Kalia
Posts: 8 +0
Hi everyone,
Firstly, thanks for creating this forum and for your willingness to help people like me.
Secondly, please would you take a look at my logs and see if there are any further steps I need to take to make sure my computer is 100% clean. I have followed the preliminary steps and my laptop appears to be back to normal but there may be some damage or hidden problems that I am unaware of right now.
Just to give some background, 2 days ago I started having a lot of trouble with my internet browsers freezing or taking forever (both IE and Chrome). Then my whole laptop seemed to also become really slow and unresponsive, as if something else was continuously running in the background. I also started getting a microsoft visual c++ runtime error every time I opened IE which I tried to fix but couldn't.
In case you want to know this, here is the list of everything I've already run on my laptop to clean it: Microsoft Security Essentials, SUPERAntiSpyware, Disk Cleanup, Disk Defragmentor, CCleaner and TFC. I also uninstalled and reinstalled a lot of stuff (browsers, Adobe, Quicktime, Java, etc.).
Anyway, I finally ended up on your forum, thanks to a recommendation from a friend. I think Malwarebytes solved the problem as IE and Chrome seem okay now. However, being the experts, you will be in the best position to judge whether any further actions still need to be taken. Thanks in advance for your advice. Log reports to follow:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.30.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Victoria :: VICTORIA-PC [administrator]
30/01/2013 02:48:15 PM
mbam-log-2013-01-30 (14-48-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201179
Time elapsed: 8 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Delete on reboot.
Registry Keys Detected: 3
HKCR\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Files Detected: 6
C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc122.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc142455495.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc212.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.11.2
Run by Victoria at 15:15:23 on 2013-01-30
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.27.1033.18.2037.896 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://en.za.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ToggleEN Toolbar: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\toggleen\tbTogg.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C9229021-9F92-4352-92BF-F463B884B299} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= eNetHook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-30 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown jmrstvco;jmrstvco; [x]
SUnknown rmobehni;rmobehni; [x]
.
=============== Created Last 30 ================
.
2013-01-30 13:46:5321104----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Deployment
2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Apps
2013-01-30 13:14:03--------d-----w-c:\users\victoria\Facebook & Linkedin
2013-01-30 10:33:41--------d-----w-c:\programdata\Package Cache
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-30 07:26:36--------d-----w-c:\programdata\AVG January 2013 Campaign
2013-01-29 22:41:2594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-01-29 22:22:59740840----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{3904eadf-04cb-486b-9cc0-3ba8bc02e24e}\gapaengine.dll
2013-01-29 22:22:29--------d-----w-c:\users\victoria\appdata\roaming\AVG2013
2013-01-29 22:21:26--------d-----w-c:\users\victoria\appdata\roaming\TuneUp Software
2013-01-29 22:20:08--------d--h--w-C:\$AVG
2013-01-29 22:20:02--------d-----w-c:\programdata\AVG2013
2013-01-29 22:18:34--------d-----w-c:\program files\AVG
2013-01-29 22:16:196991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{a725e6b5-edf1-4772-89d5-2c91c9fdc842}\mpengine.dll
2013-01-29 21:56:31--------d--h--w-c:\programdata\Common Files
2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\MFAData
2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\Avg2013
2013-01-29 21:56:31--------d-----w-c:\programdata\MFAData
2013-01-29 21:48:38--------d-----w-c:\windows\system32\Adobe
2013-01-29 21:47:4474248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-29 21:47:44697864----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-01-29 16:01:136991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-29 15:45:4369464----a-w-c:\windows\system32\XAPOFX1_3.dll
2013-01-29 15:45:43515416----a-w-c:\windows\system32\XAudio2_5.dll
2013-01-29 15:45:42453456----a-w-c:\windows\system32\d3dx10_42.dll
2013-01-29 15:45:1389944----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DSETUP.dll
2013-01-29 15:45:13537432----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DXSETUP.exe
2013-01-29 15:45:131801048----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\dsetup32.dll
2013-01-29 15:45:08525656----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DXSETUP.exe
2013-01-29 15:45:081691480----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\dsetup32.dll
2013-01-29 15:45:0794040----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DSETUP.dll
2013-01-29 15:43:386260088----a-w-c:\program files\common files\windows live\.cache\665b90641cdfe3717\Silverlight.4.0.exe
2013-01-29 15:40:27--------d-----w-c:\users\victoria\appdata\local\Windows Live
2013-01-29 15:40:23--------d-----w-c:\program files\common files\Windows Live
2013-01-29 15:39:20754688----a-w-c:\windows\system32\webservices.dll
2013-01-29 15:11:019728----a-w-c:\windows\system32\Wdfres.dll
2013-01-29 15:10:4866560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2013-01-29 15:10:48155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2013-01-29 15:10:4716896----a-w-c:\windows\system32\winusb.dll
2013-01-29 15:10:4673216----a-w-c:\windows\system32\WUDFSvc.dll
2013-01-29 15:10:46172032----a-w-c:\windows\system32\WUDFPlatform.dll
2013-01-29 15:10:4547720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2013-01-29 15:10:44526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
2013-01-29 15:10:4238912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2013-01-29 15:10:42196608----a-w-c:\windows\system32\WUDFHost.exe
2013-01-29 15:10:41613888----a-w-c:\windows\system32\WUDFx.dll
2013-01-29 15:04:1534304----a-w-c:\windows\system32\atmlib.dll
2013-01-29 15:04:15293376----a-w-c:\windows\system32\atmfd.dll
2013-01-29 15:02:56204288----a-w-c:\windows\system32\ncrypt.dll
2013-01-29 15:02:1575776----a-w-c:\windows\system32\synceng.dll
2013-01-29 15:00:481638912----a-w-c:\windows\system32\mshtml.tlb
2013-01-29 15:00:462048000----a-w-c:\windows\system32\win32k.sys
2013-01-29 15:00:40985088----a-w-c:\windows\system32\crypt32.dll
2013-01-29 15:00:4098304----a-w-c:\windows\system32\cryptnet.dll
2013-01-29 15:00:40133120----a-w-c:\windows\system32\cryptsvc.dll
2013-01-29 15:00:331400832----a-w-c:\windows\system32\msxml6.dll
2013-01-29 15:00:282048----a-w-c:\windows\system32\tzres.dll
2013-01-29 15:00:22224640----a-w-c:\windows\system32\drivers\volsnap.sys
2013-01-29 15:00:21172544----a-w-c:\windows\system32\wintrust.dll
2013-01-29 15:00:19376320----a-w-c:\windows\system32\dpnet.dll
2013-01-29 15:00:1923040----a-w-c:\windows\system32\dpnsvr.exe
2013-01-29 14:51:523602816----a-w-c:\windows\system32\ntkrnlpa.exe
2013-01-29 14:51:513550080----a-w-c:\windows\system32\ntoskrnl.exe
2013-01-25 16:59:04--------d-----w-c:\programdata\4fa8d23e-337f-4214-ac6b-90752bc9623d
2013-01-25 16:58:51--------d-----w-c:\programdata\Windows
2013-01-05 17:19:52--------d-----w-c:\program files\uTorrent
2013-01-05 17:17:48--------d-----w-c:\users\victoria\appdata\roaming\uTorrent
.
==================== Find3M ====================
.
2013-01-29 22:40:23859552----a-w-c:\windows\system32\npDeployJava1.dll
2013-01-29 22:40:23780192----a-w-c:\windows\system32\deployJava1.dll
2012-11-09 10:42:46916992----a-w-c:\windows\system32\wininet.dll
2012-11-09 10:37:1443520----a-w-c:\windows\system32\licmgr10.dll
2012-11-09 10:36:431469440----a-w-c:\windows\system32\inetcpl.cpl
2012-11-09 10:36:2871680----a-w-c:\windows\system32\iesetup.dll
2012-11-09 10:36:28109056----a-w-c:\windows\system32\iesysprep.dll
2012-11-09 09:01:43385024----a-w-c:\windows\system32\html.iec
2012-11-09 07:13:56133632----a-w-c:\windows\system32\ieUnatt.exe
.
============= FINISH: 15:16:31.68 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2007 09:58:33 AM
System Uptime: 30/01/2013 03:07:04 PM (0 hours ago)
.
Motherboard: Acer, Inc. | | Prespa1
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U2E1 | 1866/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 52 GiB total, 15.459 GiB free.
D: is FIXED (NTFS) - 52 GiB total, 51.747 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 8 GiB total, 2.863 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Acer Arcade
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
AVG 2013
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner
Copy
CopyTrans Suite Remove Only
D3DX10
DataTools
Destination Component
DeviceDiscovery
DocProc
Fax
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Smart Web Printing
HP Solution Center 9.0
HPProductAssistant
Information Service
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 11
K-Lite Codec Pack 5.1.0 (Basic)
Launch Manager
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NinjaTrader 7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Performance Optimizer
Premium Data
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
QuickTime
Realtek High Definition Audio Driver
SaxoTrader 2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Skype™ 3.8
SolutionCenter
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
ToggleEN Toolbar
Toolbox
Trader Workstation 4.0
TrayApp
TWS Demo
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.5
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live OneCare safety scanner
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
.
==== End Of File ===========================
Firstly, thanks for creating this forum and for your willingness to help people like me.
Secondly, please would you take a look at my logs and see if there are any further steps I need to take to make sure my computer is 100% clean. I have followed the preliminary steps and my laptop appears to be back to normal but there may be some damage or hidden problems that I am unaware of right now.
Just to give some background, 2 days ago I started having a lot of trouble with my internet browsers freezing or taking forever (both IE and Chrome). Then my whole laptop seemed to also become really slow and unresponsive, as if something else was continuously running in the background. I also started getting a microsoft visual c++ runtime error every time I opened IE which I tried to fix but couldn't.
In case you want to know this, here is the list of everything I've already run on my laptop to clean it: Microsoft Security Essentials, SUPERAntiSpyware, Disk Cleanup, Disk Defragmentor, CCleaner and TFC. I also uninstalled and reinstalled a lot of stuff (browsers, Adobe, Quicktime, Java, etc.).
Anyway, I finally ended up on your forum, thanks to a recommendation from a friend. I think Malwarebytes solved the problem as IE and Chrome seem okay now. However, being the experts, you will be in the best position to judge whether any further actions still need to be taken. Thanks in advance for your advice. Log reports to follow:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.30.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Victoria :: VICTORIA-PC [administrator]
30/01/2013 02:48:15 PM
mbam-log-2013-01-30 (14-48-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201179
Time elapsed: 8 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Delete on reboot.
Registry Keys Detected: 3
HKCR\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Files Detected: 6
C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc122.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc142455495.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc212.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.11.2
Run by Victoria at 15:15:23 on 2013-01-30
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.27.1033.18.2037.896 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://en.za.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ToggleEN Toolbar: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\toggleen\tbTogg.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C9229021-9F92-4352-92BF-F463B884B299} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= eNetHook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-30 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown jmrstvco;jmrstvco; [x]
SUnknown rmobehni;rmobehni; [x]
.
=============== Created Last 30 ================
.
2013-01-30 13:46:5321104----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Deployment
2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Apps
2013-01-30 13:14:03--------d-----w-c:\users\victoria\Facebook & Linkedin
2013-01-30 10:33:41--------d-----w-c:\programdata\Package Cache
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-30 07:26:36--------d-----w-c:\programdata\AVG January 2013 Campaign
2013-01-29 22:41:2594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-01-29 22:22:59740840----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{3904eadf-04cb-486b-9cc0-3ba8bc02e24e}\gapaengine.dll
2013-01-29 22:22:29--------d-----w-c:\users\victoria\appdata\roaming\AVG2013
2013-01-29 22:21:26--------d-----w-c:\users\victoria\appdata\roaming\TuneUp Software
2013-01-29 22:20:08--------d--h--w-C:\$AVG
2013-01-29 22:20:02--------d-----w-c:\programdata\AVG2013
2013-01-29 22:18:34--------d-----w-c:\program files\AVG
2013-01-29 22:16:196991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{a725e6b5-edf1-4772-89d5-2c91c9fdc842}\mpengine.dll
2013-01-29 21:56:31--------d--h--w-c:\programdata\Common Files
2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\MFAData
2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\Avg2013
2013-01-29 21:56:31--------d-----w-c:\programdata\MFAData
2013-01-29 21:48:38--------d-----w-c:\windows\system32\Adobe
2013-01-29 21:47:4474248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-29 21:47:44697864----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-01-29 16:01:136991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-29 15:45:4369464----a-w-c:\windows\system32\XAPOFX1_3.dll
2013-01-29 15:45:43515416----a-w-c:\windows\system32\XAudio2_5.dll
2013-01-29 15:45:42453456----a-w-c:\windows\system32\d3dx10_42.dll
2013-01-29 15:45:1389944----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DSETUP.dll
2013-01-29 15:45:13537432----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DXSETUP.exe
2013-01-29 15:45:131801048----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\dsetup32.dll
2013-01-29 15:45:08525656----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DXSETUP.exe
2013-01-29 15:45:081691480----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\dsetup32.dll
2013-01-29 15:45:0794040----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DSETUP.dll
2013-01-29 15:43:386260088----a-w-c:\program files\common files\windows live\.cache\665b90641cdfe3717\Silverlight.4.0.exe
2013-01-29 15:40:27--------d-----w-c:\users\victoria\appdata\local\Windows Live
2013-01-29 15:40:23--------d-----w-c:\program files\common files\Windows Live
2013-01-29 15:39:20754688----a-w-c:\windows\system32\webservices.dll
2013-01-29 15:11:019728----a-w-c:\windows\system32\Wdfres.dll
2013-01-29 15:10:4866560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2013-01-29 15:10:48155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2013-01-29 15:10:4716896----a-w-c:\windows\system32\winusb.dll
2013-01-29 15:10:4673216----a-w-c:\windows\system32\WUDFSvc.dll
2013-01-29 15:10:46172032----a-w-c:\windows\system32\WUDFPlatform.dll
2013-01-29 15:10:4547720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2013-01-29 15:10:44526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
2013-01-29 15:10:4238912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2013-01-29 15:10:42196608----a-w-c:\windows\system32\WUDFHost.exe
2013-01-29 15:10:41613888----a-w-c:\windows\system32\WUDFx.dll
2013-01-29 15:04:1534304----a-w-c:\windows\system32\atmlib.dll
2013-01-29 15:04:15293376----a-w-c:\windows\system32\atmfd.dll
2013-01-29 15:02:56204288----a-w-c:\windows\system32\ncrypt.dll
2013-01-29 15:02:1575776----a-w-c:\windows\system32\synceng.dll
2013-01-29 15:00:481638912----a-w-c:\windows\system32\mshtml.tlb
2013-01-29 15:00:462048000----a-w-c:\windows\system32\win32k.sys
2013-01-29 15:00:40985088----a-w-c:\windows\system32\crypt32.dll
2013-01-29 15:00:4098304----a-w-c:\windows\system32\cryptnet.dll
2013-01-29 15:00:40133120----a-w-c:\windows\system32\cryptsvc.dll
2013-01-29 15:00:331400832----a-w-c:\windows\system32\msxml6.dll
2013-01-29 15:00:282048----a-w-c:\windows\system32\tzres.dll
2013-01-29 15:00:22224640----a-w-c:\windows\system32\drivers\volsnap.sys
2013-01-29 15:00:21172544----a-w-c:\windows\system32\wintrust.dll
2013-01-29 15:00:19376320----a-w-c:\windows\system32\dpnet.dll
2013-01-29 15:00:1923040----a-w-c:\windows\system32\dpnsvr.exe
2013-01-29 14:51:523602816----a-w-c:\windows\system32\ntkrnlpa.exe
2013-01-29 14:51:513550080----a-w-c:\windows\system32\ntoskrnl.exe
2013-01-25 16:59:04--------d-----w-c:\programdata\4fa8d23e-337f-4214-ac6b-90752bc9623d
2013-01-25 16:58:51--------d-----w-c:\programdata\Windows
2013-01-05 17:19:52--------d-----w-c:\program files\uTorrent
2013-01-05 17:17:48--------d-----w-c:\users\victoria\appdata\roaming\uTorrent
.
==================== Find3M ====================
.
2013-01-29 22:40:23859552----a-w-c:\windows\system32\npDeployJava1.dll
2013-01-29 22:40:23780192----a-w-c:\windows\system32\deployJava1.dll
2012-11-09 10:42:46916992----a-w-c:\windows\system32\wininet.dll
2012-11-09 10:37:1443520----a-w-c:\windows\system32\licmgr10.dll
2012-11-09 10:36:431469440----a-w-c:\windows\system32\inetcpl.cpl
2012-11-09 10:36:2871680----a-w-c:\windows\system32\iesetup.dll
2012-11-09 10:36:28109056----a-w-c:\windows\system32\iesysprep.dll
2012-11-09 09:01:43385024----a-w-c:\windows\system32\html.iec
2012-11-09 07:13:56133632----a-w-c:\windows\system32\ieUnatt.exe
.
============= FINISH: 15:16:31.68 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2007 09:58:33 AM
System Uptime: 30/01/2013 03:07:04 PM (0 hours ago)
.
Motherboard: Acer, Inc. | | Prespa1
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U2E1 | 1866/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 52 GiB total, 15.459 GiB free.
D: is FIXED (NTFS) - 52 GiB total, 51.747 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 8 GiB total, 2.863 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Acer Arcade
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
AVG 2013
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner
Copy
CopyTrans Suite Remove Only
D3DX10
DataTools
Destination Component
DeviceDiscovery
DocProc
Fax
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Smart Web Printing
HP Solution Center 9.0
HPProductAssistant
Information Service
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 11
K-Lite Codec Pack 5.1.0 (Basic)
Launch Manager
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NinjaTrader 7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Performance Optimizer
Premium Data
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
QuickTime
Realtek High Definition Audio Driver
SaxoTrader 2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Skype™ 3.8
SolutionCenter
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
ToggleEN Toolbar
Toolbox
Trader Workstation 4.0
TrayApp
TWS Demo
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.5
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live OneCare safety scanner
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
.
==== End Of File ===========================