003Core.job
[2013/01/04 16:43:12 | 000,000,792 | ---- | M] () -- C:\Users\Mom's Computer\Desktop\WinDirStat.lnk
[2012/12/29 09:51:47 | 000,391,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/23 22:56:36 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/23 10:50:24 | 000,001,962 | ---- | M] () -- C:\Users\Mom's Computer\Desktop\RockMelt.lnk
[2012/12/23 10:44:26 | 000,002,053 | ---- | M] () -- C:\Users\Mom's Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/01/06 07:27:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/06 07:27:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/06 07:27:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/06 07:27:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/06 07:27:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/05 20:11:58 | 000,197,978 | ---- | C] () -- C:\Users\Mom's Computer\AppData\Local\census.cache
[2013/01/05 20:11:48 | 000,000,000 | ---- | C] () -- C:\Users\Mom's Computer\AppData\Local\ars.cache
[2013/01/05 13:09:32 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2013/01/04 16:43:12 | 000,000,792 | ---- | C] () -- C:\Users\Mom's Computer\Desktop\WinDirStat.lnk
[2012/12/23 22:56:36 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/23 08:10:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/23 08:10:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/03/14 04:59:51 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/03/14 04:59:51 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/03/01 17:57:00 | 022,338,277 | ---- | C] () -- C:\ProgramData\disk1.cab
[2012/03/01 17:56:58 | 001,479,680 | ---- | C] () -- C:\ProgramData\Tunebite-setup.msi
[2011/10/16 20:33:25 | 000,196,673 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/10/16 20:33:25 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2011/02/08 18:55:26 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/08 17:59:29 | 000,000,036 | ---- | C] () -- C:\Users\Mom's Computer\AppData\Local\housecall.guid.cache
[2011/01/18 01:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/18 01:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/18 01:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/18 01:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010/09/19 06:21:26 | 000,123,028 | ---- | C] () -- C:\Users\Mom's Computer\Untitled.png
[2010/08/05 13:54:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/26 12:19:08 | 000,000,218 | ---- | C] () -- C:\Users\Mom's Computer\.recently-used.xbel
[2010/06/26 10:53:59 | 000,000,632 | RHS- | C] () -- C:\Users\Mom's Computer\ntuser.pol
[2010/04/17 07:52:24 | 000,000,075 | ---- | C] () -- C:\Users\Mom's Computer\jagex_runescape_preferences2.dat
[2010/04/17 07:52:24 | 000,000,000 | ---- | C] () -- C:\Users\Mom's Computer\jagex__preferences3.dat
[2010/04/17 07:51:18 | 000,000,041 | ---- | C] () -- C:\Users\Mom's Computer\jagex_runescape_preferences.dat
[2009/05/19 20:44:12 | 000,000,680 | ---- | C] () -- C:\Users\Mom's Computer\AppData\Local\d3d9caps.dat
[2009/03/15 10:16:35 | 000,000,035 | ---- | C] () -- C:\Users\Mom's Computer\AppData\Roaming\SetValue.bat
[2008/11/08 23:43:40 | 001,347,072 | ---- | C] () -- C:\Program Files\sherlock.exe
[2008/08/21 21:45:38 | 000,230,912 | ---- | C] () -- C:\Users\Mom's Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/08/22 09:19:10 | 000,000,000 | ---D | M] -- C:\Users\jhelffrich\AppData\Roaming\AT&T
[2011/07/30 09:25:06 | 000,000,000 | ---D | M] -- C:\Users\jhelffrich\AppData\Roaming\LEGO Company
[2011/07/30 08:19:21 | 000,000,000 | ---D | M] -- C:\Users\jhelffrich\AppData\Roaming\OverDrive
[2012/02/26 09:01:58 | 000,000,000 | ---D | M] -- C:\Users\jhelffrich\AppData\Roaming\uTorrent
[2008/08/16 06:00:13 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\Acer
[2009/04/30 20:27:58 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\AT&T
[2012/10/03 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\Dropbox
[2010/06/26 10:08:50 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\gtk-2.0
[2008/08/16 06:00:08 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\Leadertech
[2010/09/16 16:50:46 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\LEGO Company
[2012/04/07 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\Notepad++
[2009/04/10 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\OpenOffice.org
[2011/01/04 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\OverDrive
[2009/06/12 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\ScanSoft
[2011/02/08 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\Soluto
[2013/01/06 07:20:48 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\uTorrent
[2010/06/26 12:19:08 | 000,000,000 | ---D | M] -- C:\Users\Mom's Computer\AppData\Roaming\Wireshark

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 02:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 19:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 19:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 19:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 17:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 19:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/10 23:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 19:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/10 23:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/10 23:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 19:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 19:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 19:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 19:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 19:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/10 23:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 07:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/10 23:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 19:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/10 23:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 19:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 09:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/10 23:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 11:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/10 23:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/10 23:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 19:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/10 23:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/10 23:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/10 23:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 12:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 04:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 19:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/20 19:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 05:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 19:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/12/26 09:01:21 | 000,000,446 | ---- | M] () MD5=44B9F14FAA58D9533940B583EADC9AFB -- C:\Users\Mom's Computer\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\CME3CA5X\mochiads.com\services.mochiads.com.sol
[2012/10/18 18:53:19 | 000,000,391 | ---- | M] () MD5=846D2B94955AC4FA1BA22F0A380C2D70 -- C:\Users\jhelffrich\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4684EH3L\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 05:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 05:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2010/05/20 22:08:00 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/20 22:01:50 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 00:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 00:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 00:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

< MD5 for: WINSOCK.H >
[2010/04/19 19:44:40 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.1\Include\WinSock.h

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ED51D3ED
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Here's Extras.txt
OTL Extras logfile created on: 1/6/2013 20:11:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Public
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 58.38% Memory free
3.73 Gb Paging File | 2.86 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 1.96 Gb Free Space | 3.85% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 20.17 Gb Free Space | 39.55% Space Free | Partition Type: NTFS

Computer Name: JUDI | User Name: Mom's Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4069822483-3685512462-2540206582-1003]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040D43DF-1E56-414F-BEBC-7BD22A0286E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{084850E9-B1B5-41F1-A8F6-23A9C1DC77C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EE534B1-27D6-4A93-98D1-8F2B7FC3E431}" = rport=137 | protocol=17 | dir=out | app=system |
"{1C780317-0582-4103-894A-38437C3CD469}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24C761B9-6837-4EF2-9B91-9C3B7191E8AA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2D57D928-A6DC-407D-8C5C-7A27B4D98864}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{3370F914-DD80-4388-A340-58C44EC7C028}" = lport=445 | protocol=6 | dir=in | app=system |
"{3DC1E2B8-E5DE-40AB-8200-4DE7EAD9AEEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40C126B8-07A6-42C3-AFB9-E037C9246719}" = rport=139 | protocol=6 | dir=out | app=system |
"{417B8560-91A7-49A2-9371-64884BE3FD0A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{433E2A02-8E09-498A-85D4-469833DEC7CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{434ED976-B671-4FEE-9740-0E18C35BB10D}" = lport=138 | protocol=17 | dir=in | app=system |
"{45A136C8-1763-4C5A-AE80-90768205AEF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{4E99FD33-1061-4FFC-AA0E-3C9140492982}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{57C2BE9C-9254-4AFB-ACD3-F78675AD079B}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CCDA068-EBCA-4E0B-B7B0-F4A03B395122}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{628E6CA2-B822-49FE-B010-9E13E7439C6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C75BBE5-67FD-4301-9BDE-0F851339AF43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{7F1FB530-DB3F-418B-BE38-7840D456E0A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{832C3698-6BD6-47B2-8ABC-DE041EA1C3FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8DF6EDB5-7393-4751-9FEF-D1D405957A02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EF0C3A6-2737-43AC-B7D3-7D8FFDBFB03D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{913FC762-70CF-4EE1-A392-95290E972F69}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{95787F74-EB4A-45AB-B60F-20E17696B95A}" = rport=445 | protocol=6 | dir=out | app=system |
"{95E1A4B3-DD8C-4D31-8A3D-B28EA5241703}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B039452-9268-4284-B5F0-245CFB7AA09A}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E78A89B-DEFA-4AB3-9B85-72CE584DE5A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A041479E-A8AD-4241-9864-5F1FC49341B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{B7AC8E5E-8E8E-4858-9B8C-FFD64644BB8B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BB809B07-2299-48E8-9483-A15911FC7B9F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C984B49F-7998-4D15-8368-207E583E25F6}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C9D4A28C-C236-429E-A7C7-0DDB350E172D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D664B500-4808-464C-97C0-3A911CDAA11C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{EB09A691-6E25-4369-BAF2-5A94291A7677}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDD680D7-1375-46D6-B611-6764D682CE4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EEDD523D-11B3-4647-B1CF-696424F70C08}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F44687DB-A612-4451-A8A2-FA7BE9E9316E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5B5899D-E665-40F3-973A-632F8C176B64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BE20EF-17C6-4E78-8C11-C81374BCE631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01C1F8F8-E400-4480-B13F-49563627180C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{063B2047-98E8-47D0-B327-9B5DC3B974DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{17096092-CD2B-4D04-9980-76AAE050FF81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{2231CA9D-EFC7-42E4-9086-45D6C57CAB4A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{2903B50D-4B91-43E8-96BA-8D98733710C9}" = protocol=58 | dir=in | [email protected],-148 |
"{335B4B0F-297D-4ACB-A16C-749CB9D7C0C7}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{34CC9300-C481-4404-9406-0337C807907A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D070F18-A06B-4C08-82DC-F4A2469739BE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4E4B075E-F932-44E6-A345-74AEB280EC25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{54CEB7F4-CEC9-4195-A196-D43D67DAC546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C2D8182-B765-4102-A212-70580161B80A}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{678DF541-686F-44F2-AAC9-3A488D5A2C54}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{6B3F2E22-17C5-4322-BE8D-9067344C9439}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{6E836F85-9945-4277-B9D0-5F5D1D8338EC}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{76E207D0-42AF-44E4-B270-199AFF1B0A99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7C5BA463-5CB3-47B3-B25F-143746076F66}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7E9CB8D9-55AF-4B6F-84C7-CDD0E3B6B833}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8209B9AE-6466-4C73-AF70-AE243B0D3C90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{83E72B83-3249-40CB-8242-137DEFE18621}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{871C77F3-35D0-4D8D-807E-222E380213A1}" = protocol=6 | dir=out | app=system |
"{89018F46-5406-46B8-9F15-E2C6FEE7ED95}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{8AFE6EBD-CD19-45EA-9355-BA2706BB66D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9078C2ED-89A2-402B-92D2-1A8CD4A8EED1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{93D1D0B7-C4C2-442C-949E-790AFAFE0660}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{93D4BF34-33C3-447A-AB4D-103BC03FC664}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9570AFCE-1B45-4B42-8DDD-C1A021275771}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{965BD63F-B22C-4D25-9DCB-98038C22614D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B90C514-771B-4664-9D9F-D078E707DD1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2B9B72F-B0E6-4BDA-B6B2-5F35F3864F87}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{A36DC59E-553E-4CFB-9208-440A22DBFABE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{A74809F2-082C-4AB4-BC93-98E9D9DC7DA6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8418173-C0E5-434D-A773-84507B9E2525}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A88C47E4-708F-4C6F-8A20-D5D1D825439E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABC19B97-2925-4C4F-939F-2D50CACF9019}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{ABE441E8-B045-4091-8876-B7A0392BCB8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE88D2C6-9750-437B-B6D7-16B3C9E70C1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1541392-31F9-4C24-AB16-D5F693B9F296}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{B398184A-A014-4744-8128-483CAEA8C09F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{B8829280-0ACC-4AC5-83E7-7A35334EFC04}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C4BD2253-224C-4B80-8B7D-2FBBECA24CAF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{CE7F9051-F3DA-40CF-8158-630801BF9654}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D1ED3CD3-43A7-42CB-A30E-C6616E2EFDF4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D3B1ABD1-5D91-47B1-AEAF-88C3039366E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{D82CA96A-D2EB-43BE-AE5B-BE1A398EEADB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCAAC294-2130-4114-A46E-B525006EBD19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{DE77B4BA-3AC7-4186-92AD-F721DAC00674}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{DE9C20DE-DD5C-4086-A339-4B4DD73745F1}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{E1CB0D03-D8EF-4943-9C47-79C77D363E00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E24A23B6-855C-43A6-A0D5-2FE80A079F18}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{E54F3019-C46B-4D09-8BBF-A7C68C8EAEDA}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{FC2B1BBB-8522-4870-ADF5-69BECFE54F5D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"TCP Query User{36EE4BD0-9C79-4C1A-835B-D3603B84770A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{70ED7B24-FAA2-47FB-90F7-800B8CF73427}C:\program files\patriot\tran server\transcodeserver.exe" = protocol=6 | dir=in | app=c:\program files\patriot\tran server\transcodeserver.exe |
"TCP Query User{9F85B7AA-DEA8-4ABC-8B3A-2A5DD13DEEF1}C:\program files\patriot\tran server\transcodeserver.exe" = protocol=6 | dir=in | app=c:\program files\patriot\tran server\transcodeserver.exe |
"TCP Query User{BAE5E45E-6756-47DA-B1A4-E35A5668490E}C:\program files\att-sst\mccibrowser.exe" = protocol=6 | dir=in | app=c:\program files\att-sst\mccibrowser.exe |
"TCP Query User{EA4C95F2-9D47-4652-87C1-0B9F25C17987}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F9FF0391-43C2-4624-9325-A31427CD37FC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{10824C19-E5DC-481F-98B8-AD03F2E83A39}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{4AD5CDAB-468D-4A4A-9812-A75B6471C763}C:\program files\att-sst\mccibrowser.exe" = protocol=17 | dir=in | app=c:\program files\att-sst\mccibrowser.exe |
"UDP Query User{62F050DB-6185-40F3-9609-9CBE81331F31}C:\program files\patriot\tran server\transcodeserver.exe" = protocol=17 | dir=in | app=c:\program files\patriot\tran server\transcodeserver.exe |
"UDP Query User{6B1ECF27-3C19-4E31-A48B-880F7F822CB8}C:\program files\patriot\tran server\transcodeserver.exe" = protocol=17 | dir=in | app=c:\program files\patriot\tran server\transcodeserver.exe |
"UDP Query User{6DB9F07A-E873-43BE-841D-0E1891B4E677}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FB8FCA3A-EB4B-4128-A854-BE97937679F8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05224574-45E6-529E-D28F-58517A0D014D}" = Catalyst Control Center Localization Thai
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{16F3EF00-887C-0DEC-2C94-A3469A48DE68}" = Catalyst Control Center Localization Danish
"{251629BE-4EC9-DA91-E793-20AF9C28E63C}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{28751D09-32C3-F547-7984-1B6631FE4A2B}" = Catalyst Control Center Localization Korean
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B85EE0A-C326-4E77-5086-C532D7C2AB87}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42A30805-0210-8A51-2B37-8FB44F056190}" = Catalyst Control Center Localization Hungarian
"{46EE4F34-8C50-29A1-392F-86FCDA197789}" = Catalyst Control Center Localization Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61CF256E-CC63-4A4C-97CC-A48411054D60}" = HP OfficeJet J4600 All-In-One Series
"{62E056C9-E8AC-6956-C6D9-98A82E3CE0CB}" = Catalyst Control Center Graphics Light
"{645DEF6F-B828-915C-F655-84D733124870}" = Catalyst Control Center Localization Japanese
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{6BFAE410-1130-23D8-C42B-B46AF9B8559D}" = Catalyst Control Center Localization Italian
"{7087B028-5164-4A68-9FD4-05E0E846A6B9}" = Acer Crystal Eye Webcam 2.0.6
"{71B2C49D-2ECC-8C4C-0DF8-76FBFD7804A1}" = Catalyst Control Center Localization German
"{73AB6BF4-C06D-8395-6F72-87F2481DE614}" = Catalyst Control Center Localization Swedish
"{781E64C7-FC5B-2F60-9882-1EF78D586819}" = Catalyst Control Center Localization Chinese Traditional
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{805F40F4-BF12-9054-4348-5ADA0CF77F3D}" = ccc-utility
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B510F99-7B01-CFAE-E38A-EE8EE39DB797}" = Catalyst Control Center Localization Greek
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{9769B84A-8A2E-4517-AFD0-E781180EC277}" = Transcode Server
"{9EFAD767-D3F0-BB77-3E9B-A5B309413A57}" = Catalyst Control Center Localization Russian
"{A101FC46-E7C0-5C41-1410-5248E02CAAE9}" = Catalyst Control Center Localization Polish
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.6
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B2A2514E-AC03-92AA-A1E1-F3A9F057AFB9}" = Catalyst Control Center Localization Dutch
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B9308129-4971-BCF4-A826-987AD611A5ED}" = Catalyst Control Center Localization Turkish
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C7309F41-B01A-E8C9-6BBE-7AEC25D3FA13}" = Catalyst Control Center Localization Chinese Standard
"{CAA2EEB2-BE79-4FA6-3D77-7147E25A0DE9}" = ccc-core-static
"{CB800D0F-80E8-4E79-8423-09908CF1DB07}" = J4600_Basic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D03B4662-6EC5-98D3-CEE9-FC6D149F17EC}" = Catalyst Control Center Localization Spanish
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D6521078-106E-5583-5BF3-031FD2CF4FC4}" = Catalyst Control Center Localization Norwegian
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{E148ABC2-5199-CB3D-04EF-533CFEFFD4B9}" = Catalyst Control Center Localization Czech
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC24097F-F9CF-A7A5-27F5-67DF0E9E27DF}" = Catalyst Control Center Localization Portuguese
"{FFE34BB9-02CD-0328-D578-200ABBFAF746}" = Catalyst Control Center Localization French
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATT-HSI" = ATT-HSI
"Cake Mania 2_is1" = Cake Mania 2
"Free RAR Extract Frog" = Free RAR Extract Frog
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Moleskinsoft Directory Size 2.4_is1" = Moleskinsoft Directory Size 2.4
"New LEGO Digital Designer" = LEGO Digital Designer
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UM-CAM" = UM-CAM 2.204.4ABs
"VLC media player" = VLC media player 1.1.10
"VLC-UnRAR" = VLC UnRAR plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4069822483-3685512462-2540206582-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"RockMelt" = RockMelt
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2012 22:07:23 | Computer Name = Judi | Source = LoadPerf | ID = 3011
Description =

Error - 10/3/2012 23:01:28 | Computer Name = Judi | Source = VSS | ID = 12289
Description =

Error - 10/4/2012 00:39:48 | Computer Name = Judi | Source = LoadPerf | ID = 3012
Description =

Error - 10/4/2012 00:39:48 | Computer Name = Judi | Source = LoadPerf | ID = 3011
Description =

Error - 10/4/2012 00:47:35 | Computer Name = Judi | Source = VSS | ID = 12289
Description =

Error - 10/4/2012 01:05:08 | Computer Name = Judi | Source = VSS | ID = 12289
Description =

Error - 10/4/2012 05:52:48 | Computer Name = Judi | Source = LoadPerf | ID = 3012
Description =

Error - 10/4/2012 05:52:48 | Computer Name = Judi | Source = LoadPerf | ID = 3011
Description =

Error - 10/4/2012 21:28:15 | Computer Name = Judi | Source = LoadPerf | ID = 3012
Description =

Error - 10/4/2012 21:28:15 | Computer Name = Judi | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 12/21/2008 00:43:13 | Computer Name = MomsComputer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2009 23:38:46 | Computer Name = MomsComputer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =

Error - 1/6/2013 23:08:08 | Computer Name = Judi | Source = Service Control Manager | ID = 7001
Description =


< End of report >
================================
and when I tried to run TDSSKiller by clicking on the exe, here's what I get:

Attached Thumbnails

  • TDSSOutput.jpg

  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Please rename TDSSKiller.exe to IExplore.exe and try to run it again.
  • 0

#5
girolamous

girolamous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hmmm, that didn't seem to work very well. I got this popup.

Attached Thumbnails

  • TDSSOutput2.jpg

  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi there,
I am not sure why tdsskiller is doing that, but we can use another tool in it's place.
First off, you are seriously low on available disk space on your system drive.

3.85% Space Free

Windows needs at a minimum %20 to run properly, and %25 is even better. You could get away with %15, but %3 is very very low.
I need you to try and free up some extra space after this fix. I will empty your temp files and folders, so that will free up some space, so let's see what that does, and if it's not enough, I will need you to free up more. You can uninstall programs you don't use any more, move pictures, videos, music to an external drive, or to the D: drive if possible.

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • uTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.


Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\Users\JHELFF~1\AppData\Local\Temp\FES.exe -- (FES)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (00044930)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ED51D3ED
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    :commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

•Internet access
•Windows Update
•Windows Firewall


9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

Step 3
Run OTL
  • Right click on the OTL icon and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In your next reply I would like to see:
  • OTL fix log
  • Tell me what happened with MalwareBytes Anti-Rootkit, did it find anything?
  • New OTL log - there won't be a new extras.txt.
  • How is the computer running at this point?

  • 0

#7
girolamous

girolamous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK, I've been having some problems with the computer because 2 out of 3 times I boot it, it is like molasses, with the mouse freezing for minutes at a time. MBAR found nothing, and it is still happening--a slow, gradual whitening of the display and freeze of all computer functions--downloads, keyboard, mouse.

Will post final OTL output after a close of window.

:

Attached Files


  • 0

#8
girolamous

girolamous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
...and the final OTL scan. Actually, based on the fact that nothing is being found and the symptoms seem to come and go, I'm beginning to think it is a hardware problem. When I whack the display it sometimes clears up and the whole computer comes alive again. I don't know how the display can freeze the computer, but I guess it isn't impossible.

Attached Files

  • Attached File  OTL.Txt   657.14KB   24 downloads

  • 0

#9
girolamous

girolamous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
..and I had to split the OTL file in two due to the large size. Here's the second half.

Attached Files

  • Attached File  OTL2.Txt   719.16KB   24 downloads

  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hello,
You did well clearing up the free space.
You might just be right about this being a hardware issue, but I am still a little concerned about a few other things.

Were you able to run the OTL fix that I had posted? It appears that is was not run, so lets try it one more time, but in a different manner.
Also, in your last OTL scan, you somehow changed the files created within range to all. That's why the logs were so huge, so try not to do that again if possible :)

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Download the attached file (fix.txt) to the same location as OTL - should be on your desktop
Run OTL
  • Click on the Run Fix button
  • A small window will pop up - No fix has been provided!
    Click OK to load it from a file or Cancel
  • Click on the OK button and navigate to your desktop and then to the fix.txt file you just saved, highlight the file, then click the Open button
  • You will see the text appear under the Custom Scan box
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Please delete the copy of TDSSKiller from your desktop then:
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply I would like to see:
  • OTL fix log
  • TDSSkiller log

Attached Files

  • Attached File  fix.txt   1.75KB   33 downloads

  • 0

#11
girolamous

girolamous

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,
This time TDSS Killer worked. It didn't give me a "Cure" option though--the middle selection was "Copy to quarantine" so that is what I did.
Files attached for this and OTL.
Thanks!

Attached Files


  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi,
My instructions were to choose SKIP if there was no CURE available, please try to be more careful following my instructions. Thankfully when you copy to quarantine it only makes a copy. Those were all legitimate drivers, they are just not digitially signed, but it's ok as they are still in place.
In my step 3 make sure to UNCHECK the Remove found threats box, this is important. :)

Let's do another OTL scan, then sweep for any remnants that might be hanging around.
Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt which is saved in the same location as OTL.
  • Post this log in your next response

Step 2
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • OTL custom scan
  • Malwarebytes log file
  • ESET online scan results
  • How is the computer running? Still having the same issues?

  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP