BleepingComputer.com: Mostly just a checkup

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Mostly just a checkup A lot of red flags showed up on my HJT log, though.

#1 User is offline   Reya 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 30
  • Joined: 12-October 06
  • Gender:Female

Posted 12 February 2012 - 11:45 PM

Brand spanking new Acer, I've been real careful except for a games download I did via USB when the computer wasn't on the internet (ooooh boredom). Did an HTJ in order to remove uTorrent's installer, as the program is already installed (for legal torrents such as World of Warcraft's peer-to-peer downloads). A lot of unexpected lines showed up, including but not limited to

Quote

"O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)".


So now I bring it to you guys and gals. DDS went well, GMER for some reason would not allow me to check most of the top options, such as system, sections, devices, modules, etc. "Services", "Registry", and "Files" were checked, as well as C:\ and ADS.

-------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Melanie at 22:17:38 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4404 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{4F16BEF0-F53F-432A-9EB9-47C5BB1A004E} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\8jc1fads.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-15 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-15 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-5 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-13 04:09:27 388096 ----a-r- C:\Users\Melanie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-13 04:09:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-13 03:57:16 -------- d-----w- C:\Users\Melanie\AppData\Local\The Weather Channel
2012-02-13 03:20:51 -------- d-----w- C:\Users\Melanie\AppData\Local\{DD3C6D60-3130-4D20-B052-8FE15D055181}
2012-02-12 15:20:19 -------- d-----w- C:\Users\Melanie\AppData\Local\{5D713EF1-3DF9-478A-AABB-15F19534C154}
2012-02-12 03:19:48 -------- d-----w- C:\Users\Melanie\AppData\Local\{697CB075-2845-4B90-B7E5-4A43C233CAFD}
2012-02-11 15:19:14 -------- d-----w- C:\Users\Melanie\AppData\Local\{75909887-12F4-4DDE-85BF-6DF417908ABE}
2012-02-11 15:19:05 -------- d-----w- C:\Users\Melanie\AppData\Local\{D0952DBC-6A3C-4C2A-AC5D-82DA38566E7C}
2012-02-11 04:22:45 -------- d-----w- C:\ProgramData\KingsIsle Entertainment
2012-02-11 03:18:41 -------- d-----w- C:\Users\Melanie\AppData\Local\{1B1B37AD-8E1E-4E16-BAF9-E7F33EC807CA}
2012-02-10 15:18:07 -------- d-----w- C:\Users\Melanie\AppData\Local\{F0216F7D-F1C2-4220-B29B-CA19E642A7CA}
2012-02-10 15:17:57 -------- d-----w- C:\Users\Melanie\AppData\Local\{4FDB2E36-284D-42B8-89DF-C57730ABA115}
2012-02-09 15:48:44 -------- d-----w- C:\Users\Melanie\AppData\Local\{4D61FA2C-D182-4D18-B185-BAC163E6218F}
2012-02-09 03:48:12 -------- d-----w- C:\Users\Melanie\AppData\Local\{99547555-7C2D-4CC3-AC67-E3DF556E688E}
2012-02-08 15:47:40 -------- d-----w- C:\Users\Melanie\AppData\Local\{8646BC1B-960A-4ECD-98E6-EBC99CAB0ED3}
2012-02-08 03:47:08 -------- d-----w- C:\Users\Melanie\AppData\Local\{6434AD4D-7124-48D2-B99C-39AA9A9959C5}
2012-02-07 15:46:36 -------- d-----w- C:\Users\Melanie\AppData\Local\{19BFEE9F-F501-48C9-90FD-F5DAD5630D50}
2012-02-07 15:46:15 -------- d-----w- C:\Users\Melanie\AppData\Local\{3A2765BE-7968-44B1-BD18-272E3F7F26FF}
2012-02-07 03:45:50 -------- d-----w- C:\Users\Melanie\AppData\Local\{0BA11850-A13E-4248-B9A8-7E13B689316B}
2012-02-07 03:45:30 -------- d-----w- C:\Users\Melanie\AppData\Local\{9477587A-572D-42D1-92FB-CAB1CCE07106}
2012-02-06 15:45:06 -------- d-----w- C:\Users\Melanie\AppData\Local\{8E26F92A-02F2-4832-8D98-78DF29A90EC8}
2012-02-06 03:44:33 -------- d-----w- C:\Users\Melanie\AppData\Local\{A642D78D-02CE-4562-AE5F-2453BD0DB002}
2012-02-06 03:44:12 -------- d-----w- C:\Users\Melanie\AppData\Local\{80109F3A-73A2-4686-9FA1-20EFDC659EE4}
2012-02-05 15:43:49 -------- d-----w- C:\Users\Melanie\AppData\Local\{9E7A28DE-9129-4FEB-B840-323328344877}
2012-02-05 03:43:16 -------- d-----w- C:\Users\Melanie\AppData\Local\{B80FC461-65A3-428F-8BB3-DB69E04CAE7E}
2012-02-04 15:42:45 -------- d-----w- C:\Users\Melanie\AppData\Local\{B83C04CD-6FE4-41C0-A1B5-F8B9605B7E0E}
2012-02-04 03:42:11 -------- d-----w- C:\Users\Melanie\AppData\Local\{B1E64FA0-DD34-4046-AEF9-AD3C42CA0FCF}
2012-02-03 15:41:39 -------- d-----w- C:\Users\Melanie\AppData\Local\{0EAF6628-3CCD-4A04-9118-379F7DAB4B21}
2012-02-03 03:41:06 -------- d-----w- C:\Users\Melanie\AppData\Local\{74463079-CA17-4846-B000-CBD91476B491}
2012-02-02 15:40:32 -------- d-----w- C:\Users\Melanie\AppData\Local\{622F3FF1-CBCA-4C90-9748-FCC9F81B1960}
2012-02-02 15:40:11 -------- d-----w- C:\Users\Melanie\AppData\Local\{5546FFEA-5977-4893-8829-AB136DF44EED}
2012-02-02 03:39:48 -------- d-----w- C:\Users\Melanie\AppData\Local\{050DC7D4-7E4B-4128-9A07-98F94B99465F}
2012-02-01 15:39:15 -------- d-----w- C:\Users\Melanie\AppData\Local\{E3F2DEEC-0CF6-45EB-B089-DA36396651C0}
2012-02-01 15:38:54 -------- d-----w- C:\Users\Melanie\AppData\Local\{9DDADF8A-51EF-4347-9BA0-548CC4A98004}
2012-02-01 03:38:31 -------- d-----w- C:\Users\Melanie\AppData\Local\{2D9DD588-6F46-4817-9E6C-0C0C1185E4C7}
2012-01-31 15:37:57 -------- d-----w- C:\Users\Melanie\AppData\Local\{7A20DBF6-F2D1-4B90-B4A7-142AFEF7CA06}
2012-01-31 15:37:48 -------- d-----w- C:\Users\Melanie\AppData\Local\{D47A8DC4-4EC3-43FC-9590-93B41F03E7A4}
2012-01-31 02:24:42 -------- d-----w- C:\Users\Melanie\AppData\Local\{30CF37E3-034D-45A6-A14A-0C8C92FE7477}
2012-01-30 14:24:10 -------- d-----w- C:\Users\Melanie\AppData\Local\{C5C311E2-E6BC-443E-9FE3-8C75BEB16EFA}
2012-01-30 02:23:38 -------- d-----w- C:\Users\Melanie\AppData\Local\{9F1D2475-1EDE-4D6E-9D05-41C4EE52DAAC}
2012-01-29 14:23:07 -------- d-----w- C:\Users\Melanie\AppData\Local\{80BC4744-A949-4F9F-B23D-4732CCBA818F}
2012-01-29 02:22:34 -------- d-----w- C:\Users\Melanie\AppData\Local\{11E67A5E-4FE3-4BEC-8E13-C3B370841F21}
2012-01-28 14:22:01 -------- d-----w- C:\Users\Melanie\AppData\Local\{6F96E0B2-EEA7-4AC6-AF65-CF581B360AD8}
2012-01-28 14:21:40 -------- d-----w- C:\Users\Melanie\AppData\Local\{427F8583-B64F-44AF-A937-FCF63E1D25F2}
2012-01-28 06:16:26 -------- d-----w- C:\Program Files (x86)\raidcall
2012-01-28 02:21:16 -------- d-----w- C:\Users\Melanie\AppData\Local\{BAA1C4A5-C323-4BE5-BF8B-D51A6419F068}
2012-01-27 14:20:45 -------- d-----w- C:\Users\Melanie\AppData\Local\{745E6511-55C0-404F-991A-C9FC0F596FF1}
2012-01-27 02:20:24 -------- d-----w- C:\Users\Melanie\AppData\Local\{D29FBC98-9E35-4BDB-B98C-4D99CC547224}
2012-01-26 14:19:51 -------- d-----w- C:\Users\Melanie\AppData\Local\{553E23AF-E705-49F9-BA06-3CA75E6CA140}
2012-01-26 02:19:19 -------- d-----w- C:\Users\Melanie\AppData\Local\{F756FDB9-D31C-4C38-92CE-03D9C3AF1992}
2012-01-25 14:18:48 -------- d-----w- C:\Users\Melanie\AppData\Local\{340FF6BB-58D7-4871-9F9B-E6A5DEE511A3}
2012-01-25 14:18:38 -------- d-----w- C:\Users\Melanie\AppData\Local\{C849A477-F57C-46CE-9B26-57C17DC80D4D}
2012-01-24 16:38:58 -------- d-----w- C:\Users\Melanie\AppData\Local\{C029C5E0-F6AB-423B-8637-78FAA211876C}
2012-01-24 04:38:26 -------- d-----w- C:\Users\Melanie\AppData\Local\{D5BB57C2-9F14-46E7-A32E-3DAAF275BC59}
2012-01-23 16:37:52 -------- d-----w- C:\Users\Melanie\AppData\Local\{034A6CFB-B5ED-4823-B29A-2A23727C2B13}
2012-01-23 04:37:19 -------- d-----w- C:\Users\Melanie\AppData\Local\{EF1D1A3C-6666-4111-A5CF-D80690F342EA}
2012-01-22 16:36:57 -------- d-----w- C:\Users\Melanie\AppData\Local\{8C5A5B84-3E32-401C-AE70-894C0B708E01}
2012-01-22 16:36:36 -------- d-----w- C:\Users\Melanie\AppData\Local\{ED37C80D-C8AB-4E9D-B082-5270284D5183}
2012-01-22 05:09:38 19936 ------w- C:\Windows\System32\pwdrvio.sys
2012-01-22 05:09:38 13280 ------w- C:\Windows\System32\pwdspio.sys
2012-01-22 05:09:38 1013320 ----a-w- C:\Windows\System32\pwNative.exe
2012-01-22 05:09:34 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.1
2012-01-22 04:36:00 -------- d-----w- C:\Users\Melanie\AppData\Local\{D4AAD259-51F6-466D-A7CC-861A0F577605}
2012-01-22 00:54:49 -------- d-----w- C:\Program Files (x86)\Ventrilo
2012-01-22 00:54:27 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-21 16:35:38 -------- d-----w- C:\Users\Melanie\AppData\Local\{25EC5373-2FF7-4E27-B4D2-A7769AA0106E}
2012-01-21 16:35:17 -------- d-----w- C:\Users\Melanie\AppData\Local\{9455428E-F163-4E98-AC47-F44F0D7710BC}
2012-01-21 15:35:00 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-01-21 15:34:24 -------- d-----w- C:\Users\Melanie\AppData\Roaming\uTorrent
2012-01-21 15:26:47 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-01-21 04:34:52 -------- d-----w- C:\Users\Melanie\AppData\Local\{A532532A-6FD3-40DD-B1A0-724E9FEFF561}
2012-01-20 16:34:19 -------- d-----w- C:\Users\Melanie\AppData\Local\{F3E023AF-C530-486F-A5C0-72D99F081F76}
2012-01-20 16:34:09 -------- d-----w- C:\Users\Melanie\AppData\Local\{255BD89E-2B69-4F6D-BE32-21FC46DAC2E8}
2012-01-20 14:58:16 -------- d-----w- C:\Users\Melanie\AppData\Local\ElevatedDiagnostics
2012-01-20 09:32:01 -------- d-----w- C:\Windows\SysWow64\Wat
2012-01-20 09:32:01 -------- d-----w- C:\Windows\System32\Wat
2012-01-20 09:11:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-20 04:33:44 -------- d-----w- C:\Users\Melanie\AppData\Local\{E983AB36-123F-4D59-A256-5D1825EBCFB8}
2012-01-20 04:33:23 -------- d-----w- C:\Users\Melanie\AppData\Local\{823EF0E5-AAA6-4B96-8E4A-225CF607AE63}
2012-01-19 21:20:59 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-19 21:20:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-19 21:20:59 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-01-19 16:32:56 -------- d-----w- C:\Users\Melanie\AppData\Local\{04D3D0C4-F55E-4479-9C85-EFA709924E07}
2012-01-19 16:32:45 -------- d-----w- C:\Users\Melanie\AppData\Local\{41B7D928-578F-4D86-B1DB-B2AC2CE4B7D8}
2012-01-19 02:34:21 -------- d-----w- C:\Users\Melanie\AppData\Local\Microsoft Games
2012-01-18 18:45:27 -------- d-----w- C:\Users\Melanie\AppData\Roaming\Jewel Match 3
2012-01-18 00:18:21 -------- d-----w- C:\Users\Melanie\AppData\Roaming\FloodLightGames
2012-01-18 00:18:21 -------- d-----w- C:\ProgramData\FloodLightGames
2012-01-18 00:16:21 -------- d-----w- C:\Users\Melanie\AppData\Local\{9DA8705A-7D70-41BC-853D-E87812D4F713}
2012-01-17 13:36:11 -------- d-----w- C:\Users\Melanie\AppData\Local\{D7DB9906-484E-4814-814D-5E7BBF35E66F}
2012-01-17 13:36:11 -------- d-----w- C:\Users\Melanie\AppData\Local\{3E864D47-1741-4B8D-AE7E-356DBB497C00}
2012-01-17 01:14:31 -------- d-----w- C:\Users\Melanie\AppData\Roaming\Mystery of Mortlake Mansion
2012-01-16 23:23:36 -------- d-----w- C:\Users\Melanie\AppData\Local\{0F6C8C01-2D64-4187-9420-E726CE2D28FB}
2012-01-16 15:09:07 -------- d-----w- C:\Users\Melanie\AppData\Roaming\Awem
2012-01-16 14:37:00 -------- d-----w- C:\Users\Melanie\AppData\Local\{86DDA5CE-E537-4846-8AB6-79DA7EEB60C8}
2012-01-16 05:01:29 -------- d-----w- C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life
2012-01-16 05:00:48 -------- d-----w- C:\Users\Melanie\AppData\Local\{6FF8DE3E-32D1-4550-BD1F-255F852F9BFD}
2012-01-15 19:13:57 -------- d-sh--w- C:\Windows\ftpcache
2012-01-15 19:12:46 -------- d-----w- C:\Users\Melanie\AppData\Local\CrashDumps
2012-01-15 16:44:16 -------- d-----w- C:\Users\Melanie\AppData\Roaming\runic games
2012-01-15 16:40:55 -------- d-----w- C:\Users\Melanie\AppData\Local\{B8DFE4AD-EE3D-422F-B192-A452D444F1E6}
2012-01-15 05:47:29 -------- d-----w- C:\Users\Melanie\AppData\Local\Chronicles of Albian
2012-01-14 17:20:18 -------- d-----w- C:\ProgramData\HipSoft
2012-01-14 13:19:01 -------- d-----w- C:\ProgramData\Wild Tangent
.
==================== Find3M ====================
.
2012-01-19 21:05:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:17:58.62 ===============



GMER, once it finished, did not detect any system modifications, but then again it didn't search in the unchecked areas either. If needed, I can provide a screenshot of the GMER UI.

Thanks in advance for your help!

#2 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,133
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 17 February 2012 - 08:58 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.


  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Instead of Gmer can you run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#3 User is offline   Reya 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 30
  • Joined: 12-October 06
  • Gender:Female

Posted 18 February 2012 - 03:44 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-18 02:43:18
-----------------------------
02:43:18.069 OS Version: Windows x64 6.1.7601 Service Pack 1
02:43:18.069 Number of processors: 4 586 0x2A07
02:43:18.069 ComputerName: MELANIE-PC UserName: Melanie
02:43:20.793 Initialize success
02:43:33.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:43:33.571 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
02:43:33.582 Disk 0 MBR read successfully
02:43:33.585 Disk 0 MBR scan
02:43:33.587 Disk 0 Windows 7 default MBR code
02:43:33.590 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
02:43:33.608 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
02:43:33.611 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 784263 MB offset 29566976
02:43:33.614 Disk 0 Partition - 00 0F Extended LBA 155166 MB offset 1635738300
02:43:33.638 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 103285 MB offset 1635738363
02:43:33.642 Disk 0 Partition - 00 05 Extended 51881 MB offset 1847266155
02:43:33.655 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 51881 MB offset 1847266218
02:43:33.660 Service scanning
02:43:34.774 Modules scanning
02:43:34.781 Disk 0 trace - called modules:
02:43:34.789 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:43:34.794 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e18060]
02:43:34.800 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80060c1050]
02:43:34.805 Scan finished successfully
02:43:56.207 Disk 0 MBR has been saved successfully to "C:\Users\Melanie\Desktop\MBR.dat"
02:43:56.210 The log file has been saved successfully to "C:\Users\Melanie\Desktop\aswMBR.txt"


There you are! Thanks for taking this one on, m0le.

#4 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,133
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 18 February 2012 - 01:52 PM

That looks fine, please run OTL next - a more powerful scanner than DDS

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#5 User is offline   Reya 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 30
  • Joined: 12-October 06
  • Gender:Female

Posted 18 February 2012 - 09:55 PM

OTL.Txt:

OTL logfile created on: 2/18/2012 8:33:42 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Melanie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 72.66% Memory free
11.81 Gb Paging File | 10.16 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 765.88 Gb Total Space | 682.38 Gb Free Space | 89.10% Space Free | Partition Type: NTFS
Drive E: | 50.67 Gb Total Space | 16.39 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive K: | 100.86 Gb Total Space | 60.88 Gb Free Space | 60.36% Space Free | Partition Type: NTFS

Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Melanie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Live Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "Google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 11:13:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/10 15:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\Mozilla\Extensions
[2012/01/10 15:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/17 11:13:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/17 11:13:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 22:30:41 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2011/12/20 22:30:41 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/12/20 22:30:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/12/20 22:30:41 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F16BEF0-F53F-432A-9EB9-47C5BB1A004E}: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 20:29:46 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2012/02/18 10:04:30 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{B08E118F-E5FA-4555-9730-9F96681E7809}
[2012/02/18 10:04:21 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{37D2599A-DC7A-4580-82C1-D3FF8D873EDD}
[2012/02/18 00:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/02/18 00:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/02/18 00:06:00 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Real
[2012/02/17 23:25:00 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Melanie\Desktop\aswMBR.exe
[2012/02/17 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{492410EF-B5F6-439C-B266-55202ED24FED}
[2012/02/17 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{85C97E93-0F88-41AB-97B8-3B265282E5DE}
[2012/02/16 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{ECAE4BC5-3EAC-4519-9398-7CC420E744F6}
[2012/02/16 09:25:12 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{2432A17F-B3ED-4C5A-B5B8-69DF628D3E41}
[2012/02/16 09:24:51 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{7B3A749D-4B11-4F15-93FD-F11FC9778489}
[2012/02/16 03:00:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 03:00:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 03:00:25 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 03:00:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 03:00:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 03:00:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 03:00:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 03:00:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 03:00:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 03:00:24 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 03:00:24 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 21:24:28 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{AAA892AF-0843-4E85-93DE-1E5ED88028B8}
[2012/02/15 21:03:38 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 21:03:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 21:03:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 21:03:37 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 09:23:56 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9CAABEF3-42E5-486A-AA2A-9FFBA998C445}
[2012/02/14 21:23:24 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D650BE34-522E-4582-A01D-2AA9CE749DFF}
[2012/02/14 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{8C8E67E8-992D-4A75-81E3-B720EB9CF2A5}
[2012/02/13 21:22:20 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{2934A4AB-1113-4B9B-BEC4-34492C0990F6}
[2012/02/13 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{AEFF17AD-13FE-40E9-BEE6-47A7E25A29EA}
[2012/02/13 09:21:35 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{514627B8-670A-4E54-B680-A8197A858D39}
[2012/02/13 09:21:14 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{0A5AAFBE-9340-4DAC-B73B-EAE4C92F2E3D}
[2012/02/12 22:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/12 22:09:27 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/12 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\The Weather Channel
[2012/02/12 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{DD3C6D60-3130-4D20-B052-8FE15D055181}
[2012/02/12 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{5D713EF1-3DF9-478A-AABB-15F19534C154}
[2012/02/11 21:19:48 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{697CB075-2845-4B90-B7E5-4A43C233CAFD}
[2012/02/11 09:19:14 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{75909887-12F4-4DDE-85BF-6DF417908ABE}
[2012/02/11 09:19:05 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D0952DBC-6A3C-4C2A-AC5D-82DA38566E7C}
[2012/02/10 22:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment
[2012/02/10 22:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2012/02/10 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{1B1B37AD-8E1E-4E16-BAF9-E7F33EC807CA}
[2012/02/10 09:18:07 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{F0216F7D-F1C2-4220-B29B-CA19E642A7CA}
[2012/02/10 09:17:57 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{4FDB2E36-284D-42B8-89DF-C57730ABA115}
[2012/02/09 09:48:44 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{4D61FA2C-D182-4D18-B185-BAC163E6218F}
[2012/02/08 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{99547555-7C2D-4CC3-AC67-E3DF556E688E}
[2012/02/08 09:47:40 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{8646BC1B-960A-4ECD-98E6-EBC99CAB0ED3}
[2012/02/07 21:47:08 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{6434AD4D-7124-48D2-B99C-39AA9A9959C5}
[2012/02/07 09:46:36 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{19BFEE9F-F501-48C9-90FD-F5DAD5630D50}
[2012/02/07 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{3A2765BE-7968-44B1-BD18-272E3F7F26FF}
[2012/02/06 21:45:50 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{0BA11850-A13E-4248-B9A8-7E13B689316B}
[2012/02/06 21:45:30 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9477587A-572D-42D1-92FB-CAB1CCE07106}
[2012/02/06 09:45:06 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{8E26F92A-02F2-4832-8D98-78DF29A90EC8}
[2012/02/05 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{A642D78D-02CE-4562-AE5F-2453BD0DB002}
[2012/02/05 21:44:12 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{80109F3A-73A2-4686-9FA1-20EFDC659EE4}
[2012/02/05 09:43:49 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9E7A28DE-9129-4FEB-B840-323328344877}
[2012/02/04 21:43:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{B80FC461-65A3-428F-8BB3-DB69E04CAE7E}
[2012/02/04 09:42:45 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{B83C04CD-6FE4-41C0-A1B5-F8B9605B7E0E}
[2012/02/03 21:42:11 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{B1E64FA0-DD34-4046-AEF9-AD3C42CA0FCF}
[2012/02/03 09:41:39 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{0EAF6628-3CCD-4A04-9118-379F7DAB4B21}
[2012/02/02 21:41:06 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{74463079-CA17-4846-B000-CBD91476B491}
[2012/02/02 09:40:32 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{622F3FF1-CBCA-4C90-9748-FCC9F81B1960}
[2012/02/02 09:40:11 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{5546FFEA-5977-4893-8829-AB136DF44EED}
[2012/02/01 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{050DC7D4-7E4B-4128-9A07-98F94B99465F}
[2012/02/01 09:39:15 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{E3F2DEEC-0CF6-45EB-B089-DA36396651C0}
[2012/02/01 09:38:54 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9DDADF8A-51EF-4347-9BA0-548CC4A98004}
[2012/01/31 21:38:31 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{2D9DD588-6F46-4817-9E6C-0C0C1185E4C7}
[2012/01/31 09:43:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 09:43:13 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 09:43:13 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 09:43:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 09:43:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 09:43:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/31 09:37:57 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{7A20DBF6-F2D1-4B90-B4A7-142AFEF7CA06}
[2012/01/31 09:37:48 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D47A8DC4-4EC3-43FC-9590-93B41F03E7A4}
[2012/01/30 20:24:42 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{30CF37E3-034D-45A6-A14A-0C8C92FE7477}
[2012/01/30 08:24:10 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{C5C311E2-E6BC-443E-9FE3-8C75BEB16EFA}
[2012/01/29 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9F1D2475-1EDE-4D6E-9D05-41C4EE52DAAC}
[2012/01/29 08:23:07 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{80BC4744-A949-4F9F-B23D-4732CCBA818F}
[2012/01/28 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{11E67A5E-4FE3-4BEC-8E13-C3B370841F21}
[2012/01/28 08:22:01 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{6F96E0B2-EEA7-4AC6-AF65-CF581B360AD8}
[2012/01/28 08:21:40 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{427F8583-B64F-44AF-A937-FCF63E1D25F2}
[2012/01/28 00:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2012/01/28 00:16:27 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2012/01/28 00:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\raidcall
[2012/01/27 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{BAA1C4A5-C323-4BE5-BF8B-D51A6419F068}
[2012/01/27 08:20:45 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{745E6511-55C0-404F-991A-C9FC0F596FF1}
[2012/01/26 20:20:24 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D29FBC98-9E35-4BDB-B98C-4D99CC547224}
[2012/01/26 08:19:51 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{553E23AF-E705-49F9-BA06-3CA75E6CA140}
[2012/01/25 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{F756FDB9-D31C-4C38-92CE-03D9C3AF1992}
[2012/01/25 08:18:48 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{340FF6BB-58D7-4871-9F9B-E6A5DEE511A3}
[2012/01/25 08:18:38 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{C849A477-F57C-46CE-9B26-57C17DC80D4D}
[2012/01/24 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{C029C5E0-F6AB-423B-8637-78FAA211876C}
[2012/01/23 22:38:26 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D5BB57C2-9F14-46E7-A32E-3DAAF275BC59}
[2012/01/23 10:37:52 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{034A6CFB-B5ED-4823-B29A-2A23727C2B13}
[2012/01/23 09:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/22 22:37:19 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{EF1D1A3C-6666-4111-A5CF-D80690F342EA}
[2012/01/22 10:36:57 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{8C5A5B84-3E32-401C-AE70-894C0B708E01}
[2012/01/22 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{ED37C80D-C8AB-4E9D-B082-5270284D5183}
[2012/01/21 23:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/01/21 23:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.1
[2012/01/21 23:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.1
[2012/01/21 22:36:00 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{D4AAD259-51F6-466D-A7CC-861A0F577605}
[2012/01/21 18:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/01/21 18:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo
[2012/01/21 18:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/01/21 10:35:38 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{25EC5373-2FF7-4E27-B4D2-A7769AA0106E}
[2012/01/21 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{9455428E-F163-4E98-AC47-F44F0D7710BC}
[2012/01/21 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Skype
[2012/01/21 09:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/01/21 09:34:24 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\uTorrent
[2012/01/21 09:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/01/20 22:34:52 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{A532532A-6FD3-40DD-B1A0-724E9FEFF561}
[2012/01/20 10:34:19 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{F3E023AF-C530-486F-A5C0-72D99F081F76}
[2012/01/20 10:34:09 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{255BD89E-2B69-4F6D-BE32-21FC46DAC2E8}
[2012/01/20 09:23:19 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/01/20 09:23:19 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/01/20 09:23:17 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/01/20 09:23:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/01/20 09:23:16 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/01/20 09:23:16 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/01/20 09:23:16 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/01/20 09:23:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/01/20 09:23:16 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/01/20 08:58:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\ElevatedDiagnostics
[2012/01/20 03:32:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/01/20 03:32:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/01/20 03:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/20 00:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/20 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/01/19 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{E983AB36-123F-4D59-A256-5D1825EBCFB8}
[2012/01/19 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\{823EF0E5-AAA6-4B96-8E4A-225CF607AE63}

========== Files - Modified Within 30 Days ==========

[2012/02/18 20:29:48 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2012/02/18 17:49:52 | 000,193,065 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/18 13:09:55 | 000,001,547 | ---- | M] () -- C:\Users\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/18 10:11:05 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 10:11:05 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 10:09:16 | 089,363,195 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/18 10:08:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/18 10:08:06 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/18 10:08:06 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/18 10:03:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/18 10:03:35 | 461,590,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 23:25:35 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Melanie\Desktop\aswMBR.exe
[2012/02/16 03:20:12 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/12 22:17:11 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\defogger_reenable
[2012/02/12 22:09:27 | 000,002,985 | ---- | M] () -- C:\Users\Melanie\Desktop\HiJackThis.lnk
[2012/02/10 22:22:46 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2012/02/05 16:24:44 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/05 08:49:43 | 000,001,137 | ---- | M] () -- C:\Users\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/04 18:30:28 | 000,001,220 | ---- | M] () -- C:\Users\Melanie\Desktop\Foto's.lnk
[2012/02/04 18:30:28 | 000,001,193 | ---- | M] () -- C:\Users\Melanie\Desktop\Musiek.lnk
[2012/02/04 17:35:28 | 002,275,040 | ---- | M] () -- C:\Users\Melanie\Desktop\P2040582.JPG
[2012/02/04 17:32:46 | 000,409,141 | ---- | M] () -- C:\Users\Melanie\Desktop\P2040585.JPG
[2012/02/01 21:58:18 | 000,001,224 | ---- | M] () -- C:\Windows\PWCMDLST.BAK
[2012/02/01 08:14:19 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/30 07:38:31 | 000,000,906 | ---- | M] () -- C:\Users\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Molten WoW.lnk
[2012/01/28 00:16:28 | 000,001,014 | ---- | M] () -- C:\Users\Melanie\Desktop\RaidCall.lnk
[2012/01/23 09:06:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/22 21:03:52 | 000,000,995 | ---- | M] () -- C:\Users\Melanie\Desktop\Wow - Shortcut.lnk
[2012/01/22 09:55:01 | 000,000,906 | ---- | M] () -- C:\Users\Melanie\Desktop\Molten WoW.lnk
[2012/01/22 00:50:41 | 000,002,518 | ---- | M] () -- C:\Windows\WinInit.Ini
[2012/01/21 23:55:05 | 000,000,750 | ---- | M] () -- C:\Users\Melanie\Desktop\WoW Reg Key.reg
[2012/01/21 23:09:36 | 000,001,289 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2012/01/21 18:54:50 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2012/01/21 18:54:50 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/21 09:35:01 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/01/21 09:26:32 | 000,001,339 | ---- | M] () -- C:\Users\Melanie\Desktop\World of Warcraft Installer.lnk

========== Files Created - No Company Name ==========

[2012/02/18 13:09:55 | 000,001,547 | ---- | C] () -- C:\Users\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/12 22:17:11 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\defogger_reenable
[2012/02/12 22:09:27 | 000,002,985 | ---- | C] () -- C:\Users\Melanie\Desktop\HiJackThis.lnk
[2012/02/10 22:22:46 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2012/02/05 16:24:44 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/04 18:30:17 | 002,275,040 | ---- | C] () -- C:\Users\Melanie\Desktop\P2040582.JPG
[2012/02/04 18:30:17 | 000,409,141 | ---- | C] () -- C:\Users\Melanie\Desktop\P2040585.JPG
[2012/01/30 07:38:31 | 000,000,906 | ---- | C] () -- C:\Users\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Molten WoW.lnk
[2012/01/28 00:16:28 | 000,001,014 | ---- | C] () -- C:\Users\Melanie\Desktop\RaidCall.lnk
[2012/01/23 09:06:24 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/22 09:55:01 | 000,000,906 | ---- | C] () -- C:\Users\Melanie\Desktop\Molten WoW.lnk
[2012/01/21 23:55:05 | 000,000,750 | ---- | C] () -- C:\Users\Melanie\Desktop\WoW Reg Key.reg
[2012/01/21 23:17:15 | 000,001,224 | ---- | C] () -- C:\Windows\PWCMDLST.BAK
[2012/01/21 23:09:38 | 001,013,320 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
[2012/01/21 23:09:38 | 000,019,936 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
[2012/01/21 23:09:38 | 000,013,280 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
[2012/01/21 23:09:36 | 000,001,289 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2012/01/21 18:54:50 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2012/01/21 18:54:47 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/21 18:22:27 | 000,000,995 | ---- | C] () -- C:\Users\Melanie\Desktop\Wow - Shortcut.lnk
[2012/01/21 09:35:01 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/01/19 14:56:26 | 000,002,518 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012/01/12 00:47:15 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/01/10 20:15:30 | 000,007,598 | ---- | C] () -- C:\Users\Melanie\AppData\Local\Resmon.ResmonCfg
[2011/07/15 02:34:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/15 02:34:01 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/15 02:34:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/01/10 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\AVG2012
[2012/01/16 09:09:07 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Awem
[2012/01/12 19:50:01 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Barnes & Noble
[2012/01/12 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/01/17 18:18:21 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\FloodLightGames
[2012/01/18 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Jewel Match 3
[2012/01/16 19:14:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Mystery of Mortlake Mansion
[2012/01/10 15:26:14 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\OEM
[2012/01/15 10:44:16 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\runic games
[2012/02/12 22:00:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\uTorrent
[2009/07/13 23:08:49 | 000,011,892 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Extras.Txt

OTL Extras logfile created on: 2/18/2012 8:33:42 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Melanie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 72.66% Memory free
11.81 Gb Paging File | 10.16 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 765.88 Gb Total Space | 682.38 Gb Free Space | 89.10% Space Free | Partition Type: NTFS
Drive E: | 50.67 Gb Total Space | 16.39 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive K: | 100.86 Gb Total Space | 60.88 Gb Free Space | 60.36% Space Free | Partition Type: NTFS

Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BN_DesktopReader" = NOOK for PC
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Identity Card" = Identity Card
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"RaidCall" = RaidCall
"uTorrent" = µTorrent
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WTA-1bcf2b7c-b094-4e74-8b71-a11c0433be35" = Cradle of Rome 2
"WTA-26bee42d-dfe5-48d0-a38e-2304dcdd87e9" = Penguins!
"WTA-6fe61e57-0d93-4ed7-b5f5-9098b33e3b51" = Mystery of Mortlake Mansion
"WTA-7f42fb8d-911d-444b-8739-752b0f702fff" = Final Drive: Nitro
"WTA-93173bfa-c7ca-4d97-8748-f56855b676b7" = Polar Bowler
"WTA-a69de29f-5268-45f7-9fd8-c6df5a9a8921" = Chronicles of Albian
"WTA-f407b007-662b-4be7-a0d3-8af8fa2da18e" = Jewel Match 3
"WTA-f535460d-6ad1-4c29-be22-a2a12d9e524b" = Governor of Poker 2 Premium Edition
"WTA-fb813c24-deb5-4ca7-8d85-832c5f4c0b06" = Polar Golfer
"WTA-fc65d273-3363-4d08-8cb6-6e96b778c9df" = Agatha Christie - Death on the Nile

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2012 7:41:55 PM | Computer Name = Melanie-PC | Source = Application Hang | ID = 1002
Description = The program Wow.exe version 4.3.0.15050 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b2c Start Time:
01cccff149fbb123 Termination Time: 6 Application Path: C:\Program Files (x86)\World
of Warcraft\Wow.exe Report Id: a9c53f5c-3be4-11e1-84b2-38607782f8e2

Error - 1/10/2012 7:42:02 PM | Computer Name = Melanie-PC | Source = Application Hang | ID = 1002
Description = The program Wow.exe version 4.3.0.15050 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: a6c Start Time:
01cccff141c3b094 Termination Time: 9 Application Path: C:\Program Files (x86)\World
of Warcraft\Wow.exe Report Id: af229df8-3be4-11e1-84b2-38607782f8e2

Error - 1/11/2012 7:31:36 PM | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2012 9:51:11 AM | Computer Name = Melanie-PC | Source = Application Hang | ID = 1002
Description = The program InstallWoW.exe version 1.4.0.371 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13b8 Start
Time: 01ccd1310d14029b Termination Time: 0 Application Path: C:\Users\Melanie\Downloads\InstallWoW.exe

Report
Id: 7a22f1f0-3d24-11e1-862a-38607782f8e2

Error - 1/12/2012 9:46:01 PM | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2012 9:52:15 PM | Computer Name = Melanie-PC | Source = VSS | ID = 8194
Description =

Error - 1/15/2012 12:42:10 PM | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2012 3:12:09 PM | Computer Name = Melanie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Torchlight2.exe, version: 1.0.69.119, time
stamp: 0x4baa8f16 Faulting module name: Torchlight2.exe, version: 1.0.69.119, time
stamp: 0x4baa8f16 Exception code: 0xc0000005 Fault offset: 0x001fad71 Faulting process
id: 0x50c Faulting application start time: 0x01ccd3a4eb0d4c38 Faulting application
path: C:\Program Files (x86)\Gateway Games\Torchlight\Torchlight2.exe Faulting module
path: C:\Program Files (x86)\Gateway Games\Torchlight\Torchlight2.exe Report Id:
d1b8a1cb-3fac-11e1-a038-38607782f8e2

Error - 1/16/2012 1:02:06 AM | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/16/2012 10:38:24 AM | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/20/2012 5:33:53 AM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 1/20/2012 10:55:31 AM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 1/20/2012 10:56:01 AM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the LanmanServer service.

Error - 1/20/2012 10:56:56 AM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 1/20/2012 10:57:26 AM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the LanmanServer service.

Error - 1/22/2012 1:19:45 AM | Computer Name = Melanie-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{3021b1f1-078c-11e1-9552-806e6f6e6963}
cannot be read.

Error - 1/27/2012 10:43:47 PM | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:41:22 PM on ?1/?27/?2012 was unexpected.

Error - 2/2/2012 12:01:11 AM | Computer Name = Melanie-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{3021b1f1-078c-11e1-9552-806e6f6e6963}
cannot be read.

Error - 2/5/2012 6:39:29 PM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 2/5/2012 6:39:59 PM | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the LanmanServer service.


< End of report >

Thar ya be, thanks for checking them out. Those errors are a little disturbing, I'm not sure if I'm reading them right, but it seems the computer's unable to access things it should be accessing.

This post has been edited by Reya: 18 February 2012 - 09:56 PM

#6 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,133
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 19 February 2012 - 06:17 AM

Nothing bad, just a few things to reset and tidy up. Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

The errors show failing loads on programs but nothing particularly worrying. Sometimes the machine fails (contrary to popular belief computers are not perfect :wink: ) and most machines will display similar logs.


Please run an online scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 User is offline   Reya 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 30
  • Joined: 12-October 06
  • Gender:Female

Posted 22 February 2012 - 12:50 AM

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.33.0 log created on 02212012_230529


ESET found no threats :)

Thanks a bunch!

#8 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,133
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 22 February 2012 - 06:27 PM

No problem. :)

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

-------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible


It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Reya, happy surfing!

Cheers.

m0le
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 User is offline   Reya 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 30
  • Joined: 12-October 06
  • Gender:Female

Posted 22 February 2012 - 10:53 PM

Thanks for your wonderful work with these 'fun' systems! Really appreciate you helping to check up on the new computer :) Take care and good luck!

#10 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,133
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 23 February 2012 - 02:59 PM

Thanks, enjoy the internet :)
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#11 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,133
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 26 February 2012 - 08:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users