Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Just got rid of the virus "Security Protection", now computer


  • This topic is locked This topic is locked

#1
ikissedyomomma

ikissedyomomma

    Member

  • Member
  • PipPip
  • 35 posts
The Security Protection virus popped up on my computer, so my first reaction was to right click on Mozilla Firefox, click run as Administrator, and go on this website to find out how to run Malwarebytes to get rid of it. I finally got rid of it and deleted it, but now my computer runs extremely slow. It takes approximately 5 minutes to access the internet, and about 30 seconds just to type 1 letter on google (google is my homepage). When I finally was able to finish typing and click on something, I believe the redirect virus is back, too, it didn't even go to the page I requested for, it redirected me to some add instead. I had this problem once before and fixed it, or so I thought, but now it's back, again, or so I suspect. Malwarebytes says there is no suspicious malware on my computer, even though it took 10 minutes for it to even pop up when I double-clicked it. Also, my computer has completely locked up and I had to just turn it off from the tower, I wasn't able to get on anything to click restart. I don't know what to do, I am currently using Safe Mode Networking just so I can post this problem. Any help would be much appreciated! I'm struggling with this computer. This is a Windows XP, and the virus protector on my computer is Avira, it also didn't detect any viruses or anything.
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, ikissedyomomma! :unsure:

:) I'm Nedklaw and I'll be glad to help you with your malware issues. :yes:

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for ikissedyomomma only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Posted Image Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt

  • 0

#3
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 8/25/2011 1:51:14 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 687.91 Mb Available Physical Memory | 67.26% Memory free
2.40 Gb Paging File | 2.21 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.52 Gb Free Space | 43.08% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.04 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive E: | 10.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/25 01:48:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
PRC - [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 14:13:48 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/25 18:45:16 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/06/28 07:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 07:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 07:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 07:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 03:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/28 07:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 07:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 07:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 07:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 12:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 12:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 06:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 20:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 20:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {4F8730CC-8445-4AA6-A65C-E6F9648545F2}:1.9.1
FF - prefs.js..extensions.enabledItems: {3B8F4DAE-A7A7-46D7-98B3-AAB1047B78B7}:1.9.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Jessica\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 14:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 00:52:22 | 000,000,000 | ---D | M]

[2010/09/15 14:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 14:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/07/28 17:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 18:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/28 17:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/11 21:17:19 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\askcom.xml
[2010/10/28 05:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/04/28 16:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 13:07:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/28 16:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2010/09/15 14:49:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/17 14:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/20 09:36:23 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 01:48:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/08/24 18:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/24 14:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/08/24 14:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/22 00:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Explorer.exe
[2011/08/22 00:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Explorerr
[2011/08/22 00:24:05 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2011/08/20 21:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/20 21:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/18 21:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Action Replay DSi Code Manager
[2011/08/17 17:08:35 | 000,000,000 | R--D | C] -- C:\Program Files\Centricity
[2011/08/03 03:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Start Menu\Programs\AeriaGames
[2011/08/03 03:42:06 | 000,000,000 | ---D | C] -- C:\AeriaGames
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/25 01:48:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/08/24 23:39:37 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 23:39:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 23:39:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/08/24 22:41:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 18:27:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/24 18:13:17 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/24 18:13:12 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 18:13:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/23 14:01:46 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\cherrim.xml
[2011/08/22 21:05:27 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\party 2.xml
[2011/08/22 00:24:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2011/08/19 21:16:27 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\victreebel.xml
[2011/08/19 14:30:10 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\my party pokemon.xml
[2011/08/19 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/19 01:58:14 | 000,002,176 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\key items.xml
[2011/08/19 01:57:45 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\all items1.xml
[2011/08/19 01:18:40 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Shortcut to Pokesav BW v0.06c ENG - PSN [COMPLETE].zip.lnk
[2011/08/19 01:16:02 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\vaporeon.xml
[2011/08/19 01:07:29 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\torchic.xml
[2011/08/19 00:56:59 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\snivy.xml
[2011/08/19 00:35:53 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\luxio.xml
[2011/08/18 23:59:13 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\larvitar.xml
[2011/08/18 23:28:40 | 000,010,308 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\all items.xml
[2011/08/18 23:19:42 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gible.xml
[2011/08/18 21:58:30 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Action Replay DSi Code Manager.lnk
[2011/08/18 21:55:36 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gabite1.xml
[2011/08/18 21:26:30 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gabite.pkm
[2011/08/18 20:53:42 | 000,159,704 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Pokesav BW v0.06c ENG - PSN [COMPLETE].zip
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 14:01:46 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\cherrim.xml
[2011/08/22 21:05:27 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\party 2.xml
[2011/08/22 00:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/19 21:16:27 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\victreebel.xml
[2011/08/19 14:30:10 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\my party pokemon.xml
[2011/08/19 01:58:14 | 000,002,176 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\key items.xml
[2011/08/19 01:57:45 | 000,006,470 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\all items1.xml
[2011/08/19 01:18:24 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Shortcut to Pokesav BW v0.06c ENG - PSN [COMPLETE].zip.lnk
[2011/08/19 01:16:02 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\vaporeon.xml
[2011/08/19 01:07:29 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\torchic.xml
[2011/08/19 00:56:59 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\snivy.xml
[2011/08/19 00:35:53 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\luxio.xml
[2011/08/18 23:59:13 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\larvitar.xml
[2011/08/18 23:28:40 | 000,010,308 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\all items.xml
[2011/08/18 23:19:42 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gible.xml
[2011/08/18 21:58:30 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Action Replay DSi Code Manager.lnk
[2011/08/18 21:55:36 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gabite1.xml
[2011/08/18 21:26:30 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gabite.pkm
[2011/08/18 20:53:41 | 000,159,704 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Pokesav BW v0.06c ENG - PSN [COMPLETE].zip
[2011/06/29 03:13:39 | 000,016,838 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cueh011tru606n688sy362d4n8f28y
[2011/06/29 03:13:38 | 000,016,838 | -HS- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\cueh011tru606n688sy362d4n8f28y
[2011/04/29 20:13:41 | 000,014,602 | -HS- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\os3j240m10g4620704466
[2011/04/29 20:13:41 | 000,014,602 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\os3j240m10g4620704466
[2011/04/22 21:34:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/22 21:34:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/22 21:34:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/22 21:34:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/22 21:34:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/09 14:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 20:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 20:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 05:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/05 23:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/09/20 17:26:21 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 11:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 10:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 10:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 03:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 03:30:27 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/31 23:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 16:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 12:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 03:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/04/14 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/07 21:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 16:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/06/11 21:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 19:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2011/01/17 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Kalydo
[2010/12/11 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2010/10/05 23:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\OpenCandy
[2011/01/01 02:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 20:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/06/29 16:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2010/10/05 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2010/12/01 19:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011/08/22 00:24:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) MD5=9A14A477431A901A7014ED312E0C6C3C -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/17 14:13:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/17 14:13:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/17 14:13:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/17 14:13:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/17 14:13:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/17 14:13:42 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< End of report >




OTL Extras logfile created on: 8/25/2011 1:51:14 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 687.91 Mb Available Physical Memory | 67.26% Memory free
2.40 Gb Paging File | 2.21 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.52 Gb Free Space | 43.08% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.04 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive E: | 10.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{9257734E-5A99-47E5-82B5-496ACC53EE40}" = Before You Know It 3.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Centricity DICOM Viewer" = Centricity DICOM Viewer
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"UnityWebPlayer" = Unity Web Player
"WEB Framework" = WEB Framework
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"KalydoPlayer" = Kalydo Player 3.08.01

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2011 6:52:34 AM | Computer Name = JESSICAA | Source = Application Error | ID = 1001
Description = Fault bucket -1876985769.

Error - 8/3/2011 6:52:42 AM | Computer Name = JESSICAA | Source = Application Error | ID = 1000
Description = Faulting application _launcher.exe, version 1.1.1.1, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

Error - 8/3/2011 3:01:44 PM | Computer Name = JESSICAA | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x80070020

Error - 8/5/2011 4:41:07 AM | Computer Name = JESSICAA | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.59, faulting module
unknown, version 0.0.0.0, fault address 0xa7497c80.

Error - 8/21/2011 2:15:22 AM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.0.4240, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2011 2:15:24 AM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.0.4240, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/22/2011 2:40:37 PM | Computer Name = JESSICAA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 8/22/2011 2:40:37 PM | Computer Name = JESSICAA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: This network connection does not exist.

Error - 8/22/2011 3:12:30 PM | Computer Name = JESSICAA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 8/22/2011 3:12:31 PM | Computer Name = JESSICAA | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: This network connection does not exist.

[ System Events ]
Error - 8/24/2011 5:34:32 PM | Computer Name = JESSICAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/24/2011 5:36:26 PM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 8/24/2011 5:36:26 PM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 8/24/2011 7:47:21 PM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 8/24/2011 7:47:21 PM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 8/24/2011 9:13:32 PM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 8/24/2011 9:13:32 PM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 8/25/2011 2:30:50 AM | Computer Name = JESSICAA | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 8/25/2011 2:39:54 AM | Computer Name = JESSICAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/25/2011 2:40:57 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm nvport sf ssmdrv


< End of report >


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-25 02:00:41
-----------------------------
02:00:41.796 OS Version: Windows 5.1.2600 Service Pack 3
02:00:41.796 Number of processors: 2 586 0x209
02:00:41.812 ComputerName: JESSICAA UserName: Jessica
02:00:42.437 Initialize success
02:02:42.671 AVAST engine defs: 11082401
02:04:04.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:04:04.265 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3
02:04:06.296 Disk 0 MBR read successfully
02:04:06.296 Disk 0 MBR scan
02:04:06.343 Disk 0 Windows XP default MBR code
02:04:06.359 Disk 0 scanning sectors +156296385
02:04:06.453 Disk 0 scanning C:\WINDOWS\system32\drivers
02:04:17.187 Service scanning
02:04:20.265 Modules scanning
02:04:24.593 Disk 0 trace - called modules:
02:04:24.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
02:04:24.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8675bab8]
02:04:24.656 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> \Device\00000064[0x867889e8]
02:04:26.734 5 ACPI.sys[f781a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8675cd98]
02:04:27.015 AVAST engine scan C:\WINDOWS
02:04:34.937 AVAST engine scan C:\WINDOWS\system32
02:06:13.468 AVAST engine scan C:\WINDOWS\system32\drivers
02:06:27.234 AVAST engine scan C:\Documents and Settings\Jessica
02:08:25.750 File: C:\Documents and Settings\Jessica\My Documents\My Pictures\video.exe **INFECTED** Win32:Downloader-JUD [Trj]
02:08:32.265 AVAST engine scan C:\Documents and Settings\All Users
02:09:16.906 Scan finished successfully
02:15:41.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
02:15:41.984 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-25 02:00:41
-----------------------------
02:00:41.796 OS Version: Windows 5.1.2600 Service Pack 3
02:00:41.796 Number of processors: 2 586 0x209
02:00:41.812 ComputerName: JESSICAA UserName: Jessica
02:00:42.437 Initialize success
02:02:42.671 AVAST engine defs: 11082401
02:04:04.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:04:04.265 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3
02:04:06.296 Disk 0 MBR read successfully
02:04:06.296 Disk 0 MBR scan
02:04:06.343 Disk 0 Windows XP default MBR code
02:04:06.359 Disk 0 scanning sectors +156296385
02:04:06.453 Disk 0 scanning C:\WINDOWS\system32\drivers
02:04:17.187 Service scanning
02:04:20.265 Modules scanning
02:04:24.593 Disk 0 trace - called modules:
02:04:24.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
02:04:24.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8675bab8]
02:04:24.656 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> \Device\00000064[0x867889e8]
02:04:26.734 5 ACPI.sys[f781a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8675cd98]
02:04:27.015 AVAST engine scan C:\WINDOWS
02:04:34.937 AVAST engine scan C:\WINDOWS\system32
02:06:13.468 AVAST engine scan C:\WINDOWS\system32\drivers
02:06:27.234 AVAST engine scan C:\Documents and Settings\Jessica
02:08:25.750 File: C:\Documents and Settings\Jessica\My Documents\My Pictures\video.exe **INFECTED** Win32:Downloader-JUD [Trj]
02:08:32.265 AVAST engine scan C:\Documents and Settings\All Users
02:09:16.906 Scan finished successfully
02:15:41.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
02:15:41.984 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"
02:21:16.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
02:21:16.359 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"





On that last logfile, I noticed it mentions how this one video is infected, but to be honest, I don't know how it got there and I've never even noticed it until just now.
  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

After running the OTL fix, can you see if you are still experiencing redirects?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..extensions.enabledItems: {4F8730CC-8445-4AA6-A65C-E6F9648545F2}:1.9.1
    FF - prefs.js..extensions.enabledItems: {3B8F4DAE-A7A7-46D7-98B3-AAB1047B78B7}:1.9.1
    [2011/06/11 21:17:19 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\askcom.xml
    O3 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2011/08/24 23:39:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2011/08/24 18:13:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/06/29 03:13:39 | 000,016,838 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cueh011tru606n688sy362d4n8f28y
    [2011/06/29 03:13:38 | 000,016,838 | -HS- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\cueh011tru606n688sy362d4n8f28y
    [2011/04/29 20:13:41 | 000,014,602 | -HS- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\os3j240m10g4620704466
    [2011/04/29 20:13:41 | 000,014,602 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\os3j240m10g4620704466
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
    
    :Files
    C:\Documents and Settings\Jessica\My Documents\My Pictures\video.exe 
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • Answer to my question
  • OTL Fix Log
  • OTL.txt

  • 0

#5
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
So far, so good. I typed something in on google and it took me directly to the page on each thing I clicked, so I guess that problem is gone. Thank you! (: Also I noticed my computer goes much faster, now! I put that "video.exe" into the recycle bin, should I go ahead and empty the recycle bin? I have no idea where that video came from, very confusing...
Had to be in safe mode to do all of this since the computer was going so slow originally. ):
I have to admit, when I started up OTL and done the Quick Scan to all users, I minimized the screen then tried maximizing it back and it looked as if it froze? But I just done it again and it's back, so I don't know why it done that. It's like the Taskbar is still acting up... It still takes a minute for things to pop up. This was a pretty fast computer originally, that's why it struck me as odd when it started doing that all after that one virus.

Also, I have a question.
On Windows Security Center, it says Automatic Updates is turned off, so I clicked "Turn on Automatic Updates" and a message pops up saying, "We're sorry. The Security Center could not change your Automatic Updates settings. To try changing these updates yourself, go to System in Control Panel. On the Automatic Updates tab, select Automatic (recommended), and them click OK."
Well when I get to that, it's already been selected, so I click Apply and/or OK, and it still doesn't change anything. So it's not letting me turn Automatic Updates on it seems like... Do you know what could be causing that?



And here's the logs:


All processes killed
========== OTL ==========
HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: {4F8730CC-8445-4AA6-A65C-E6F9648545F2}:1.9.1 removed from extensions.enabledItems
Prefs.js: {3B8F4DAE-A7A7-46D7-98B3-AAB1047B78B7}:1.9.1 removed from extensions.enabledItems
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\system32\drivers\logiflt.iad moved successfully.
C:\WINDOWS\system32\drivers\lvuvc.hs moved successfully.
C:\Documents and Settings\All Users\Application Data\cueh011tru606n688sy362d4n8f28y moved successfully.
C:\Documents and Settings\Jessica\Local Settings\Application Data\cueh011tru606n688sy362d4n8f28y moved successfully.
C:\Documents and Settings\Jessica\Local Settings\Application Data\os3j240m10g4620704466 moved successfully.
C:\Documents and Settings\All Users\Application Data\os3j240m10g4620704466 moved successfully.
C:\WINDOWS\002838_.tmp deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\DFR12FF.tmp deleted successfully.
C:\DFR66E.tmp deleted successfully.
C:\DFRE79.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Jessica\My Documents\My Pictures\video.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jessica\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jessica\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 10817074 bytes
->Temporary Internet Files folder emptied: 118432 bytes
->Java cache emptied: 14 bytes
->FireFox cache emptied: 47023660 bytes
->Flash cache emptied: 5202 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Jessica
->Temp folder emptied: 288767241 bytes
->Temporary Internet Files folder emptied: 54077921 bytes
->Java cache emptied: 72495 bytes
->FireFox cache emptied: 80071951 bytes
->Google Chrome cache emptied: 11144422 bytes
->Flash cache emptied: 3447760 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 432091340 bytes
->Java cache emptied: 3049 bytes
->Flash cache emptied: 7365 bytes

User: user
->Temp folder emptied: 161112 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22799322 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172858792 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 490832 bytes

Total Files Cleaned = 1,072.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jessica
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.26.5 log created on 08252011_192617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





OTL logfile created on: 8/25/2011 7:42:02 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 469.96 Mb Available Physical Memory | 45.95% Memory free
2.40 Gb Paging File | 1.38 Gb Available in Paging File | 57.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.47 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.04 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive E: | 10.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/25 01:48:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
PRC - [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 07:58:08 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/28 07:58:08 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/06/28 07:58:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 07:58:07 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/04/27 03:37:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 07:17:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/29 13:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/09/16 13:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/14 12:37:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 14:13:48 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/25 18:45:16 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/10/29 13:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 13:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/16 13:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 13:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/14 12:38:29 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/09/14 12:38:19 | 000,442,113 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\libxml2.dll
MOD - [2010/09/14 12:37:30 | 000,060,161 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\cares.dll
MOD - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 11:35:28 | 000,181,520 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/04/22 14:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 16:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 15:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 15:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 15:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 15:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 15:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 15:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 15:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 15:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 15:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/22 12:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/06/28 07:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 07:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 07:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 07:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 03:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/28 07:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 07:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 07:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 07:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 12:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 12:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 06:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 20:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 20:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Jessica\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 14:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 00:52:22 | 000,000,000 | ---D | M]

[2010/09/15 14:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 14:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/07/28 17:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 18:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/28 17:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/28 05:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/04/28 16:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 13:07:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/28 16:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2010/09/15 14:49:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/17 14:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/25 19:26:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/20 09:36:23 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 19:26:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/25 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/08/25 02:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/08/25 02:00:24 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jessica\Desktop\aswMBR.exe
[2011/08/25 01:48:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/08/24 18:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/24 14:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/08/24 14:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/22 00:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Explorer.exe
[2011/08/22 00:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Explorerr
[2011/08/22 00:24:05 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2011/08/20 21:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/20 21:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/18 21:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Action Replay DSi Code Manager
[2011/08/17 17:08:35 | 000,000,000 | R--D | C] -- C:\Program Files\Centricity
[2011/08/03 03:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Start Menu\Programs\AeriaGames
[2011/08/03 03:42:06 | 000,000,000 | ---D | C] -- C:\AeriaGames

========== Files - Modified Within 30 Days ==========

[2011/08/25 19:41:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/25 19:32:13 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/25 19:32:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/25 19:31:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/25 19:31:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 19:31:05 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/25 19:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/25 19:26:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/25 17:05:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/25 02:21:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\MBR.dat
[2011/08/25 02:00:36 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jessica\Desktop\aswMBR.exe
[2011/08/25 01:48:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/08/23 14:01:46 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\cherrim.xml
[2011/08/22 21:05:27 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\party 2.xml
[2011/08/22 00:24:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2011/08/19 21:16:27 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\victreebel.xml
[2011/08/19 14:30:10 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\my party pokemon.xml
[2011/08/19 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/19 01:58:14 | 000,002,176 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\key items.xml
[2011/08/19 01:57:45 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\all items1.xml
[2011/08/19 01:18:40 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Shortcut to Pokesav BW v0.06c ENG - PSN [COMPLETE].zip.lnk
[2011/08/19 01:16:02 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\vaporeon.xml
[2011/08/19 01:07:29 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\torchic.xml
[2011/08/19 00:56:59 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\snivy.xml
[2011/08/19 00:35:53 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\luxio.xml
[2011/08/18 23:59:13 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\larvitar.xml
[2011/08/18 23:28:40 | 000,010,308 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\all items.xml
[2011/08/18 23:19:42 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gible.xml
[2011/08/18 21:58:30 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Action Replay DSi Code Manager.lnk
[2011/08/18 21:55:36 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gabite1.xml
[2011/08/18 21:26:30 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gabite.pkm
[2011/08/18 20:53:42 | 000,159,704 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Pokesav BW v0.06c ENG - PSN [COMPLETE].zip

========== Files Created - No Company Name ==========

[2011/08/25 19:31:05 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/25 19:31:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/25 02:15:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\MBR.dat
[2011/08/23 14:01:46 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\cherrim.xml
[2011/08/22 21:05:27 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\party 2.xml
[2011/08/22 00:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/19 21:16:27 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\victreebel.xml
[2011/08/19 14:30:10 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\my party pokemon.xml
[2011/08/19 01:58:14 | 000,002,176 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\key items.xml
[2011/08/19 01:57:45 | 000,006,470 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\all items1.xml
[2011/08/19 01:18:24 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Shortcut to Pokesav BW v0.06c ENG - PSN [COMPLETE].zip.lnk
[2011/08/19 01:16:02 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\vaporeon.xml
[2011/08/19 01:07:29 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\torchic.xml
[2011/08/19 00:56:59 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\snivy.xml
[2011/08/19 00:35:53 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\luxio.xml
[2011/08/18 23:59:13 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\larvitar.xml
[2011/08/18 23:28:40 | 000,010,308 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\all items.xml
[2011/08/18 23:19:42 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gible.xml
[2011/08/18 21:58:30 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Action Replay DSi Code Manager.lnk
[2011/08/18 21:55:36 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gabite1.xml
[2011/08/18 21:26:30 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gabite.pkm
[2011/08/18 20:53:41 | 000,159,704 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Pokesav BW v0.06c ENG - PSN [COMPLETE].zip
[2011/04/22 21:34:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/22 21:34:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/22 21:34:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/22 21:34:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/22 21:34:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/09 14:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 20:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 20:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 05:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/05 23:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/09/20 17:26:21 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 11:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 10:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 10:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 03:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 03:30:27 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/31 23:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 16:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 12:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 03:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/04/14 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/07 21:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 16:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/06/11 21:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 19:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2011/01/17 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Kalydo
[2010/12/11 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2010/10/05 23:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\OpenCandy
[2011/01/01 02:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 20:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/06/29 16:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2010/10/05 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2010/12/01 19:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



< End of report >
  • 0

#6
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

should I go ahead and empty the recycle bin?

Yes, go ahead and empty the recycle bin. That file is malware and is probably not even a video.


Step 2

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    [2011/08/25 02:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2011/08/25 19:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
     
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Download the Microsoft Fixit from here (near the top of the page) in order to fix Windows Updates.

If normal mode fails, run the fixit in aggressive mode.


Things I want to see in your next reply

  • OTL.txt

  • 0

#7
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
All processes killed
========== OTL ==========
C:\Program Files\Free Offers from Freeze.com folder moved successfully.
C:\WINDOWS\system32\drivers\lvuvc.hs moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jessica\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jessica\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jessica
->Temp folder emptied: 1080814 bytes
->Temporary Internet Files folder emptied: 33776 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 220327412 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2131 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 593214 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 212.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jessica
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.5 log created on 08282011_100818

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 8/28/2011 10:19:16 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Jessica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 512.64 Mb Available Physical Memory | 50.12% Memory free
2.40 Gb Paging File | 1.44 Gb Available in Paging File | 59.74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 10.60 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.04 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive E: | 10.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/25 01:48:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
PRC - [2011/08/17 14:13:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 07:58:08 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/06/28 07:58:08 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/06/28 07:58:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 07:58:07 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/04/27 03:37:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 07:17:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/29 13:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/09/16 13:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/14 12:37:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 14:13:48 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/10/29 13:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 13:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/16 13:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 13:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/14 12:38:29 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/09/14 12:38:19 | 000,442,113 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\libxml2.dll
MOD - [2010/09/14 12:37:30 | 000,060,161 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\cares.dll
MOD - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 11:35:28 | 000,181,520 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/04/22 14:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 16:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 15:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 15:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 15:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 15:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 15:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 15:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 15:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 15:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 15:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/22 12:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/06/28 07:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 07:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 07:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 07:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 03:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 07:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 07:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 07:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 07:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 12:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 12:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 06:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 20:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 20:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Jessica\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 14:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 00:52:22 | 000,000,000 | ---D | M]

[2010/09/15 14:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 14:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/07/28 17:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 18:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/28 17:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/28 05:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/04/28 16:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 13:07:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/28 16:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2010/09/15 14:49:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/17 14:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/28 10:08:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 10:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/20 09:36:23 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 19:26:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/25 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/08/25 02:00:24 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jessica\Desktop\aswMBR.exe
[2011/08/25 01:48:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/08/24 18:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/24 14:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/08/24 14:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/22 00:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Explorer.exe
[2011/08/22 00:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Explorerr
[2011/08/22 00:24:05 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2011/08/20 21:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/20 21:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/18 21:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Action Replay DSi Code Manager
[2011/08/17 17:08:35 | 000,000,000 | R--D | C] -- C:\Program Files\Centricity
[2011/08/03 03:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Start Menu\Programs\AeriaGames
[2011/08/03 03:42:06 | 000,000,000 | ---D | C] -- C:\AeriaGames

========== Files - Modified Within 30 Days ==========

[2011/08/28 10:20:19 | 000,689,664 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\MicrosoftFixit50202.msi
[2011/08/28 10:16:24 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/28 10:16:18 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/28 10:15:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 10:15:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/28 10:15:25 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/28 10:15:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/28 10:08:24 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/28 09:41:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 22:46:30 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\party3.xml
[2011/08/27 00:17:51 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\absol.xml
[2011/08/26 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/25 17:05:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/25 02:21:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\MBR.dat
[2011/08/25 02:00:36 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jessica\Desktop\aswMBR.exe
[2011/08/25 01:48:33 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Desktop\OTL.exe
[2011/08/23 14:01:46 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\cherrim.xml
[2011/08/22 21:05:27 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\party 2.xml
[2011/08/22 00:24:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jessica\My Documents\explorer.exe
[2011/08/19 21:16:27 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\victreebel.xml
[2011/08/19 14:30:10 | 000,007,192 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\my party pokemon.xml
[2011/08/19 01:58:14 | 000,002,176 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\key items.xml
[2011/08/19 01:57:45 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\all items1.xml
[2011/08/19 01:18:40 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Shortcut to Pokesav BW v0.06c ENG - PSN [COMPLETE].zip.lnk
[2011/08/19 01:16:02 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\vaporeon.xml
[2011/08/19 01:07:29 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\torchic.xml
[2011/08/19 00:56:59 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\snivy.xml
[2011/08/19 00:35:53 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\luxio.xml
[2011/08/18 23:59:13 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\larvitar.xml
[2011/08/18 23:28:40 | 000,010,308 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\all items.xml
[2011/08/18 23:19:42 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gible.xml
[2011/08/18 21:58:30 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Action Replay DSi Code Manager.lnk
[2011/08/18 21:55:36 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gabite1.xml
[2011/08/18 21:26:30 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Jessica\My Documents\gabite.pkm
[2011/08/18 20:53:42 | 000,159,704 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Pokesav BW v0.06c ENG - PSN [COMPLETE].zip

========== Files Created - No Company Name ==========

[2011/08/28 10:20:18 | 000,689,664 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\MicrosoftFixit50202.msi
[2011/08/28 10:15:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/08/27 22:46:30 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\party3.xml
[2011/08/27 00:17:51 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\absol.xml
[2011/08/25 19:31:05 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/25 02:15:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\MBR.dat
[2011/08/23 14:01:46 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\cherrim.xml
[2011/08/22 21:05:27 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\party 2.xml
[2011/08/22 00:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/19 21:16:27 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\victreebel.xml
[2011/08/19 14:30:10 | 000,007,192 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\my party pokemon.xml
[2011/08/19 01:58:14 | 000,002,176 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\key items.xml
[2011/08/19 01:57:45 | 000,006,470 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\all items1.xml
[2011/08/19 01:18:24 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Shortcut to Pokesav BW v0.06c ENG - PSN [COMPLETE].zip.lnk
[2011/08/19 01:16:02 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\vaporeon.xml
[2011/08/19 01:07:29 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\torchic.xml
[2011/08/19 00:56:59 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\snivy.xml
[2011/08/19 00:35:53 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\luxio.xml
[2011/08/18 23:59:13 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\larvitar.xml
[2011/08/18 23:28:40 | 000,010,308 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\all items.xml
[2011/08/18 23:19:42 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gible.xml
[2011/08/18 21:58:30 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Action Replay DSi Code Manager.lnk
[2011/08/18 21:55:36 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gabite1.xml
[2011/08/18 21:26:30 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Jessica\My Documents\gabite.pkm
[2011/08/18 20:53:41 | 000,159,704 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Pokesav BW v0.06c ENG - PSN [COMPLETE].zip
[2011/04/22 21:34:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/22 21:34:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/22 21:34:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/22 21:34:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/22 21:34:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/09 14:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 20:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 20:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 05:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/05 23:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/09/20 17:26:21 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 11:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 10:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 10:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 03:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 03:30:27 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/12/31 23:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 16:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 12:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 03:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/04/14 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/07 21:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 16:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/06/11 21:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 19:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2011/01/17 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Kalydo
[2010/12/11 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2010/10/05 23:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\OpenCandy
[2011/01/01 02:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 20:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/06/29 16:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2010/10/05 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2010/12/01 19:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



< End of report >



Alright, thank you, that fixed the issue with Automatic Updates. (: I appreciate all the help you've done! :)
  • 0

#8
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answer to my question
  • MBAM Log
  • log.txt

  • 0

#9
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Everything has been running fantastic, I haven't experienced any problems with the computer so far. Thank you so much for all the help you've been. (:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7531

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/28/2011 10:22:46 PM
mbam-log-2011-08-28 (22-22-46).txt

Scan type: Quick scan
Objects scanned: 178860
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e1b662ac0147124d8561cdcd0e9a9bb9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-29 05:54:50
# local_time=2011-08-28 10:54:50 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1798 16775125 100 88 0 30014769 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=38519
# found=2
# cleaned=2
# scan_time=3305
C:\Documents and Settings\Jessica\Application Data\OpenCandy\OpenCandy_85035CEC7C444A1589B6E348570CF2A8\registrybooster(7).exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP356\A0054367.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#10
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :)
Congratultions your logs look clean! :) ;) :yes:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (10.3.183.5) and Adobe Shockwave Player (11.6.1.629) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :unsure:
  • 0

#11
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Everything is going fantastic! Only thing is, where I have the Avira Premium Security Suite, and I went and downloaded Adblock, and all of those, my Avira AntiVir MailGuard, AntiVir WebGuard is disabled, I'm trying to figure out how to enable it, again. :/ But other than that everything is running perfectly. (:
  • 0

#12
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It says on the AntiVir MailGuard and AntiVir WebGuard that the "Service Stopped" and I can't figure out how to start it back. ):
  • 0

#13
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Lets try reinstalling the MailGuard and WebGurd module:

  • Please go to Control Panel > Add/Remove Programs.
  • Click on Avira.
  • Select Change.
  • Select Modify.
  • Uncheck the MailGuard module and WebGuard module.
  • Click next until finish.
  • Restart the PC.
  • Perform the same steps again, only now please be sure that all Avira's modules are checked.
  • Let the program install the Avira Toolbar if asked.
  • Click next until finish.
  • Restart the PC.

Does the problem still persist after performing these steps?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP