Request to review logs and suggest further actions

Solved
By Kalia
Jan 30, 2013
Topic Status:
Not open for further replies.
  1. Hi everyone,

    Firstly, thanks for creating this forum and for your willingness to help people like me.

    Secondly, please would you take a look at my logs and see if there are any further steps I need to take to make sure my computer is 100% clean. I have followed the preliminary steps and my laptop appears to be back to normal but there may be some damage or hidden problems that I am unaware of right now.

    Just to give some background, 2 days ago I started having a lot of trouble with my internet browsers freezing or taking forever (both IE and Chrome). Then my whole laptop seemed to also become really slow and unresponsive, as if something else was continuously running in the background. I also started getting a microsoft visual c++ runtime error every time I opened IE which I tried to fix but couldn't.

    In case you want to know this, here is the list of everything I've already run on my laptop to clean it: Microsoft Security Essentials, SUPERAntiSpyware, Disk Cleanup, Disk Defragmentor, CCleaner and TFC. I also uninstalled and reinstalled a lot of stuff (browsers, Adobe, Quicktime, Java, etc.).

    Anyway, I finally ended up on your forum, thanks to a recommendation from a friend. I think Malwarebytes solved the problem as IE and Chrome seem okay now. However, being the experts, you will be in the best position to judge whether any further actions still need to be taken. Thanks in advance for your advice. Log reports to follow:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.30.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19393
    Victoria :: VICTORIA-PC [administrator]

    30/01/2013 02:48:15 PM
    mbam-log-2013-01-30 (14-48-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201179
    Time elapsed: 8 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Delete on reboot.

    Registry Keys Detected: 3
    HKCR\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

    Files Detected: 6
    C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Users\Victoria\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc122.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc142455495.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc212.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.11.2
    Run by Victoria at 15:15:23 on 2013-01-30
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.27.1033.18.2037.896 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Windows\system32\taskeng.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://en.za.acer.yahoo.com
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
    BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
    BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: ToggleEN Toolbar: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\toggleen\tbTogg.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{C9229021-9F92-4352-92BF-F463B884B299} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= eNetHook.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-30 21504]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    SUnknown jmrstvco;jmrstvco; [x]
    SUnknown rmobehni;rmobehni; [x]
    .
    =============== Created Last 30 ================
    .
    2013-01-30 13:46:5321104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Deployment
    2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Apps
    2013-01-30 13:14:03--------d-----w-c:\users\victoria\Facebook & Linkedin
    2013-01-30 10:33:41--------d-----w-c:\programdata\Package Cache
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-01-30 07:26:36--------d-----w-c:\programdata\AVG January 2013 Campaign
    2013-01-29 22:41:2594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-01-29 22:22:59740840----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{3904eadf-04cb-486b-9cc0-3ba8bc02e24e}\gapaengine.dll
    2013-01-29 22:22:29--------d-----w-c:\users\victoria\appdata\roaming\AVG2013
    2013-01-29 22:21:26--------d-----w-c:\users\victoria\appdata\roaming\TuneUp Software
    2013-01-29 22:20:08--------d--h--w-C:\$AVG
    2013-01-29 22:20:02--------d-----w-c:\programdata\AVG2013
    2013-01-29 22:18:34--------d-----w-c:\program files\AVG
    2013-01-29 22:16:196991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{a725e6b5-edf1-4772-89d5-2c91c9fdc842}\mpengine.dll
    2013-01-29 21:56:31--------d--h--w-c:\programdata\Common Files
    2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\MFAData
    2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\Avg2013
    2013-01-29 21:56:31--------d-----w-c:\programdata\MFAData
    2013-01-29 21:48:38--------d-----w-c:\windows\system32\Adobe
    2013-01-29 21:47:4474248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-29 21:47:44697864----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-01-29 16:01:136991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-29 15:45:4369464----a-w-c:\windows\system32\XAPOFX1_3.dll
    2013-01-29 15:45:43515416----a-w-c:\windows\system32\XAudio2_5.dll
    2013-01-29 15:45:42453456----a-w-c:\windows\system32\d3dx10_42.dll
    2013-01-29 15:45:1389944----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DSETUP.dll
    2013-01-29 15:45:13537432----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DXSETUP.exe
    2013-01-29 15:45:131801048----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\dsetup32.dll
    2013-01-29 15:45:08525656----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DXSETUP.exe
    2013-01-29 15:45:081691480----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\dsetup32.dll
    2013-01-29 15:45:0794040----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DSETUP.dll
    2013-01-29 15:43:386260088----a-w-c:\program files\common files\windows live\.cache\665b90641cdfe3717\Silverlight.4.0.exe
    2013-01-29 15:40:27--------d-----w-c:\users\victoria\appdata\local\Windows Live
    2013-01-29 15:40:23--------d-----w-c:\program files\common files\Windows Live
    2013-01-29 15:39:20754688----a-w-c:\windows\system32\webservices.dll
    2013-01-29 15:11:019728----a-w-c:\windows\system32\Wdfres.dll
    2013-01-29 15:10:4866560----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2013-01-29 15:10:48155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2013-01-29 15:10:4716896----a-w-c:\windows\system32\winusb.dll
    2013-01-29 15:10:4673216----a-w-c:\windows\system32\WUDFSvc.dll
    2013-01-29 15:10:46172032----a-w-c:\windows\system32\WUDFPlatform.dll
    2013-01-29 15:10:4547720----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2013-01-29 15:10:44526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2013-01-29 15:10:4238912----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2013-01-29 15:10:42196608----a-w-c:\windows\system32\WUDFHost.exe
    2013-01-29 15:10:41613888----a-w-c:\windows\system32\WUDFx.dll
    2013-01-29 15:04:1534304----a-w-c:\windows\system32\atmlib.dll
    2013-01-29 15:04:15293376----a-w-c:\windows\system32\atmfd.dll
    2013-01-29 15:02:56204288----a-w-c:\windows\system32\ncrypt.dll
    2013-01-29 15:02:1575776----a-w-c:\windows\system32\synceng.dll
    2013-01-29 15:00:481638912----a-w-c:\windows\system32\mshtml.tlb
    2013-01-29 15:00:462048000----a-w-c:\windows\system32\win32k.sys
    2013-01-29 15:00:40985088----a-w-c:\windows\system32\crypt32.dll
    2013-01-29 15:00:4098304----a-w-c:\windows\system32\cryptnet.dll
    2013-01-29 15:00:40133120----a-w-c:\windows\system32\cryptsvc.dll
    2013-01-29 15:00:331400832----a-w-c:\windows\system32\msxml6.dll
    2013-01-29 15:00:282048----a-w-c:\windows\system32\tzres.dll
    2013-01-29 15:00:22224640----a-w-c:\windows\system32\drivers\volsnap.sys
    2013-01-29 15:00:21172544----a-w-c:\windows\system32\wintrust.dll
    2013-01-29 15:00:19376320----a-w-c:\windows\system32\dpnet.dll
    2013-01-29 15:00:1923040----a-w-c:\windows\system32\dpnsvr.exe
    2013-01-29 14:51:523602816----a-w-c:\windows\system32\ntkrnlpa.exe
    2013-01-29 14:51:513550080----a-w-c:\windows\system32\ntoskrnl.exe
    2013-01-25 16:59:04--------d-----w-c:\programdata\4fa8d23e-337f-4214-ac6b-90752bc9623d
    2013-01-25 16:58:51--------d-----w-c:\programdata\Windows
    2013-01-05 17:19:52--------d-----w-c:\program files\uTorrent
    2013-01-05 17:17:48--------d-----w-c:\users\victoria\appdata\roaming\uTorrent
    .
    ==================== Find3M ====================
    .
    2013-01-29 22:40:23859552----a-w-c:\windows\system32\npDeployJava1.dll
    2013-01-29 22:40:23780192----a-w-c:\windows\system32\deployJava1.dll
    2012-11-09 10:42:46916992----a-w-c:\windows\system32\wininet.dll
    2012-11-09 10:37:1443520----a-w-c:\windows\system32\licmgr10.dll
    2012-11-09 10:36:431469440----a-w-c:\windows\system32\inetcpl.cpl
    2012-11-09 10:36:2871680----a-w-c:\windows\system32\iesetup.dll
    2012-11-09 10:36:28109056----a-w-c:\windows\system32\iesysprep.dll
    2012-11-09 09:01:43385024----a-w-c:\windows\system32\html.iec
    2012-11-09 07:13:56133632----a-w-c:\windows\system32\ieUnatt.exe
    .
    ============= FINISH: 15:16:31.68 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/03/2007 09:58:33 AM
    System Uptime: 30/01/2013 03:07:04 PM (0 hours ago)
    .
    Motherboard: Acer, Inc. | | Prespa1
    Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U2E1 | 1866/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 52 GiB total, 15.459 GiB free.
    D: is FIXED (NTFS) - 52 GiB total, 51.747 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 8 GiB total, 2.863 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    32 Bit HP CIO Components Installer
    Acer Arcade
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Acer Tour
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Apple Application Support
    Apple Software Update
    AVG 2013
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    CCleaner
    Copy
    CopyTrans Suite Remove Only
    D3DX10
    DataTools
    Destination Component
    DeviceDiscovery
    DocProc
    Fax
    Google Chrome
    Google Earth
    Google Update Helper
    GoToAssist Corporate
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Smart Web Printing
    HP Solution Center 9.0
    HPProductAssistant
    Information Service
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 11
    K-Lite Codec Pack 5.1.0 (Basic)
    Launch Manager
    LightScribe 1.4.136.1
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    MSVC80_x86
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NinjaTrader 7
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    OGA Notifier 2.0.0048.0
    OpenOffice.org Installer 1.0
    Performance Optimizer
    Premium Data
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    QuickTime
    Realtek High Definition Audio Driver
    SaxoTrader 2
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Segoe UI
    Skype™ 3.8
    SolutionCenter
    Status
    SUPERAntiSpyware
    swMSM
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    ToggleEN Toolbar
    Toolbox
    Trader Workstation 4.0
    TrayApp
    TWS Demo
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.0.5
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live OneCare safety scanner
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR archiver
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  3. Kalia

    Kalia Newcomer, in training Topic Starter

    Thank you so much for your help.

    I have done the TDSSKiller scan and will attach the text file as it seems quite large. There were objects detected but no “cure” option (just skip, delete and move to quarantine). I chose “skip” because I wasn't sure about “move to quarantine” and you said to definitely not select “delete”. Hope that’s okay?

    The RogueKiller reports are pasted below:

    RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Victoria [Admin rights]
    Mode : Scan -- Date : 01/30/2013 18:34:01
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Tr.Karagany][FOLDER] plugs : C:\Users\Victoria\AppData\Roaming\Adobe\plugs --> FOUND
    [Tr.Karagany][FOLDER] shed : C:\Users\Victoria\AppData\Roaming\Adobe\shed --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> F:\windows\system32\config\SOFTWARE
    -> F:\windows\system32\config\SYSTEM
    -> F:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
    --- User ---
    [MBR] 1b23a337d103de0e926d1522583d0157
    [BSP] a4546f4f824474bb9fc50b391b529cd0 : Acer tatooed MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
    1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 16370235 | Size: 53395 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 125724690 | Size: 53081 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01302013_02d1834.txt >>
    RKreport[1]_S_01302013_02d1834.txt


    RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Victoria [Admin rights]
    Mode : Remove -- Date : 01/30/2013 18:37:25
    | ARK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> DELETED
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> ERROR
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Tr.Karagany][FOLDER] ROOT : C:\Users\Victoria\AppData\Roaming\Adobe\plugs --> REMOVED
    [Tr.Karagany][FOLDER] ROOT : C:\Users\Victoria\AppData\Roaming\Adobe\shed --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> F:\windows\system32\config\SOFTWARE
    -> F:\windows\system32\config\SYSTEM
    -> F:\Users\Default\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
    --- User ---
    [MBR] 1b23a337d103de0e926d1522583d0157
    [BSP] a4546f4f824474bb9fc50b391b529cd0 : Acer tatooed MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
    1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 16370235 | Size: 53395 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 125724690 | Size: 53081 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_01302013_02d1837.txt >>
    RKreport[1]_S_01302013_02d1834.txt ; RKreport[2]_D_01302013_02d1837.txt
    RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Victoria [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/30/2013 18:38:35
    | ARK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> F:\windows\system32\config\SOFTWARE
    -> F:\windows\system32\config\SYSTEM
    -> F:\Users\Default\NTUSER.DAT
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 4 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 99 / Fail 0
    My documents: Success 6 / Fail 6
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 69 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped
    [F:] \Device\HarddiskVolume1 -- 0x3 --> Restored
    Finished : << RKreport[3]_SC_01302013_02d1838.txt >>
    RKreport[1]_S_01302013_02d1834.txt ; RKreport[2]_D_01302013_02d1837.txt ; RKreport[3]_SC_01302013_02d1838.txt

    Attached Files:

  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work!

    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  5. Kalia

    Kalia Newcomer, in training Topic Starter

    Thank you once again DragonMaster Jay for the very clear instructions. Please find pasted below the 4 log files:


    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org

    Database version: v2013.02.01.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19393
    Victoria :: VICTORIA-PC [administrator]

    01/02/2013 03:05:50 PM
    mbar-log-2013-02-01 (15-05-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 26399
    Time elapsed: 21 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org

    Database version: v2013.02.01.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19393
    Victoria :: VICTORIA-PC [administrator]

    01/02/2013 04:05:02 PM
    mbar-log-2013-02-01 (16-05-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 26382
    Time elapsed: 13 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    # AdwCleaner v2.109 - Logfile created 02/01/2013 at 16:13:11
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # User : Victoria - VICTORIA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Victoria\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\ToggleEN
    Folder Deleted : C:\Users\Victoria\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Victoria\AppData\LocalLow\ToggleEN

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\ToggleEN
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToggleEN Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleEN Toolbar
    Key Deleted : HKLM\Software\ToggleEN
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{038CB5C7-48EA-4AF9-94E0-A1646542E62B}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{038CB5C7-48EA-4AF9-94E0-A1646542E62B}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{038CB5C7-48EA-4AF9-94E0-A1646542E62B}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.19393

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3293 octets] - [01/02/2013 16:13:11]

    ########## EOF - C:\AdwCleaner[S1].txt - [3353 octets] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.5.8 (01.31.2013:1)
    OS: Windows Vista (TM) Home Basic x86
    Ran by Victoria on 01/02/2013 at 16:25:08.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01/02/2013 at 16:28:18.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome!

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  7. Kalia

    Kalia Newcomer, in training Topic Starter

    The OTL log is pasted below:

    OTL logfile created on: 03/02/2013 02:28:16 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Victoria\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19393)
    Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.69% Memory free
    4.21 Gb Paging File | 3.09 Gb Available in Paging File | 73.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 52.14 Gb Total Space | 16.97 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
    Drive D: | 51.84 Gb Total Space | 51.32 Gb Free Space | 99.00% Space Free | Partition Type: NTFS
    Drive F: | 7.81 Gb Total Space | 2.52 Gb Free Space | 32.34% Space Free | Partition Type: NTFS

    Computer Name: VICTORIA-PC | User Name: Victoria | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/03 14:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/12/14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/04/18 11:30:59 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    PRC - [2007/01/09 09:56:18 | 000,254,014 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    PRC - [2007/01/09 09:56:18 | 000,114,748 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    PRC - [2007/01/09 09:55:38 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    PRC - [2007/01/03 03:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    PRC - [2007/01/03 01:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/01/02 18:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2006/12/29 05:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2006/12/22 23:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2006/11/24 21:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2006/11/06 02:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


    ========== Services (SafeList) ==========

    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/04/11 19:45:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
    SRV - [2008/04/18 11:30:59 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
    SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/09 09:56:18 | 000,254,014 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
    SRV - [2007/01/09 09:56:18 | 000,114,748 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
    SRV - [2007/01/09 09:55:38 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
    SRV - [2007/01/03 03:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/01/03 01:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/01/02 18:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2006/12/29 05:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/12/22 23:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2006/11/24 21:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2008/05/07 08:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/01/13 01:34:30 | 001,728,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
    DRV - [2006/10/06 21:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2006/10/05 04:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/07/06 06:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.za.acer.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{FB133A88-0BBC-4846-AC3E-3286E884DCBC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - Extension: Google Docs = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2007/10/09 12:14:14 | 000,000,709 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.11.2)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9229021-9F92-4352-92BF-F463B884B299}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/03/25 01:44:58 | 000,000,000 | ---D | M] - F:\AUTORUN -- [ NTFS ]
    O33 - MountPoints2\{02667cc9-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{02667ce1-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{02667ce3-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{02667ce4-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/03 14:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
    [2013/02/03 13:42:17 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Documents\EDITING FOR LAURENT
    [2013/02/01 16:24:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/01 16:24:22 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/01 16:24:13 | 000,538,188 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Victoria\Desktop\JRT.exe
    [2013/02/01 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Desktop\mbar-1.01.0.1017 (1)
    [2013/02/01 12:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/01/30 18:48:19 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Desktop\Logs to delete later
    [2013/01/30 15:15:23 | 000,000,000 | R--D | C] -- C:\Users\Victoria\Pictures
    [2013/01/30 14:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/30 14:46:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/30 14:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/30 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Deployment
    [2013/01/30 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Apps
    [2013/01/30 14:14:03 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Facebook & Linkedin
    [2013/01/30 11:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2013/01/30 11:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2013/01/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2013/01/30 08:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
    [2013/01/29 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013/01/29 23:22:29 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\AVG2013
    [2013/01/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\TuneUp Software
    [2013/01/29 23:20:08 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/01/29 23:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013/01/29 23:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\MFAData
    [2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
    [2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Avg2013
    [2013/01/29 22:48:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
    [2013/01/29 16:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2013/01/29 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Windows Live
    [2013/01/29 16:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2013/01/25 17:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\4fa8d23e-337f-4214-ac6b-90752bc9623d
    [2013/01/25 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
    [2013/01/20 15:52:38 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Desktop\OC1 TO OC5 ASSESSMENTS
    [2013/01/17 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2013/01/06 02:28:01 | 000,000,000 | R--D | C] -- C:\Users\Victoria\Searches
    [2013/01/05 18:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2013/01/05 18:17:48 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\uTorrent

    ========== Files - Modified Within 30 Days ==========

    [2013/02/03 14:32:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/03 14:32:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/03 14:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
    [2013/02/03 13:19:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/03 13:19:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/03 11:20:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2013/02/03 11:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/03 02:18:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013/02/02 22:27:39 | 000,645,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/02 22:27:39 | 000,123,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/02 22:27:20 | 000,162,304 | ---- | M] () -- C:\Users\Victoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/02 12:02:17 | 000,002,627 | ---- | M] () -- C:\Users\Victoria\Desktop\Word.lnk
    [2013/02/01 16:42:49 | 000,271,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/01 16:24:22 | 000,538,188 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Victoria\Desktop\JRT.exe
    [2013/02/01 14:41:49 | 013,562,257 | ---- | M] () -- C:\Users\Victoria\Desktop\mbar-1.01.0.1017 (1).zip
    [2013/01/31 17:06:48 | 000,002,585 | ---- | M] () -- C:\Users\Victoria\Desktop\Excel.lnk
    [2013/01/30 14:29:40 | 000,002,534 | --S- | M] () -- C:\ProgramData\8d9e70e4-5626-4d5c-a7a8-d35b6171e246
    [2013/01/30 14:29:00 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/29 21:35:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/01/28 20:00:00 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Victoria.job
    [2013/01/28 13:00:20 | 000,437,061 | ---- | M] () -- C:\Users\Victoria\Desktop\Vortex DDQ January 2013.pdf
    [2013/01/26 01:25:43 | 001,013,693 | ---- | M] () -- C:\Users\Victoria\Desktop\Tail_risk_management_A4.pdf
    [2013/01/23 12:47:02 | 000,012,778 | ---- | M] () -- C:\Users\Victoria\Email signature.jpg
    [2013/01/07 12:43:41 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\{85A24A32-5495-41BF-9061-354D2481987B}.job
    [2013/01/06 17:25:59 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
    [2013/01/06 17:25:42 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/06 02:23:44 | 000,000,122 | ---- | M] () -- C:\Windows\TLTitleData.ini
    [2013/01/05 19:23:24 | 000,001,289 | ---- | M] () -- C:\Users\Victoria\Desktop\CopyTrans Control Center.lnk
    [2013/01/05 18:19:58 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

    ========== Files Created - No Company Name ==========

    [2013/02/01 14:41:33 | 013,562,257 | ---- | C] () -- C:\Users\Victoria\Desktop\mbar-1.01.0.1017 (1).zip
    [2013/01/30 14:29:00 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/01/30 14:27:34 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/30 14:27:32 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/30 14:12:12 | 000,012,778 | ---- | C] () -- C:\Users\Victoria\Email signature.jpg
    [2013/01/30 10:57:38 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2013/01/29 16:11:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013/01/29 16:11:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013/01/28 13:00:18 | 000,437,061 | ---- | C] () -- C:\Users\Victoria\Desktop\Vortex DDQ January 2013.pdf
    [2013/01/26 01:25:40 | 001,013,693 | ---- | C] () -- C:\Users\Victoria\Desktop\Tail_risk_management_A4.pdf
    [2013/01/25 17:29:14 | 000,002,534 | --S- | C] () -- C:\ProgramData\8d9e70e4-5626-4d5c-a7a8-d35b6171e246
    [2013/01/07 12:43:41 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\{85A24A32-5495-41BF-9061-354D2481987B}.job
    [2013/01/06 17:25:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2013/01/05 18:19:58 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2012/02/21 22:16:25 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012/02/14 08:34:22 | 000,000,008 | R--- | C] () -- C:\Users\Victoria\hwid
    [2012/02/14 08:33:02 | 000,000,044 | ---- | C] () -- C:\Windows\ib.ini
    [2012/02/14 08:32:55 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
    [2012/02/14 08:29:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
    [2010/02/09 13:35:04 | 000,001,356 | ---- | C] () -- C:\Users\Victoria\AppData\Local\d3d9caps.dat
    [2008/01/01 16:47:21 | 000,162,304 | ---- | C] () -- C:\Users\Victoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/03 22:08:06 | 000,024,206 | ---- | C] () -- C:\Users\Victoria\AppData\Roaming\UserTile.png

    ========== ZeroAccess Check ==========

    [2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/01/29 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\AVG2013
    [2009/09/30 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\CopyTrans
    [2009/11/10 08:59:40 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Image Zone Express
    [2009/02/08 15:57:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\InterVideo
    [2009/10/16 01:17:35 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Nokia
    [2009/03/22 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Opera
    [2008/01/01 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\PC Suite
    [2007/12/03 22:08:06 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\PeerNetworking
    [2009/11/10 08:59:40 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Printer Info Cache
    [2012/02/13 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Saxo Bank
    [2012/04/17 14:33:15 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Trading Applications
    [2013/01/29 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\TuneUp Software
    [2008/06/02 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Uniblue
    [2013/01/27 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\uTorrent
    [2007/09/04 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Vodafone
    [2009/09/30 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\WindSolutions

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
  8. Kalia

    Kalia Newcomer, in training Topic Starter

    Just noticed that there was an extra log from OTL:

    OTL Extras logfile created on: 03/02/2013 02:28:16 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Victoria\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19393)
    Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.69% Memory free
    4.21 Gb Paging File | 3.09 Gb Available in Paging File | 73.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 52.14 Gb Total Space | 16.97 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
    Drive D: | 51.84 Gb Total Space | 51.32 Gb Free Space | 99.00% Space Free | Partition Type: NTFS
    Drive F: | 7.81 Gb Total Space | 2.52 Gb Free Space | 32.34% Space Free | Partition Type: NTFS

    Computer Name: VICTORIA-PC | User Name: Victoria | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- Reg Error: Value error.
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6DC72925-D5C2-4248-9A6A-16F1B314E197}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{8756D201-C51C-4766-9352-69EC47714A6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0067B1A6-300B-4B52-AC3A-4E8869EAECDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1A4DE779-7C74-479B-9C20-080B3F820364}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{2538EF31-9E81-470E-B43B-DB661BB290F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{450C38DE-1C2C-471F-98DF-6006243E6151}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{46E9A3EE-316D-4EE3-9A01-BB1CFFFBC406}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5FFE78A1-60CB-486E-A7CE-5023D86CEB7D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{78368A6A-54C7-4EB8-9303-2AD8E2CA9BB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{7D7A4982-6C15-447C-A261-6E615320E066}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{7FBF491D-CC23-4986-AD72-0DEEE225F69F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{B3DCBFC9-430D-4E76-90DC-8D182113FB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CFD21AE9-D50C-423D-BE9E-64204DDF2EB4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{DC2D74EB-5A73-4CCC-A9C6-6238EE4CED3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{E0FE6613-036C-415A-91B8-2588BAA065DD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{EFA813B2-020B-4177-8477-859472C2C6DE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{F5B25C73-7B92-45AA-BDE6-630B90979503}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "TCP Query User{18F5B960-252F-4F04-9AE6-3CCA84EDB4EF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{592D268A-906B-44EC-A98C-6EBEE3AAEFAF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{80825CD5-3133-478C-957A-145CED3277A3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{898F9784-2FA0-47CC-8375-4B540F3A06AD}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
    "UDP Query User{167BD177-EA93-4F54-8FF1-E72E2E1E3DF8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{9E2E6CDE-8166-4D10-831B-8C257A5003DA}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
    "UDP Query User{B05A4287-BBBB-4AAD-8160-2F0654A66263}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{C5DA6F98-146E-4DBC-BAAB-4FB0DC9B3271}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{024D66E9-D50C-44A7-92B4-2DFDDD95D228}" = SaxoTrader 2
    "{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{13E613EF-BB55-11D9-9D77-000129760D75}" =
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
    "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3f8b1f23-7c9e-4842-9b00-f9923710db0f}.sdb" = Performance Optimizer
    "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62369F2F77534556AEF4C58152E3BDE5}" =
    "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
    "{8ADC27DB-E2C8-446C-A576-166C05C2DD24}" =
    "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{C366F3D6-0020-4A35-97E2-0A9B3145B805}" = NinjaTrader 7
    "{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F37167DD-4436-4641-90B6-329D60632DDA}" = Information Service
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{FC4F90EC-B1DA-11D9-9D77-000129760D75}" =
    "{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "AddressBook" =
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "ClientIDS" =
    "Connection Manager" =
    "DirectDrawEx" =
    "DXM_Runtime" =
    "Famous Museums of Europe Vol. 1" =
    "Famous Museums of Europe Vol. 2" =
    "Fontcore" =
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist Corporate
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPOCR" = HP OCR Software 9.0
    "IE40" =
    "IE4Data" =
    "IE5BAKEX" =
    "IEData" =
    "InstallShield Uninstall Information" =
    "InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
    "LManager" = Launch Manager
    "Louvre" =
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "MobileOptionPack" =
    "MPlayer2" =
    "SchedulingAgent" =
    "SymcData-idsdefs" =
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "The Louvre vol. III" =
    "Trader Workstation 4.0" = Trader Workstation 4.0
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.5
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "DataTools" = DataTools
    "DataUpdater" = Premium Data
    "TWS Demo" = TWS Demo

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 02/02/2013 09:12:39 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 02/02/2013 08:44:59 PM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:04 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:04 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:05 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:05 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
    Description =

    [ OSession Events ]
    Error - 07/01/2013 02:29:23 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1002
    seconds with 720 seconds of active time. This session ended with a crash.

    Error - 08/01/2013 04:40:38 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 08/01/2013 09:16:34 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3803
    seconds with 660 seconds of active time. This session ended with a crash.

    Error - 09/01/2013 02:14:45 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25802
    seconds with 9900 seconds of active time. This session ended with a crash.

    Error - 10/01/2013 08:58:54 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 12/01/2013 11:40:20 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12362
    seconds with 5760 seconds of active time. This session ended with a crash.

    Error - 22/01/2013 09:32:29 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 238
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 27/01/2013 06:28:21 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 29/01/2013 06:50:57 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 688
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 30/01/2013 07:26:07 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 943
    seconds with 480 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 01/02/2013 01:23:53 PM | Computer Name = Victoria-PC | Source = DCOM | ID = 10010
    Description =

    Error - 01/02/2013 08:59:08 PM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 02/02/2013 06:38:44 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 02/02/2013 06:38:44 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 02/02/2013 06:38:44 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 02/02/2013 09:17:36 PM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 03/02/2013 06:20:28 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 03/02/2013 06:20:28 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 03/02/2013 06:20:28 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 03/02/2013 07:13:30 AM | Computer Name = Victoria-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  10. Kalia

    Kalia Newcomer, in training Topic Starter

    Thanks for these. Please find below the 2 logs.

    Otherwise I'm happy to report that I'm not experiencing any problems with my computer.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667cc9-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667cc9-2ff8-11dd-bc21-001b24073c28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667ce1-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667ce1-2ff8-11dd-bc21-001b24073c28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667ce3-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667ce3-2ff8-11dd-bc21-001b24073c28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667ce4-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667ce4-2ff8-11dd-bc21-001b24073c28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0668bd0e-616a-11de-b29f-001b24073c28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Victoria\Desktop\cmd.bat deleted successfully.
    C:\Users\Victoria\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Victoria
    ->Temp folder emptied: 8262 bytes
    ->Temporary Internet Files folder emptied: 49554 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8010910 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 57016 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 8.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02042013_194707

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\sqlite_h0CyVAupmYlJjg6 not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    C:\Users\Victoria\Downloads\DownloadManagerSetup.exea variant of Win32/InstallCore.BB applicationcleaned by deleting - quarantined
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  12. Kalia

    Kalia Newcomer, in training Topic Starter

    That's good to hear! Here's the Security Check log:

    Results of screen317's Security Check version 0.99.57
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2013
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Java 7 Update 11
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Ad-Aware AAWService.exe
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Empowering Technology eSettings Service capuserv.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
  14. Kalia

    Kalia Newcomer, in training Topic Starter

    No, it's fine, you can close the topic. Thank you so much for all your help - it's much appreciated!
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome! :D Glad to help.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.