Solved Request to review logs and suggest further actions

Status
Not open for further replies.

Kalia

Posts: 8   +0
Hi everyone,

Firstly, thanks for creating this forum and for your willingness to help people like me.

Secondly, please would you take a look at my logs and see if there are any further steps I need to take to make sure my computer is 100% clean. I have followed the preliminary steps and my laptop appears to be back to normal but there may be some damage or hidden problems that I am unaware of right now.

Just to give some background, 2 days ago I started having a lot of trouble with my internet browsers freezing or taking forever (both IE and Chrome). Then my whole laptop seemed to also become really slow and unresponsive, as if something else was continuously running in the background. I also started getting a microsoft visual c++ runtime error every time I opened IE which I tried to fix but couldn't.

In case you want to know this, here is the list of everything I've already run on my laptop to clean it: Microsoft Security Essentials, SUPERAntiSpyware, Disk Cleanup, Disk Defragmentor, CCleaner and TFC. I also uninstalled and reinstalled a lot of stuff (browsers, Adobe, Quicktime, Java, etc.).

Anyway, I finally ended up on your forum, thanks to a recommendation from a friend. I think Malwarebytes solved the problem as IE and Chrome seem okay now. However, being the experts, you will be in the best position to judge whether any further actions still need to be taken. Thanks in advance for your advice. Log reports to follow:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.30.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Victoria :: VICTORIA-PC [administrator]

30/01/2013 02:48:15 PM
mbam-log-2013-01-30 (14-48-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201179
Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Delete on reboot.

Registry Keys Detected: 3
HKCR\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Files Detected: 6
C:\ProgramData\Windows\msdr.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc122.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc142455495.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Adobe\plugs\mmc212.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

(end)


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.11.2
Run by Victoria at 15:15:23 on 2013-01-30
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.27.1033.18.2037.896 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://en.za.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ToggleEN Toolbar: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - c:\program files\toggleen\tbTogg.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C9229021-9F92-4352-92BF-F463B884B299} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= eNetHook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-30 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown jmrstvco;jmrstvco; [x]
SUnknown rmobehni;rmobehni; [x]
.
=============== Created Last 30 ================
.
2013-01-30 13:46:5321104----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Deployment
2013-01-30 13:26:44--------d-----w-c:\users\victoria\appdata\local\Apps
2013-01-30 13:14:03--------d-----w-c:\users\victoria\Facebook & Linkedin
2013-01-30 10:33:41--------d-----w-c:\programdata\Package Cache
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-30 10:06:49159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-30 07:26:36--------d-----w-c:\programdata\AVG January 2013 Campaign
2013-01-29 22:41:2594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-01-29 22:22:59740840----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{3904eadf-04cb-486b-9cc0-3ba8bc02e24e}\gapaengine.dll
2013-01-29 22:22:29--------d-----w-c:\users\victoria\appdata\roaming\AVG2013
2013-01-29 22:21:26--------d-----w-c:\users\victoria\appdata\roaming\TuneUp Software
2013-01-29 22:20:08--------d--h--w-C:\$AVG
2013-01-29 22:20:02--------d-----w-c:\programdata\AVG2013
2013-01-29 22:18:34--------d-----w-c:\program files\AVG
2013-01-29 22:16:196991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{a725e6b5-edf1-4772-89d5-2c91c9fdc842}\mpengine.dll
2013-01-29 21:56:31--------d--h--w-c:\programdata\Common Files
2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\MFAData
2013-01-29 21:56:31--------d-----w-c:\users\victoria\appdata\local\Avg2013
2013-01-29 21:56:31--------d-----w-c:\programdata\MFAData
2013-01-29 21:48:38--------d-----w-c:\windows\system32\Adobe
2013-01-29 21:47:4474248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-29 21:47:44697864----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-01-29 16:01:136991832----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-29 15:45:4369464----a-w-c:\windows\system32\XAPOFX1_3.dll
2013-01-29 15:45:43515416----a-w-c:\windows\system32\XAudio2_5.dll
2013-01-29 15:45:42453456----a-w-c:\windows\system32\d3dx10_42.dll
2013-01-29 15:45:1389944----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DSETUP.dll
2013-01-29 15:45:13537432----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\DXSETUP.exe
2013-01-29 15:45:131801048----a-w-c:\program files\common files\windows live\.cache\9fc3f9a41cdfe371a\dsetup32.dll
2013-01-29 15:45:08525656----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DXSETUP.exe
2013-01-29 15:45:081691480----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\dsetup32.dll
2013-01-29 15:45:0794040----a-w-c:\program files\common files\windows live\.cache\9c50db841cdfe3719\DSETUP.dll
2013-01-29 15:43:386260088----a-w-c:\program files\common files\windows live\.cache\665b90641cdfe3717\Silverlight.4.0.exe
2013-01-29 15:40:27--------d-----w-c:\users\victoria\appdata\local\Windows Live
2013-01-29 15:40:23--------d-----w-c:\program files\common files\Windows Live
2013-01-29 15:39:20754688----a-w-c:\windows\system32\webservices.dll
2013-01-29 15:11:019728----a-w-c:\windows\system32\Wdfres.dll
2013-01-29 15:10:4866560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2013-01-29 15:10:48155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2013-01-29 15:10:4716896----a-w-c:\windows\system32\winusb.dll
2013-01-29 15:10:4673216----a-w-c:\windows\system32\WUDFSvc.dll
2013-01-29 15:10:46172032----a-w-c:\windows\system32\WUDFPlatform.dll
2013-01-29 15:10:4547720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2013-01-29 15:10:44526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
2013-01-29 15:10:4238912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2013-01-29 15:10:42196608----a-w-c:\windows\system32\WUDFHost.exe
2013-01-29 15:10:41613888----a-w-c:\windows\system32\WUDFx.dll
2013-01-29 15:04:1534304----a-w-c:\windows\system32\atmlib.dll
2013-01-29 15:04:15293376----a-w-c:\windows\system32\atmfd.dll
2013-01-29 15:02:56204288----a-w-c:\windows\system32\ncrypt.dll
2013-01-29 15:02:1575776----a-w-c:\windows\system32\synceng.dll
2013-01-29 15:00:481638912----a-w-c:\windows\system32\mshtml.tlb
2013-01-29 15:00:462048000----a-w-c:\windows\system32\win32k.sys
2013-01-29 15:00:40985088----a-w-c:\windows\system32\crypt32.dll
2013-01-29 15:00:4098304----a-w-c:\windows\system32\cryptnet.dll
2013-01-29 15:00:40133120----a-w-c:\windows\system32\cryptsvc.dll
2013-01-29 15:00:331400832----a-w-c:\windows\system32\msxml6.dll
2013-01-29 15:00:282048----a-w-c:\windows\system32\tzres.dll
2013-01-29 15:00:22224640----a-w-c:\windows\system32\drivers\volsnap.sys
2013-01-29 15:00:21172544----a-w-c:\windows\system32\wintrust.dll
2013-01-29 15:00:19376320----a-w-c:\windows\system32\dpnet.dll
2013-01-29 15:00:1923040----a-w-c:\windows\system32\dpnsvr.exe
2013-01-29 14:51:523602816----a-w-c:\windows\system32\ntkrnlpa.exe
2013-01-29 14:51:513550080----a-w-c:\windows\system32\ntoskrnl.exe
2013-01-25 16:59:04--------d-----w-c:\programdata\4fa8d23e-337f-4214-ac6b-90752bc9623d
2013-01-25 16:58:51--------d-----w-c:\programdata\Windows
2013-01-05 17:19:52--------d-----w-c:\program files\uTorrent
2013-01-05 17:17:48--------d-----w-c:\users\victoria\appdata\roaming\uTorrent
.
==================== Find3M ====================
.
2013-01-29 22:40:23859552----a-w-c:\windows\system32\npDeployJava1.dll
2013-01-29 22:40:23780192----a-w-c:\windows\system32\deployJava1.dll
2012-11-09 10:42:46916992----a-w-c:\windows\system32\wininet.dll
2012-11-09 10:37:1443520----a-w-c:\windows\system32\licmgr10.dll
2012-11-09 10:36:431469440----a-w-c:\windows\system32\inetcpl.cpl
2012-11-09 10:36:2871680----a-w-c:\windows\system32\iesetup.dll
2012-11-09 10:36:28109056----a-w-c:\windows\system32\iesysprep.dll
2012-11-09 09:01:43385024----a-w-c:\windows\system32\html.iec
2012-11-09 07:13:56133632----a-w-c:\windows\system32\ieUnatt.exe
.
============= FINISH: 15:16:31.68 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 28/03/2007 09:58:33 AM
System Uptime: 30/01/2013 03:07:04 PM (0 hours ago)
.
Motherboard: Acer, Inc. | | Prespa1
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U2E1 | 1866/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 52 GiB total, 15.459 GiB free.
D: is FIXED (NTFS) - 52 GiB total, 51.747 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 8 GiB total, 2.863 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Acer Arcade
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
AVG 2013
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner
Copy
CopyTrans Suite Remove Only
D3DX10
DataTools
Destination Component
DeviceDiscovery
DocProc
Fax
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Smart Web Printing
HP Solution Center 9.0
HPProductAssistant
Information Service
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 11
K-Lite Codec Pack 5.1.0 (Basic)
Launch Manager
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NinjaTrader 7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Performance Optimizer
Premium Data
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
QuickTime
Realtek High Definition Audio Driver
SaxoTrader 2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Skype™ 3.8
SolutionCenter
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
ToggleEN Toolbar
Toolbox
Trader Workstation 4.0
TrayApp
TWS Demo
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.5
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live OneCare safety scanner
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
Thank you so much for your help.

I have done the TDSSKiller scan and will attach the text file as it seems quite large. There were objects detected but no “cure” option (just skip, delete and move to quarantine). I chose “skip” because I wasn't sure about “move to quarantine” and you said to definitely not select “delete”. Hope that’s okay?

The RogueKiller reports are pasted below:

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Victoria [Admin rights]
Mode : Scan -- Date : 01/30/2013 18:34:01
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Victoria\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Victoria\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 1b23a337d103de0e926d1522583d0157
[BSP] a4546f4f824474bb9fc50b391b529cd0 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 16370235 | Size: 53395 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 125724690 | Size: 53081 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01302013_02d1834.txt >>
RKreport[1]_S_01302013_02d1834.txt


RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Victoria [Admin rights]
Mode : Remove -- Date : 01/30/2013 18:37:25
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> DELETED
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> ERROR
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] ROOT : C:\Users\Victoria\AppData\Roaming\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\Victoria\AppData\Roaming\Adobe\shed --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 1b23a337d103de0e926d1522583d0157
[BSP] a4546f4f824474bb9fc50b391b529cd0 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 7993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 16370235 | Size: 53395 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 125724690 | Size: 53081 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01302013_02d1837.txt >>
RKreport[1]_S_01302013_02d1834.txt ; RKreport[2]_D_01302013_02d1837.txt
RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Victoria [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/30/2013 18:38:35
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 99 / Fail 0
My documents: Success 6 / Fail 6
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 69 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume1 -- 0x3 --> Restored
Finished : << RKreport[3]_SC_01302013_02d1838.txt >>
RKreport[1]_S_01302013_02d1834.txt ; RKreport[2]_D_01302013_02d1837.txt ; RKreport[3]_SC_01302013_02d1838.txt
 

Attachments

  • TDSSKiller.2.8.15.0_30.01.2013_17.37.30_log.txt
    264.2 KB · Views: 1
Excellent work!

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.
 
Thank you once again DragonMaster Jay for the very clear instructions. Please find pasted below the 4 log files:


Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Victoria :: VICTORIA-PC [administrator]

01/02/2013 03:05:50 PM
mbar-log-2013-02-01 (15-05-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26399
Time elapsed: 21 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.01.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Victoria :: VICTORIA-PC [administrator]

01/02/2013 04:05:02 PM
mbar-log-2013-02-01 (16-05-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26382
Time elapsed: 13 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


# AdwCleaner v2.109 - Logfile created 02/01/2013 at 16:13:11
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Victoria - VICTORIA-PC
# Boot Mode : Normal
# Running from : C:\Users\Victoria\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ToggleEN
Folder Deleted : C:\Users\Victoria\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Victoria\AppData\LocalLow\ToggleEN

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\ToggleEN
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToggleEN Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleEN Toolbar
Key Deleted : HKLM\Software\ToggleEN
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{038CB5C7-48EA-4AF9-94E0-A1646542E62B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{038CB5C7-48EA-4AF9-94E0-A1646542E62B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{038CB5C7-48EA-4AF9-94E0-A1646542E62B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3293 octets] - [01/02/2013 16:13:11]

########## EOF - C:\AdwCleaner[S1].txt - [3353 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Victoria on 01/02/2013 at 16:25:08.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/02/2013 at 16:28:18.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
You're welcome!

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
The OTL log is pasted below:

OTL logfile created on: 03/02/2013 02:28:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Victoria\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.69% Memory free
4.21 Gb Paging File | 3.09 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 16.97 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 51.32 Gb Free Space | 99.00% Space Free | Partition Type: NTFS
Drive F: | 7.81 Gb Total Space | 2.52 Gb Free Space | 32.34% Space Free | Partition Type: NTFS

Computer Name: VICTORIA-PC | User Name: Victoria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/03 14:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/18 11:30:59 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/01/09 09:56:18 | 000,254,014 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2007/01/09 09:56:18 | 000,114,748 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2007/01/09 09:55:38 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/01/03 03:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/01/03 01:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/01/02 18:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006/12/29 05:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/12/22 23:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/11/24 21:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2006/11/06 02:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/11 19:45:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/18 11:30:59 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 09:56:18 | 000,254,014 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007/01/09 09:56:18 | 000,114,748 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007/01/09 09:55:38 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/01/03 03:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 01:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 18:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 05:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 23:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 21:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/05/07 08:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/01/13 01:34:30 | 001,728,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/10/06 21:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/10/05 04:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/06 06:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.za.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FB133A88-0BBC-4846-AC3E-3286E884DCBC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/10/09 12:14:14 | 000,000,709 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9229021-9F92-4352-92BF-F463B884B299}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/25 01:44:58 | 000,000,000 | ---D | M] - F:\AUTORUN -- [ NTFS ]
O33 - MountPoints2\{02667cc9-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
O33 - MountPoints2\{02667ce1-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
O33 - MountPoints2\{02667ce3-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
O33 - MountPoints2\{02667ce4-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
O33 - MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\Shell - "" = AutoRun
O33 - MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 14:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
[2013/02/03 13:42:17 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Documents\EDITING FOR LAURENT
[2013/02/01 16:24:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/01 16:24:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/01 16:24:13 | 000,538,188 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Victoria\Desktop\JRT.exe
[2013/02/01 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Desktop\mbar-1.01.0.1017 (1)
[2013/02/01 12:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/30 18:48:19 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Desktop\Logs to delete later
[2013/01/30 15:15:23 | 000,000,000 | R--D | C] -- C:\Users\Victoria\Pictures
[2013/01/30 14:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/30 14:46:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/30 14:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/30 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Deployment
[2013/01/30 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Apps
[2013/01/30 14:14:03 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Facebook & Linkedin
[2013/01/30 11:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/01/30 11:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/01/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/01/30 08:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/29 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/29 23:22:29 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\AVG2013
[2013/01/29 23:21:26 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\TuneUp Software
[2013/01/29 23:20:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/01/29 23:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/29 23:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\MFAData
[2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/01/29 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Avg2013
[2013/01/29 22:48:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013/01/29 16:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/01/29 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Local\Windows Live
[2013/01/29 16:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/01/25 17:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\4fa8d23e-337f-4214-ac6b-90752bc9623d
[2013/01/25 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2013/01/20 15:52:38 | 000,000,000 | ---D | C] -- C:\Users\Victoria\Desktop\OC1 TO OC5 ASSESSMENTS
[2013/01/17 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/06 02:28:01 | 000,000,000 | R--D | C] -- C:\Users\Victoria\Searches
[2013/01/05 18:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2013/01/05 18:17:48 | 000,000,000 | ---D | C] -- C:\Users\Victoria\AppData\Roaming\uTorrent

========== Files - Modified Within 30 Days ==========

[2013/02/03 14:32:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 14:32:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 14:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victoria\Desktop\OTL.exe
[2013/02/03 13:19:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 13:19:33 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 11:20:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/03 11:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 02:18:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/02 22:27:39 | 000,645,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/02 22:27:39 | 000,123,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/02 22:27:20 | 000,162,304 | ---- | M] () -- C:\Users\Victoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/02 12:02:17 | 000,002,627 | ---- | M] () -- C:\Users\Victoria\Desktop\Word.lnk
[2013/02/01 16:42:49 | 000,271,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/01 16:24:22 | 000,538,188 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Victoria\Desktop\JRT.exe
[2013/02/01 14:41:49 | 013,562,257 | ---- | M] () -- C:\Users\Victoria\Desktop\mbar-1.01.0.1017 (1).zip
[2013/01/31 17:06:48 | 000,002,585 | ---- | M] () -- C:\Users\Victoria\Desktop\Excel.lnk
[2013/01/30 14:29:40 | 000,002,534 | --S- | M] () -- C:\ProgramData\8d9e70e4-5626-4d5c-a7a8-d35b6171e246
[2013/01/30 14:29:00 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/29 21:35:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/28 20:00:00 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Victoria.job
[2013/01/28 13:00:20 | 000,437,061 | ---- | M] () -- C:\Users\Victoria\Desktop\Vortex DDQ January 2013.pdf
[2013/01/26 01:25:43 | 001,013,693 | ---- | M] () -- C:\Users\Victoria\Desktop\Tail_risk_management_A4.pdf
[2013/01/23 12:47:02 | 000,012,778 | ---- | M] () -- C:\Users\Victoria\Email signature.jpg
[2013/01/07 12:43:41 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\{85A24A32-5495-41BF-9061-354D2481987B}.job
[2013/01/06 17:25:59 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2013/01/06 17:25:42 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/06 02:23:44 | 000,000,122 | ---- | M] () -- C:\Windows\TLTitleData.ini
[2013/01/05 19:23:24 | 000,001,289 | ---- | M] () -- C:\Users\Victoria\Desktop\CopyTrans Control Center.lnk
[2013/01/05 18:19:58 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2013/02/01 14:41:33 | 013,562,257 | ---- | C] () -- C:\Users\Victoria\Desktop\mbar-1.01.0.1017 (1).zip
[2013/01/30 14:29:00 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/30 14:27:34 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 14:27:32 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 14:12:12 | 000,012,778 | ---- | C] () -- C:\Users\Victoria\Email signature.jpg
[2013/01/30 10:57:38 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/29 16:11:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/29 16:11:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/28 13:00:18 | 000,437,061 | ---- | C] () -- C:\Users\Victoria\Desktop\Vortex DDQ January 2013.pdf
[2013/01/26 01:25:40 | 001,013,693 | ---- | C] () -- C:\Users\Victoria\Desktop\Tail_risk_management_A4.pdf
[2013/01/25 17:29:14 | 000,002,534 | --S- | C] () -- C:\ProgramData\8d9e70e4-5626-4d5c-a7a8-d35b6171e246
[2013/01/07 12:43:41 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\{85A24A32-5495-41BF-9061-354D2481987B}.job
[2013/01/06 17:25:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013/01/05 18:19:58 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/02/21 22:16:25 | 000,000,107 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/14 08:34:22 | 000,000,008 | R--- | C] () -- C:\Users\Victoria\hwid
[2012/02/14 08:33:02 | 000,000,044 | ---- | C] () -- C:\Windows\ib.ini
[2012/02/14 08:32:55 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2012/02/14 08:29:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2010/02/09 13:35:04 | 000,001,356 | ---- | C] () -- C:\Users\Victoria\AppData\Local\d3d9caps.dat
[2008/01/01 16:47:21 | 000,162,304 | ---- | C] () -- C:\Users\Victoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/03 22:08:06 | 000,024,206 | ---- | C] () -- C:\Users\Victoria\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\AVG2013
[2009/09/30 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\CopyTrans
[2009/11/10 08:59:40 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Image Zone Express
[2009/02/08 15:57:04 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\InterVideo
[2009/10/16 01:17:35 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Nokia
[2009/03/22 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Opera
[2008/01/01 13:36:31 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\PC Suite
[2007/12/03 22:08:06 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\PeerNetworking
[2009/11/10 08:59:40 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Printer Info Cache
[2012/02/13 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Saxo Bank
[2012/04/17 14:33:15 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Trading Applications
[2013/01/29 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\TuneUp Software
[2008/06/02 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Uniblue
[2013/01/27 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\uTorrent
[2007/09/04 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\Vodafone
[2009/09/30 22:27:49 | 000,000,000 | ---D | M] -- C:\Users\Victoria\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 
Just noticed that there was an extra log from OTL:

OTL Extras logfile created on: 03/02/2013 02:28:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Victoria\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.69% Memory free
4.21 Gb Paging File | 3.09 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.14 Gb Total Space | 16.97 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
Drive D: | 51.84 Gb Total Space | 51.32 Gb Free Space | 99.00% Space Free | Partition Type: NTFS
Drive F: | 7.81 Gb Total Space | 2.52 Gb Free Space | 32.34% Space Free | Partition Type: NTFS

Computer Name: VICTORIA-PC | User Name: Victoria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DC72925-D5C2-4248-9A6A-16F1B314E197}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8756D201-C51C-4766-9352-69EC47714A6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0067B1A6-300B-4B52-AC3A-4E8869EAECDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A4DE779-7C74-479B-9C20-080B3F820364}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2538EF31-9E81-470E-B43B-DB661BB290F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{450C38DE-1C2C-471F-98DF-6006243E6151}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{46E9A3EE-316D-4EE3-9A01-BB1CFFFBC406}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FFE78A1-60CB-486E-A7CE-5023D86CEB7D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{78368A6A-54C7-4EB8-9303-2AD8E2CA9BB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7D7A4982-6C15-447C-A261-6E615320E066}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7FBF491D-CC23-4986-AD72-0DEEE225F69F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{B3DCBFC9-430D-4E76-90DC-8D182113FB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFD21AE9-D50C-423D-BE9E-64204DDF2EB4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DC2D74EB-5A73-4CCC-A9C6-6238EE4CED3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{E0FE6613-036C-415A-91B8-2588BAA065DD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{EFA813B2-020B-4177-8477-859472C2C6DE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F5B25C73-7B92-45AA-BDE6-630B90979503}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"TCP Query User{18F5B960-252F-4F04-9AE6-3CCA84EDB4EF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{592D268A-906B-44EC-A98C-6EBEE3AAEFAF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{80825CD5-3133-478C-957A-145CED3277A3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{898F9784-2FA0-47CC-8375-4B540F3A06AD}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
"UDP Query User{167BD177-EA93-4F54-8FF1-E72E2E1E3DF8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{9E2E6CDE-8166-4D10-831B-8C257A5003DA}C:\program files\ninjatrader 7\bin\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files\ninjatrader 7\bin\ninjatrader.exe |
"UDP Query User{B05A4287-BBBB-4AAD-8160-2F0654A66263}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C5DA6F98-146E-4DBC-BAAB-4FB0DC9B3271}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024D66E9-D50C-44A7-92B4-2DFDDD95D228}" = SaxoTrader 2
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13E613EF-BB55-11D9-9D77-000129760D75}" =
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3f8b1f23-7c9e-4842-9b00-f9923710db0f}.sdb" = Performance Optimizer
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
"{8ADC27DB-E2C8-446C-A576-166C05C2DD24}" =
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C366F3D6-0020-4A35-97E2-0A9B3145B805}" = NinjaTrader 7
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F37167DD-4436-4641-90B6-329D60632DDA}" = Information Service
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" =
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2013
"CCleaner" = CCleaner
"ClientIDS" =
"Connection Manager" =
"DirectDrawEx" =
"DXM_Runtime" =
"Famous Museums of Europe Vol. 1" =
"Famous Museums of Europe Vol. 2" =
"Fontcore" =
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"LManager" = Launch Manager
"Louvre" =
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MobileOptionPack" =
"MPlayer2" =
"SchedulingAgent" =
"SymcData-idsdefs" =
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Louvre vol. III" =
"Trader Workstation 4.0" = Trader Workstation 4.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"DataTools" = DataTools
"DataUpdater" = Premium Data
"TWS Demo" = TWS Demo

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/02/2013 09:12:39 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/02/2013 08:44:59 PM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:04 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:04 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:05 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:05 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/02/2013 08:53:10 AM | Computer Name = Victoria-PC | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 07/01/2013 02:29:23 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1002
seconds with 720 seconds of active time. This session ended with a crash.

Error - 08/01/2013 04:40:38 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/01/2013 09:16:34 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3803
seconds with 660 seconds of active time. This session ended with a crash.

Error - 09/01/2013 02:14:45 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25802
seconds with 9900 seconds of active time. This session ended with a crash.

Error - 10/01/2013 08:58:54 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/01/2013 11:40:20 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12362
seconds with 5760 seconds of active time. This session ended with a crash.

Error - 22/01/2013 09:32:29 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 238
seconds with 120 seconds of active time. This session ended with a crash.

Error - 27/01/2013 06:28:21 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29/01/2013 06:50:57 AM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 688
seconds with 120 seconds of active time. This session ended with a crash.

Error - 30/01/2013 07:26:07 PM | Computer Name = Victoria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 943
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 01/02/2013 01:23:53 PM | Computer Name = Victoria-PC | Source = DCOM | ID = 10010
Description =

Error - 01/02/2013 08:59:08 PM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 02/02/2013 06:38:44 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/02/2013 06:38:44 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 02/02/2013 06:38:44 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 02/02/2013 09:17:36 PM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 03/02/2013 06:20:28 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/02/2013 06:20:28 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 03/02/2013 06:20:28 AM | Computer Name = Victoria-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 03/02/2013 07:13:30 AM | Computer Name = Victoria-PC | Source = DCOM | ID = 10010
Description =


< End of report >
 
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    O33 - MountPoints2\{02667cc9-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{02667ce1-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{02667ce3-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{02667ce4-2ff8-11dd-bc21-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell - "" = AutoRun
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
Thanks for these. Please find below the 2 logs.

Otherwise I'm happy to report that I'm not experiencing any problems with my computer.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667cc9-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667cc9-2ff8-11dd-bc21-001b24073c28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667ce1-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667ce1-2ff8-11dd-bc21-001b24073c28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667ce3-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667ce3-2ff8-11dd-bc21-001b24073c28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02667ce4-2ff8-11dd-bc21-001b24073c28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02667ce4-2ff8-11dd-bc21-001b24073c28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0668bd0e-616a-11de-b29f-001b24073c28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0668bd0e-616a-11de-b29f-001b24073c28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Victoria\Desktop\cmd.bat deleted successfully.
C:\Users\Victoria\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Victoria
->Temp folder emptied: 8262 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8010910 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57016 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02042013_194707

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\sqlite_h0CyVAupmYlJjg6 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
C:\Users\Victoria\Downloads\DownloadManagerSetup.exea variant of Win32/InstallCore.BB applicationcleaned by deleting - quarantined
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advanced System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
That's good to hear! Here's the Security Check log:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java 7 Update 11
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Ad-Aware AAWService.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
No, it's fine, you can close the topic. Thank you so much for all your help - it's much appreciated!
 
Status
Not open for further replies.
Back