1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Can't find AVG, files dissapear after downloading

Discussion in 'Malware and Virus Removal Archive' started by lovnlivnnalaska, 2010/01/16.

Page 3 of 3
  1. 2010/01/17
    lovnlivnnalaska

    lovnlivnnalaska Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    26
    Likes Received:
    0
    OTL logfile created on: 1/17/2010 6:30:38 PM - Run 2
    OTL by OldTimer - Version 3.1.25.2 Folder = F:\
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.37 Gb Total Space | 216.04 Gb Free Space | 75.44% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 7.47 Gb Total Space | 7.46 Gb Free Space | 99.74% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MELISSACATES-PC
    Current User Name: Melissa Cates
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/01/17 17:38:56 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
    PRC - [2009/08/26 19:48:32 | 01,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/08/23 17:30:12 | 00,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2009/08/10 09:26:07 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/04/15 23:52:06 | 00,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/04/01 19:06:08 | 00,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2009/04/01 19:06:02 | 00,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2009/02/11 15:38:40 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/02/11 13:46:28 | 00,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    PRC - [2009/02/05 06:14:56 | 00,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    PRC - [2009/01/08 17:08:56 | 00,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
    PRC - [2008/12/02 20:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    PRC - [2008/10/27 13:09:16 | 00,199,464 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    PRC - [2008/10/27 10:05:28 | 00,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
    PRC - [2008/10/27 10:05:24 | 00,346,672 | ---- | M] (EgisTec Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    PRC - [2008/10/21 14:30:54 | 07,892,992 | ---- | M] (Convesoft) -- C:\Program Files (x86)\Convesoft\Orion\Messenger.exe
    PRC - [2008/09/23 12:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    PRC - [2008/07/29 17:29:26 | 00,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2008/06/12 00:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/01/17 17:38:56 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
    MOD - [2009/07/13 16:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
    MOD - [2009/07/13 16:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/09/04 15:44:14 | 00,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
    SRV:64bit: - [2009/08/19 15:17:04 | 00,787,968 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/07/13 16:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
    SRV:64bit: - [2009/07/13 16:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
    SRV:64bit: - [2009/07/13 16:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
    SRV:64bit: - [2009/07/13 16:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2009/07/13 16:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
    SRV:64bit: - [2009/07/13 16:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
    SRV:64bit: - [2009/07/13 16:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
    SRV:64bit: - [2009/07/13 16:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
    SRV:64bit: - [2009/07/13 16:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
    SRV:64bit: - [2009/07/13 16:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
    SRV:64bit: - [2009/07/13 16:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
    SRV:64bit: - [2009/07/13 16:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 16:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
    SRV:64bit: - [2009/07/13 16:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
    SRV:64bit: - [2009/07/13 16:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2009/07/13 16:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
    SRV:64bit: - [2009/07/13 16:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
    SRV:64bit: - [2009/07/13 16:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
    SRV:64bit: - [2009/07/13 16:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
    SRV:64bit: - [2009/07/13 16:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
    SRV:64bit: - [2009/07/13 16:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
    SRV:64bit: - [2009/07/13 16:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
    SRV:64bit: - [2009/07/13 16:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
    SRV - [2009/12/27 20:08:56 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
    SRV - [2009/12/27 20:08:44 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
    SRV - [2009/08/23 17:30:12 | 00,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2009/07/13 16:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 16:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 11:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
    SRV - [2009/06/10 11:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2009/04/01 19:06:02 | 00,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/02/11 15:38:40 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/02/05 06:14:56 | 00,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2008/10/27 10:05:28 | 00,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
    SRV - [2008/09/23 12:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2008/09/23 12:11:32 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0609&m=aspire_4810t
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0609&m=aspire_4810t
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=0609&m=aspire_4810t
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.acer.com/worldwide/selection.html [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=...e.com/default.aspx&lc=1033&id=64855&mkt=en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    [2009/12/27 20:11:08 | 00,000,000 | ---D | M] -- C:\Users\Melissa Cates\AppData\Roaming\Mozilla\Firefox\extensions
    [2009/12/27 20:11:08 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Melissa Cates\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

    O1 HOSTS File: ([2010/01/17 18:26:31 | 00,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
    O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Melissa Cates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files (x86)\Convesoft\Orion\Messenger.exe (Convesoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.112.128.2 204.17.139.2
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Melissa Cates\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Melissa Cates\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/06 03:26:23 | 00,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - comfile [open] -- "%1" %* File not found
    64bit: O35 - exefile [open] -- "%1" %* File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/01/17 15:25:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/01/16 21:59:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/16 21:59:09 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/16 21:58:27 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Melissa Cates\Desktop\mbam-setup.exe
    [2010/01/16 20:33:58 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/01/16 20:33:43 | 00,000,000 | ---D | C] -- C:\Users\Melissa Cates\AppData\Roaming\SUPERAntiSpyware.com
    [2010/01/16 20:33:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
    [2010/01/16 20:32:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2010/01/16 19:26:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/01/16 19:06:28 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/01/16 18:44:21 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Melissa Cates\Desktop\HijackThisInstaller.exe
    [2010/01/16 16:00:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
    [2010/01/16 15:58:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
    [2009/06/05 19:31:24 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 14 Days ==========

    [2010/01/17 18:27:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/17 18:27:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/01/17 18:27:28 | 23,607,09120 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/17 18:26:41 | 01,572,864 | -HS- | M] () -- C:\Users\Melissa Cates\ntuser.dat
    [2010/01/17 18:26:38 | 04,181,512 | -H-- | M] () -- C:\Users\Melissa Cates\AppData\Local\IconCache.db
    [2010/01/17 18:26:31 | 00,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2010/01/17 14:22:57 | 00,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/01/17 14:22:57 | 00,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/01/16 23:04:42 | 00,002,097 | ---- | M] () -- C:\Users\Melissa Cates\Desktop\HijackThis.lnk
    [2010/01/16 21:59:15 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/16 20:33:45 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/01/16 20:27:18 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Melissa Cates\Desktop\mbam-setup.exe
    [2010/01/16 20:17:54 | 00,293,376 | ---- | M] () -- C:\Users\Melissa Cates\Desktop\gmer.exe
    [2010/01/16 18:45:06 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/01/16 18:45:06 | 00,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/01/16 18:45:06 | 00,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/01/16 18:42:02 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Melissa Cates\Desktop\HijackThisInstaller.exe
    [2010/01/16 18:03:36 | 00,290,816 | ---- | M] () -- C:\Users\Melissa Cates\Desktop\exeHelper.com
    [2010/01/16 17:56:56 | 00,263,168 | ---- | M] () -- C:\Users\Melissa Cates\Desktop\rkill.exe
    [2010/01/16 16:00:22 | 00,002,063 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk
    [2010/01/16 15:58:02 | 00,000,089 | ---- | M] () -- C:\Windows\LManager.UNI
    [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2010/01/16 22:51:26 | 00,293,376 | ---- | C] () -- C:\Users\Melissa Cates\Desktop\gmer.exe
    [2010/01/16 21:59:15 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/16 20:33:45 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/01/16 19:26:02 | 00,002,097 | ---- | C] () -- C:\Users\Melissa Cates\Desktop\HijackThis.lnk
    [2010/01/16 18:36:08 | 00,263,168 | ---- | C] () -- C:\Users\Melissa Cates\Desktop\rkill.exe
    [2010/01/16 18:35:55 | 00,290,816 | ---- | C] () -- C:\Users\Melissa Cates\Desktop\exeHelper.com
    [2010/01/16 16:00:22 | 00,002,063 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk
    [2009/07/13 14:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 12:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/05 18:50:47 | 00,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2009/06/05 18:42:21 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
    [2009/06/05 18:42:21 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
    [2009/04/06 09:31:19 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2009/04/06 09:31:19 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2009/04/06 09:31:18 | 00,000,056 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2009/04/06 09:31:18 | 00,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini

    ========== LOP Check ==========

    [2009/10/11 17:39:00 | 00,000,000 | -HSD | M] -- C:\Users\Melissa Cates\AppData\Roaming\.#
    [2009/12/27 20:07:23 | 00,000,000 | ---D | M] -- C:\Users\Melissa Cates\AppData\Roaming\Acer
    [2009/11/03 10:42:54 | 00,000,000 | ---D | M] -- C:\Users\Melissa Cates\AppData\Roaming\Acer GameZone Console
    [2009/11/03 10:42:55 | 00,000,000 | ---D | M] -- C:\Users\Melissa Cates\AppData\Roaming\eSobi
    [2009/11/03 10:42:55 | 00,000,000 | ---D | M] -- C:\Users\Melissa Cates\AppData\Roaming\Leadertech
    [2009/12/27 20:34:45 | 00,000,000 | ---D | M] -- C:\Users\Melissa Cates\AppData\Roaming\uTorrent
    [2009/07/13 20:08:49 | 00,007,136 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
    lovnlivnnalaska,
    #41
  2. 2010/01/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You should have another log showing what was actually done.
     
    broni,
    #42


  3. to hide this advert.

  4. 2010/01/17
    lovnlivnnalaska

    lovnlivnnalaska Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    26
    Likes Received:
    0
    where would that be?
     
    lovnlivnnalaska,
    #43
  5. 2010/01/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't worry about it. OTL log looks clean.
    So, what are the current issues?
     
    broni,
    #44
  6. 2010/01/17
    lovnlivnnalaska

    lovnlivnnalaska Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    26
    Likes Received:
    0
    just tried to open an email attachment, an excel spreadsheet, downloaded, but then nothing
     
    lovnlivnnalaska,
    #45
  7. 2010/01/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #46
  8. 2010/01/17
    lovnlivnnalaska

    lovnlivnnalaska Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    26
    Likes Received:
    0
    still have the message that I need to turn on AVG, I open the popup, click yes to run the program, but nothing....the message is still there and AVG doesn't show up anywhere
     
    lovnlivnnalaska,
    #47
  9. 2010/01/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do you get this message, when you try to use AVG Remover?
     
    broni,
    #48
  10. 2010/01/17
    lovnlivnnalaska

    lovnlivnnalaska Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    26
    Likes Received:
    0
    AVG Remover Utility has stopped working

    A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.
     
    lovnlivnnalaska,
    #49
  11. 2010/01/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. What we have at this point is totally clean computer.
    I don't believe, there is any infection present there.
    I have no other option, but to send you to Windows forum and start new topic there.
    There is nothing else, we can do here.
     
    broni,
    #50
  12. 2010/01/17
    lovnlivnnalaska

    lovnlivnnalaska Inactive Thread Starter

    Joined:
    2010/01/16
    Messages:
    26
    Likes Received:
    0
    ok...thank you very much for everything. What do I do now?
     
    lovnlivnnalaska,
    #51
  13. 2010/01/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
    Please, start a new topic at Windows 7 forum and state your issue.
     
    broni,
    #52
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...