[Johnny Villnus]

I did an online scan with Jotti's malware scan because malwarebytes will not update and mshelpcenter.exe is infected with Trojan.Agent2.dtxo and this also came up with the jotti's scan on the same file Downloader.Agent.Tarv.

I've scanned my computer with AVG,SuperAntiSpyware,Sophos Anti-Rootkit nothing shows up and malwarebytes won't work.

I need help with this please and thank you

OTL logfile created on: 11/20/2011 4:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Johnny Villnus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 44.26% Memory free
5.50 Gb Paging File | 3.57 Gb Available in Paging File | 65.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 62.13 Gb Free Space | 21.88% Space Free | Partition Type: NTFS
Drive D: | 180.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHNNYVILLNUS | User Name: Johnny Villnus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 15:57:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny Villnus\Desktop\OTL.com
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/11/03 08:03:59 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/11/03 08:03:55 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/10/24 19:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/02 16:25:40 | 006,486,016 | ---- | M] (Microsoft Corporation) -- C:\Users\Johnny Villnus\AppData\Local\Microsoft Help\MsHelpCenter.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/06/23 16:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:32:14 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/11/03 08:03:55 | 000,218,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 10:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 10:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/03 08:03:59 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/24 19:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/24 07:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 07:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 16:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/07 21:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/23 00:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/12 13:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\E3C9.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/24 12:13:06 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011/11/07 21:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 21:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...34v135r48n1s233
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...34v135r48n1s233

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...4:08&sap=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/04 07:23:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 23:12:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/17 20:32:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Johnny Villnus\AppData\Roaming\IDM\idmmzcc5 [2011/10/19 08:50:47 | 000,000,000 | ---D | M]

[2011/06/28 20:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Extensions
[2011/11/20 14:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Firefox\Profiles\27sdi06b.default\extensions
[2011/11/18 14:58:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Firefox\Profiles\27sdi06b.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/20 14:29:10 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Firefox\Profiles\27sdi06b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/03 08:04:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Firefox\Profiles\27sdi06b.default\extensions\avg@toolbar
[2011/11/03 09:57:08 | 000,003,849 | ---- | M] () -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Firefox\Profiles\27sdi06b.default\searchplugins\avg-secure-search.xml
[2011/06/28 19:56:15 | 000,002,497 | ---- | M] () -- C:\Users\Johnny Villnus\AppData\Roaming\Mozilla\Firefox\Profiles\27sdi06b.default\searchplugins\SearchResults.xml
[2011/11/17 15:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/17 15:59:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JOHNNY VILLNUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\27SDI06B.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/08 23:12:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 21:54:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/28 19:56:15 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/08 23:12:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/16 17:09:21 | 000,437,128 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Microsoft Help] C:\Users\Johnny Villnus\AppData\Local\Microsoft Help\MsHelpCenter.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.140.120.21 64.140.120.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B2968B-8C5F-42A5-B010-150AE880B294}: DhcpNameServer = 64.140.120.21 64.140.120.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B2968B-8C5F-42A5-B010-150AE880B294}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 15:57:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Johnny Villnus\Desktop\OTL.com
[2011/11/20 14:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/20 13:25:47 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Documents\hello
[2011/11/18 23:43:54 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\{7407CE5A-88C3-4744-944E-516FFC0C2083}
[2011/11/18 23:43:33 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\{7231F75A-4F42-4CE0-8BFE-D6F25357C7A9}
[2011/11/18 17:32:35 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Roaming\Malwarebytes
[2011/11/18 17:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/18 17:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/18 17:32:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/18 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/17 16:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/17 15:59:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/17 15:59:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/17 15:59:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/17 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Desktop\books
[2011/11/17 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Desktop\MAME
[2011/11/16 02:13:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/16 02:07:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/15 23:26:44 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/15 23:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/15 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/15 23:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/11 08:34:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/09 19:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/11/06 06:34:56 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechnoLogismiki
[2011/11/06 06:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechnoLogismiki
[2011/11/05 07:11:17 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/11/05 07:08:46 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Desktop\Adobe Photoshop 7.0
[2011/11/04 20:24:34 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Desktop\PSX HAck tools
[2011/11/03 10:34:21 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Roaming\AVG
[2011/11/03 10:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/03 08:58:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/11/03 08:57:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/03 08:47:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/03 08:16:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/03 08:05:14 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Roaming\AVG2012
[2011/11/03 08:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/03 08:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/11/03 08:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/11/03 08:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/11/03 08:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/03 08:02:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/11/03 08:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/03 07:55:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/03 07:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/02 19:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
[2011/11/02 19:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Calculator Plus
[2011/11/02 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2011/11/02 11:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.1
[2011/11/02 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Desktop\pj64
[2011/11/02 10:06:33 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/31 19:24:08 | 000,638,976 | ---- | C] (ESET) -- C:\Windows\ESETUninstaller.exe
[2011/10/29 10:46:58 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Desktop\DnB-Grime-Bassline-Garage Folder
[2011/10/28 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\Documents\Downloads
[2011/10/26 17:47:52 | 000,063,760 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/10/26 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\Trusteer
[2011/10/26 17:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/10/26 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2011/10/26 17:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/10/26 14:31:21 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\{3367BE9C-266C-4177-B17D-30F10D3EFE9B}
[2011/10/26 14:31:10 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\{A307180A-163E-4A93-858D-294A3B7747D6}
[2011/10/26 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\{DB11F53D-933B-4F9F-9F16-7208EA978310}
[2011/10/26 08:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/25 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\Johnny Villnus\AppData\Local\Sophos
[2011/10/25 14:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/10/25 14:18:49 | 000,000,000 | ---D | C] -- C:\stdtsa
[2011/10/25 14:13:43 | 000,000,000 | ---D | C] -- C:\Sophos
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 15:57:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Johnny Villnus\Desktop\OTL.com
[2011/11/20 15:26:25 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b51f2563-cd8a-4de8-b200-7d3430557f16.job
[2011/11/20 13:05:37 | 006,152,967 | ---- | M] () -- C:\Users\Johnny Villnus\AppData\Local\census.cache
[2011/11/20 13:05:36 | 000,117,242 | ---- | M] () -- C:\Users\Johnny Villnus\AppData\Local\ars.cache
[2011/11/20 07:36:59 | 110,299,221 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/19 18:14:17 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/19 18:14:17 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/19 18:14:17 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/19 18:12:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 18:12:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 18:02:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/19 18:02:47 | 2213,404,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 11:37:35 | 1860,957,958 | ---- | M] () -- C:\Users\Johnny Villnus\Desktop\CHYNA.YouShoot.2011.DVDRIP.mkv
[2011/11/18 19:44:45 | 000,000,000 | ---- | M] () -- C:\Users\Johnny Villnus\defogger_reenable
[2011/11/18 19:37:42 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe
[2011/11/17 23:36:38 | 000,192,064 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/11/17 11:37:31 | 000,618,058 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/11/16 12:46:31 | 000,000,355 | ---- | M] () -- C:\Users\Johnny Villnus\Homegroup - Shortcut.lnk
[2011/11/16 04:28:15 | 000,000,355 | ---- | M] () -- C:\Users\Johnny Villnus\Computer - Shortcut.lnk
[2011/11/16 01:04:08 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/15 23:26:01 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/11/11 08:35:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/09 19:36:15 | 013,040,310 | ---- | M] () -- C:\Users\Johnny Villnus\Desktop\HTM Youshoot vol.2pt1.zip
[2011/11/09 19:36:14 | 730,000,000 | ---- | M] () -- C:\Users\Johnny Villnus\Desktop\HTM Youshoot vol.2pt1.z02
[2011/11/09 19:35:30 | 730,000,000 | ---- | M] () -- C:\Users\Johnny Villnus\Desktop\HTM Youshoot vol.2pt1.z01
[2011/11/08 23:09:25 | 000,379,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 21:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/11/05 07:14:01 | 000,001,330 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/11/04 07:23:49 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/03 08:03:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/03 08:03:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/11/03 08:03:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/02 11:43:25 | 000,001,054 | ---- | M] () -- C:\Users\Johnny Villnus\Desktop\Cheat Engine.lnk
[2011/10/31 20:05:04 | 000,017,408 | ---- | M] () -- C:\Users\Johnny Villnus\AppData\Local\WebpageIcons.db
[2011/10/31 19:06:09 | 000,638,976 | ---- | M] (ESET) -- C:\Windows\ESETUninstaller.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 14:12:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/20 07:36:59 | 110,299,221 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/19 12:28:58 | 1860,957,958 | ---- | C] () -- C:\Users\Johnny Villnus\Desktop\CHYNA.YouShoot.2011.DVDRIP.mkv
[2011/11/18 19:44:45 | 000,000,000 | ---- | C] () -- C:\Users\Johnny Villnus\defogger_reenable
[2011/11/18 19:37:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/17 23:36:38 | 000,192,064 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/11/17 11:37:31 | 000,618,058 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/11/16 12:46:31 | 000,000,355 | ---- | C] () -- C:\Users\Johnny Villnus\Homegroup - Shortcut.lnk
[2011/11/16 04:28:15 | 000,000,355 | ---- | C] () -- C:\Users\Johnny Villnus\Computer - Shortcut.lnk
[2011/11/16 01:01:09 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b51f2563-cd8a-4de8-b200-7d3430557f16.job
[2011/11/15 23:26:01 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/11/09 19:34:57 | 730,000,000 | ---- | C] () -- C:\Users\Johnny Villnus\Desktop\HTM Youshoot vol.2pt1.z02
[2011/11/09 19:34:57 | 730,000,000 | ---- | C] () -- C:\Users\Johnny Villnus\Desktop\HTM Youshoot vol.2pt1.z01
[2011/11/09 19:34:57 | 013,040,310 | ---- | C] () -- C:\Users\Johnny Villnus\Desktop\HTM Youshoot vol.2pt1.zip
[2011/11/05 07:14:01 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/11/05 07:14:00 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/11/05 07:14:00 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/11/03 08:04:51 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/03 08:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/03 08:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/11/03 08:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/02 11:43:25 | 000,001,054 | ---- | C] () -- C:\Users\Johnny Villnus\Desktop\Cheat Engine.lnk
[2011/10/31 20:04:59 | 000,017,408 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\WebpageIcons.db
[2011/10/28 09:22:54 | 000,379,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/16 10:02:12 | 000,003,584 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/18 13:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\setup_xp.ini
[2011/08/16 08:40:11 | 000,000,571 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Roaming\AutoGK.ini
[2011/07/16 16:43:49 | 006,152,967 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\census.cache
[2011/07/16 16:39:47 | 000,117,242 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\ars.cache
[2011/07/16 13:35:55 | 000,000,036 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\housecall.guid.cache
[2011/07/10 20:51:51 | 000,033,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/07/10 18:18:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/10 18:18:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/10 18:18:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/10 18:18:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 00:18:09 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011/02/28 04:55:10 | 000,033,134 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Roaming\UserTile.png
[2010/12/19 09:28:11 | 000,033,728 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\rx_audio.Cache
[2010/11/06 11:53:31 | 002,627,696 | ---- | C] () -- C:\Users\Johnny Villnus\AppData\Local\rx_image32.Cache
[2010/10/05 00:27:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/09/09 23:42:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/01 09:20:32 | 000,000,175 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/13 08:12:56 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/28 12:40:12 | 000,115,712 | ---- | C] () -- C:\Windows\SysWow64\libsndfile.dll
[2004/07/26 13:24:52 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\hackman2.dll
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll
[2001/08/13 13:09:48 | 000,659,520 | ---- | C] () -- C:\Windows\SysWow64\vbid3lib.dll
[2001/04/20 12:23:28 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\PManager.dll
[2000/07/14 23:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe
[1998/09/06 18:03:36 | 000,012,208 | ---- | C] () -- C:\Windows\SysWow64\Cdio16.dll
[1998/09/06 17:55:42 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\cdio32.dll

========== LOP Check ==========

[2011/07/11 10:42:29 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\Apowersoft
[2011/11/03 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\AVG
[2011/11/03 08:05:14 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\AVG2012
[2011/11/02 10:06:33 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/19 08:33:20 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\DMCache
[2011/10/19 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\IDM
[2011/11/20 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\QuickScan
[2010/11/06 10:34:01 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\Simple Star
[2010/12/11 02:47:35 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\SystemRequirementsLab
[2011/05/12 08:46:32 | 000,000,000 | ---D | M] -- C:\Users\Johnny Villnus\AppData\Roaming\Windows Live Writer
[2011/11/10 09:24:23 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/20 15:26:25 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b51f2563-cd8a-4de8-b200-7d3430557f16.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Attached Files

•  OTL.Txt   90.42KB   99 downloads

Edited by Johnny Villnus, 20 November 2011 - 03:28 PM.

[Advertisements]

Hello Johnny Villnus and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• VRT log
• GMER log

It would be helpful if you could post each log in separate post

[maliprog]

Hello Johnny Villnus and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• VRT log
• GMER log

It would be helpful if you could post each log in separate post

[Johnny Villnus]

Hi Mail Prog thanks for the welcome and for the help

I'm finished with both scans VRT and GMER but I'm having trouble posting the VRT Log
Firefox keeps crashing on me when I try to post it on to here by copy and pasting.
The log is huge and my notepad is using up a lot of memory and when I try to post it in bunches by copy and pasting it still causes Firefox to crash.
Is there something I can do about this? once again thank you for helping me.

Edited by Johnny Villnus, 22 November 2011 - 04:38 AM.

[maliprog]

Please try to ZIP logs then attach ZIP file to me on your next reply. See if that help.

[Johnny Villnus]

I have the zip file down to 12 mb's but I can only post attachments up to 1 mb so I'm running into problems there I even tried to multi zip the file and it wouldn't upload on here saying I'm not allowed to upload this kind of file on here.

so here is the GMER log.

Is there another way I can get the Vrt log to you ? I'm sorry for the problem this is causing.

Attached Files

•  GMER.Zip   569bytes   96 downloads

[maliprog]

Leave VRT log for now. We must try Dr.Web.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Complete scan sometimes takes up to 3 hours to finish so please be patient.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

[Johnny Villnus]

Maliprog thanks for your help I knew there was something wrong.
Dr Web found malicious software had took over my system and had messed with my windows system files and it asked me to restore them to default and i pressed yes.I hope I did the right thing with that It took 3 to 4 hours to do express scan and the complete scan took about 12 hours to finish.

I also rebooted when the scans finished.

Here is the express file results:
tcNZOqxx.exe.part;C:\Users\JOHNNY~1\AppData\Local\Temp;Trojan.Siggen3.20406;Incurable.Moved.;
tcNZOqxx.exe.part;C:\Documents and Settings\Johnny Villnus\DoctorWeb\Quarantine;Trojan.Siggen3.20406;Incurable.Moved.;

and the complete log is too big to copy and past causing Firefox to crash.. so i zipped the file and attached it.

 cureitlogtext.zip   131.56KB   217 downloads

Edited by Johnny Villnus, 23 November 2011 - 12:52 AM.

[maliprog]

Hi Johnny Villnus,

Good work! Dr.Web took care of it. Let's continue.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Johnny Villnus]

I notice my browser is a little faster now thanks so much this has been stressing me right out.... once I'm done with this all should I clear my cookies,Temp and chang my passwords ? I haven't touched a thing till I got your advise as to what I should I do.

here is the combo fix log.

Attached Files

•  ComboFix.txt   19.39KB   109 downloads

[maliprog]

Can you try to update Malwarebytes now and do Quick Scan. Post log after the scan here for me. After we clean your system we'll deal with leftovers (temp files, cookies etc.)

[Johnny Villnus]

Ok here is the Malwarebytes Quick scan Log and it updated and worked fine.

Attached Files

•  mbam-log-2011-11-23 (04-53-26).txt   618bytes   115 downloads

[maliprog]

Great! How is your system now? Do you have any problems?

[Johnny Villnus]

my system seems to be running fine now

[maliprog]

If you are happy, I'm happy too!

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[Johnny Villnus]

I noticed something in my AVG firewall and connection settings I have a bunch of unsafe IP addy's in my defined settings and it won't let me delete or edit it.

and I noticed when I rebooted my system it took awhile to go back online it doesn't usually do that I'm not sure if that has something to do with it?