Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant Threat Block from Malware

Started by Adonia214 , Jul 17 2012 05:33 PM

  • Please log in to reply

#1
Adonia214
Posted 17 July 2012 - 05:33 PM

Adonia214

    New Member

  • Member
  • Pip
  • 1 posts
Here is the error that I get and this is happening several times a minute. I have no idea how this happened, where it came from, or when it started. I noticed some blue screen crashed and decided to run malwarebytes and it found some issues. I was upset after that because I try not to go on unknown websites or download things I don't know to be safe. I removed the files, but I am still getting the threats.

This is what I get when I ask for the details from avast:

Infection Details
URL: http://77.95.230.80/click.php?s
Process: C:\Windows\system32\svchost.exe
Infection: URL:Mal

THE OTL LOG:

OTL logfile created on: 7/17/2012 6:26:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Marie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.15% Memory free
5.96 Gb Paging File | 4.53 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 315.29 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive I: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-PC | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 18:25:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/15 21:16:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/04 15:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/04 14:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/02/04 04:17:18 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2300 Series\ezprint.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/19 22:05:32 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 21:16:42 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/04 15:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2007/08/08 16:55:30 | 000,364,544 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\iptk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaopiom.dll -- (was)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lktimesync.dll -- (tmesrv3)
SRV - File not found [Auto | Running] -- %SystemRoot%\System32\TabSvc.dlls\TabletInputService\Parameters -- (TabletInputService)
SRV - File not found [On_Demand | Stopped] -- %Systemroot%\System32\swprv.dlles\swprv\Parameters -- (swprv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rapapp.dll -- (superproserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll -- (smwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netdetect.dll -- (roxupnprenderer)
SRV - File not found [On_Demand | Stopped] -- %windir%\system32\qwave.dllStorage... -- (QWAVE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndisip.dll -- (pptchpad)
SRV - File not found [On_Demand | Stopped] -- %systemroot%\system32\pla.dllices\pla\Parameters -- (pla)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fetnd5bv.dll -- (pctfw1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BCM42RLY.dll -- (oracleservicesecinst)
SRV - File not found [Auto | Running] -- %SystemRoot%\System32\nlasvc.dllrk\ -- (NlaSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvstor32.dll -- (mfeavfk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vtserver.dll -- (iviregmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dbmanagerscheduler.dll -- (flutilssvc)
SRV - File not found [Auto | Running] -- %systemroot%\system32\es.dllm... -- (EventSystem)
SRV - File not found [Auto | Running] -- %SystemRoot%\System32\aelupsvc.dllUpdateSvc... -- (AeLookupSvc)
SRV - [2012/07/12 12:58:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/15 21:16:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/05 11:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/04 14:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/03/22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/19 22:05:32 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a8hrx3cc)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/01 22:48:22 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/02/26 17:05:51 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/10/10 19:48:00 | 001,439,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/10/30 19:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/16 09:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 09:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 09:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/15 02:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/11/21 03:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 43 69 9D FE 5E CD 01 [binary data]
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Marie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/28 00:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/17 00:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/26 23:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/26 23:56:40 | 000,000,000 | ---D | M]

[2010/06/04 16:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions
[2010/06/04 16:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/05/02 21:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\kcown02a.default\extensions
[2012/04/03 00:37:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\kcown02a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/07 15:25:43 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\kcown02a.default\extensions\[email protected]
[2012/05/16 19:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/15 17:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/13 00:47:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/18 19:39:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/15 21:16:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/16 19:11:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/16 19:11:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3005961382-1251475826-2409155391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03F517DB-9C9C-4BF4-A342-88B1C71D889E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8F4E33A-810F-49CB-810A-AE4F3E9FE905}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E92E3C2E-9957-42DA-A6B3-8BA45A7478FC}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9E3AEFD-C997-4E4E-BFD0-F22F0222E5F6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9E3AEFD-C997-4E4E-BFD0-F22F0222E5F6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9dfc5780-4ac0-11df-b4da-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9dfc5780-4ac0-11df-b4da-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FLTEnhanced.exe
O33 - MountPoints2\{f172a311-f5eb-11e0-a738-001bb9a46112}\Shell - "" = AutoRun
O33 - MountPoints2\{f172a311-f5eb-11e0-a738-001bb9a46112}\Shell\AutoRun\command - "" = I:\ATTPreCopy.exe -d:OPETNAEXPCI -7
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: AeLookupSvc - %SystemRoot%\System32\aelupsvc.dllworld-icons-1000x450.jpg File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: pptchpad - %systemroot%\system32\ndisip.dll File not found
NetSvcs: roxupnprenderer - %systemroot%\system32\netdetect.dll File not found
NetSvcs: smwdm - %systemroot%\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll File not found
NetSvcs: oracleservicesecinst - %systemroot%\system32\BCM42RLY.dll File not found
NetSvcs: tmesrv3 - %systemroot%\system32\lktimesync.dll File not found
NetSvcs: mfeavfk - %systemroot%\system32\nvstor32.dll File not found
NetSvcs: was - %systemroot%\system32\dlaopiom.dll File not found
NetSvcs: iviregmgr - %systemroot%\system32\vtserver.dll File not found
NetSvcs: pctfw1 - %systemroot%\system32\fetnd5bv.dll File not found
NetSvcs: superproserver - %systemroot%\system32\rapapp.dll File not found
NetSvcs: flutilssvc - %systemroot%\system32\dbmanagerscheduler.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 00:14:02 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/17 00:14:02 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/17 00:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/17 00:13:58 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/17 00:13:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/17 00:13:56 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/17 00:13:25 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/17 00:13:25 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/17 00:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/17 00:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/16 23:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/16 23:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/16 23:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/16 19:39:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/09 21:47:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\confirmation.en-us_files
[2012/06/24 21:56:51 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\Akamai
[2012/06/23 17:54:42 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 18:14:37 | 101,593,236 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/17 18:10:06 | 000,026,634 | ---- | M] () -- C:\Users\Marie\Desktop\409743_265144223591075_910225304_n.jpg
[2012/07/17 17:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/17 17:45:13 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 17:45:13 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 11:45:19 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/07/17 11:45:19 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/17 11:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 11:44:17 | 3085,393,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 00:14:02 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/17 00:13:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/17 00:02:49 | 089,340,632 | ---- | M] () -- C:\Users\Marie\Desktop\avast_free_antivirus_setup.exe
[2012/07/16 23:20:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 21:32:31 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/16 21:30:45 | 252,068,836 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/11 18:04:57 | 000,374,645 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/11 03:19:22 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 21:47:37 | 000,124,846 | ---- | M] () -- C:\Users\Marie\Desktop\confirmation.en-us.html
[2012/07/09 01:17:43 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/25 18:04:35 | 000,027,614 | ---- | M] () -- C:\Users\Marie\Documents\282868_488974191129372_960472261_n.jpg
[2012/06/21 14:23:10 | 000,157,621 | ---- | M] () -- C:\Users\Marie\Documents\521272_435618356459181_369662526_n.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 18:10:04 | 000,026,634 | ---- | C] () -- C:\Users\Marie\Desktop\409743_265144223591075_910225304_n.jpg
[2012/07/17 00:14:02 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/17 00:01:38 | 089,340,632 | ---- | C] () -- C:\Users\Marie\Desktop\avast_free_antivirus_setup.exe
[2012/07/16 23:20:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 21:30:45 | 252,068,836 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/09 21:47:36 | 000,124,846 | ---- | C] () -- C:\Users\Marie\Desktop\confirmation.en-us.html
[2012/06/25 18:04:24 | 000,027,614 | ---- | C] () -- C:\Users\Marie\Documents\282868_488974191129372_960472261_n.jpg
[2012/06/21 14:22:53 | 000,157,621 | ---- | C] () -- C:\Users\Marie\Documents\521272_435618356459181_369662526_n.jpg
[2012/05/25 19:26:52 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012/02/26 17:05:51 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2012/02/26 17:05:51 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011/12/12 19:52:03 | 000,011,436 | -HS- | C] () -- C:\Users\Marie\AppData\Local\i4gb01u5ch6uue
[2011/12/12 19:52:03 | 000,011,436 | -HS- | C] () -- C:\ProgramData\i4gb01u5ch6uue
[2011/04/18 15:28:33 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/24 11:54:10 | 000,000,033 | ---- | C] () -- C:\Windows\EasyRip.ini
[2010/06/23 15:32:22 | 000,008,192 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 12:58:41 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/18 12:58:39 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== LOP Check ==========

[2011/02/12 02:56:11 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Acreon
[2010/12/08 04:33:00 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\AVG10
[2011/10/14 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Bytemobile
[2010/10/09 01:50:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Canon
[2010/12/30 00:55:54 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\click
[2010/06/30 16:46:00 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/19 13:03:23 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Facebook
[2012/07/09 01:16:13 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\GameRanger
[2010/04/24 03:02:14 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\NVD
[2011/10/14 17:47:34 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Sierra Wireless
[2010/12/17 03:25:08 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Skip-Bo
[2012/04/12 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SoftGrid Client
[2010/04/24 03:02:21 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\TP
[2012/07/17 00:07:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/04/18 12:53:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/04/18 12:53:18 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/04/18 12:53:18 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/04/18 13:32:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/04/18 13:32:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/04/18 12:53:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< c:\windows\installer\@ /s >

< c:\windows\installer\*.@ /s >

< End of report >

Here is the Extras OTL report

OTL Extras logfile created on: 7/17/2012 6:26:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Marie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.15% Memory free
5.96 Gb Paging File | 4.53 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 315.29 Gb Free Space | 67.69% Space Free | Partition Type: NTFS
Drive I: | 3.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-PC | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3005961382-1251475826-2409155391-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3005961382-1251475826-2409155391-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3AB5C902-55FD-44AB-BD3F-9E76B05F771C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3B4FE8E5-6A60-4A48-81AF-DD2FB180DE53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D54E597-7B53-4D10-8BF4-8E330048D97E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56666736-F5DF-4274-B846-981561B8BD24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F459825-F8D1-4C78-8F8A-8D2FADF50F7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F67BF82-5737-4D26-B71F-8D3BC16BEAD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D8332A0-86FA-487E-AF87-A7057D8FFF2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8774854C-56DA-4819-B477-BF73948B2ACC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CE99568-723B-4238-B126-A244DA5A0381}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8DC23188-CC89-4C94-B7F9-8B6E0C859114}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DD2C255-0E9D-4F88-ADE2-3216DE1AB3F2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{973346E0-1CEB-48AE-9396-18B23A0B6573}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A15F9ADC-97EC-4C0E-8BB6-2415A0B58527}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A222CA56-6F39-4B6D-B5AB-E499A7846E71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A248AE72-E37C-4EB3-AF60-D4710BE87D59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7DEB3D5-9E8C-44B6-BC60-97EDB551F90E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB4D442B-3595-4028-BE45-6103B210243D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B179B2-33C2-49B2-8786-0AE0DAB7044C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0B55900F-0C49-466E-BD94-5E67B294F9E0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdpjswx.exe |
"{182B98E3-BE80-4B1B-9D07-CD4DA8DAC4D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{20917710-1146-43BF-8896-BAD00605754A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{21909E7B-D845-431E-B6E4-C1D959BEF2C0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{23E116D4-208A-4BE5-BA44-0A3407B09DE0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdptime.exe |
"{270DC658-8A2A-492E-A376-E21D4EDD0493}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdptime.exe |
"{2B942B6F-6853-49D0-845F-BC2862905852}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{341070D9-8061-4102-B5EC-D00EE70F6DE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43C84B9B-29AF-4DED-8BB3-72AEEBB52F9E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{461B6658-3906-4C52-BE08-710A6821DAE6}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{53FC139B-B087-4F8E-A328-7A0735FAC860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59C8E17A-DE73-4280-B10F-FF94583F6B3B}" = protocol=6 | dir=out | app=system |
"{5B57CB2B-8D0C-4252-9470-BBC9B04D4BE6}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{5E8ABDCD-1A8C-4523-917B-62DA66EBB8D9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{62B0E888-8AE8-46D8-BC97-F7DAFFE48F1C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{6EE19417-E4CE-472D-B665-DD2EE5006C5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74BF3AFC-37DA-42B8-8453-341713587E17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75FE3C5F-53AE-411B-8BD3-BBC1F0B071A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D68F6FD-3E92-4CBC-82FC-92D941A003B2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7DC2EDC6-B1F8-4B6D-A2CF-C69542C693DF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{7ED58577-00AF-4133-B22F-29B23919D6E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80D5A87F-4E15-4B88-925B-CFE96776240D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{83CC4DA9-688F-4593-9016-35D6D46889D5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8C40AF34-A273-4667-A0D6-B1856EAD0448}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8DF80E1A-6512-46FE-90A6-2B4CBB387E24}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{9027A5A6-34E8-4AEA-AD58-D837F685C7A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{90608C1E-365D-4474-8867-F5C1B6B50A87}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{97E86F4B-157D-4674-B171-047CA1939309}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9B5CC2B3-A478-45EB-9619-A2161361E341}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A9DA832B-70D2-4FFA-92F4-72E7210D638F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9F84420-C22D-4FE2-9BED-61654168EDEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0058D03-D252-40AE-9397-1DA3C6C66DEA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{B06B918F-5C9D-48B4-9ABF-D7AE0D922139}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B839AC95-A49C-493F-9A96-2098EE0025E7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B931FAB1-A528-4536-9F40-C7F349D36B46}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdpjswx.exe |
"{BF2DA787-57B6-48A1-B75F-9BF993496ABF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C0101379-7600-4361-A2BF-EF284639A51C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C77B9F83-C864-4523-B0BA-F244BD742DFF}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C7EEB72E-BAB8-46A8-855D-5A69DA0ADC68}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{C95C8EF9-E306-4042-92F2-B52E9FEDAA27}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D03B5205-169C-4C0B-A346-7C74DA04B9C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2ED905B-F5E2-430B-8A38-0B45BC5BD291}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7E331B7-7BEC-4873-9F29-C658F7FC93EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D8BE110F-C1F3-48C0-AD93-89CA6DC4554C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{D936076D-8114-49DC-96A9-E946D2524F65}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{DC5665F1-6B97-456D-8DDC-98049605C121}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{DCEB9124-CF7E-488F-BE57-64E52143B823}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{DE1EF15B-4E02-4D64-A5E2-3BFAE82981C1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0FD3AD3-E919-4584-AAC9-E4D4FE59CE87}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{E123B167-B7AE-4BBF-93C0-5B74764BFDD1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E6710750-494D-4886-890E-14448C03C759}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA08DB8A-3449-4C41-9DA9-D6549875A750}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EB21B63F-9D8F-478B-808E-E72A1E4E46A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F415192B-1A9B-4103-96E3-07101455A68E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{0C777BCB-D13F-4BAD-A657-CF1FFB0B5C59}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{79C1A047-354B-41B3-85D7-81B82135343D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{16F8CA70-6AE2-43EB-9C16-A9265FAEE0EF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E343B78C-2A15-4471-B706-8A87522E1578}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7566B79A-7BB7-4BB3-8B60-564CBBBE425F}_is1" = Borderlands
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVG" = AVG 2011
"CameraUserGuide-PSSD4500IS_IXUS1000HS" = Canon PowerShot SD4500 IS_IXUS 1000 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FYZip" = FYZip 1.00
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3005961382-1251475826-2409155391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2012 9:21:46 AM | Computer Name = Maria-PC | Source = MsiInstaller | ID = 11720
Description =

Error - 7/13/2012 5:58:55 PM | Computer Name = Maria-PC | Source = Application Error | ID = 1000
Description = Faulting application McCHSvc.exe, version 2.0.181.0, time stamp 0x4b503c9c,
faulting module WebInfoScanner.dll_unloaded, version 0.0.0.0, time stamp 0x4b503cb0,
exception code 0xc0000005, fault offset 0x69606ea6, process id 0xe4, application
start time 0x01cd613e1e8b4a20.

Error - 7/16/2012 9:42:51 PM | Computer Name = Maria-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8a8 Start Time: 01cd63bc3ae2ca30 Termination Time: 35

Error - 7/16/2012 11:28:31 PM | Computer Name = Maria-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.62.0.87 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 163c Start Time: 01cd63cb3858bc8b Termination Time: 21

Error - 7/17/2012 12:13:12 AM | Computer Name = Maria-PC | Source = SPP | ID = 16387
Description =

Error - 7/17/2012 12:13:12 AM | Computer Name = Maria-PC | Source = System Restore | ID = 8193
Description =

Error - 7/17/2012 3:33:01 AM | Computer Name = Maria-PC | Source = SPP | ID = 16387
Description =

Error - 7/17/2012 3:33:01 AM | Computer Name = Maria-PC | Source = System Restore | ID = 8193
Description =

Error - 7/17/2012 3:33:01 AM | Computer Name = Maria-PC | Source = System Restore | ID = 8210
Description =

Error - 7/17/2012 12:35:31 PM | Computer Name = Maria-PC | Source = SPP | ID = 16387
Description =

Error - 7/17/2012 12:35:31 PM | Computer Name = Maria-PC | Source = System Restore | ID = 8193
Description =

Error - 7/17/2012 12:35:31 PM | Computer Name = Maria-PC | Source = System Restore | ID = 8210
Description =

Error - 7/17/2012 6:28:06 PM | Computer Name = Maria-PC | Source = SPP | ID = 16387
Description =

[ Media Center Events ]
Error - 11/1/2010 8:03:46 PM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 5:42:33 PM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 7:52:35 PM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 7:09:22 AM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 7:16:25 AM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 7:10:12 PM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 8:18:25 PM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 7:05:54 AM | Computer Name = Maria-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:46:26 AM | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/17/2012 11:48:01 AM | Computer Name = Maria-PC | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >

Here is the report from aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 18:35:45
-----------------------------
18:35:45.875 OS Version: Windows 6.0.6002 Service Pack 2
18:35:45.875 Number of processors: 2 586 0x4303
18:35:45.877 ComputerName: MARIA-PC UserName: Marie
18:35:48.805 Initialize success
18:35:49.655 AVAST engine defs: 12071700
18:35:52.589 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
18:35:52.591 Disk 0 Vendor: ST350063 3.CH Size: 476940MB BusType: 8
18:35:52.592 Device \Device\00000062 -> \??\SCSI#Disk&Ven_ST350063&Prod_0AS#4&e6fb24c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
18:35:52.595 Disk 0 MBR read error 0
18:35:52.598 Disk 0 MBR scan
18:35:52.601 Disk 0 unknown MBR code
18:35:52.603 MBR BIOS signature not found 0
18:35:52.607 Disk 0 scanning sectors +976771072
18:35:52.625 Disk 0 scanning C:\Windows\system32\drivers
18:36:06.878 Service scanning
18:36:26.901 Modules scanning
18:36:47.341 Disk 0 trace - called modules:
18:36:47.348 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x872994b1]<<
18:36:47.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86618ac8]
18:36:47.696 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> [0x85462850]
18:36:47.700 5 acpi.sys[825266bc] -> nt!IofCallDriver -> [0x85462c90]
18:36:47.704 \Driver\nvstor[0x86a24e50] -> IRP_MJ_CREATE -> 0x872994b1
18:36:48.774 AVAST engine scan C:\Windows
18:36:50.807 AVAST engine scan C:\Windows\system32
18:39:12.581 AVAST engine scan C:\Windows\system32\drivers
18:39:26.661 AVAST engine scan C:\Users\Marie
19:07:30.668 AVAST engine scan C:\ProgramData
19:09:14.893 Scan finished successfully
19:10:09.826 Disk 0 MBR has been saved successfully to "C:\Users\Marie\Desktop\MBR.dat"
19:10:09.832 The log file has been saved successfully to "C:\Users\Marie\Desktop\aswMBR.txt"

And here is the report from Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Marie :: MARIA-PC [administrator]

Protection: Enabled

7/17/2012 7:26:20 PM
mbam-log-2012-07-17 (19-32-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197713
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP