Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes' won't remove the virus XP Home Security 2012 [So


  • This topic is locked This topic is locked

#1
ikissedyomomma

ikissedyomomma

    Member

  • Member
  • PipPip
  • 35 posts
I went to the "Malware Removal Guide" and followed all instructions, but I noticed XP Home Security 2012 was still on my computer and everything keeps popping up still, so I decided to do the full scan, removed selected, restarted computer, and it's still here. I'm doing the quick scan once again, right now, I still have the icon and everything at the corner of my screen for the XP Home Security 2012. Is there another way for me to get rid of this virus?


Here's the log!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8288

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/1/2011 8:11:57 PM
mbam-log-2011-12-01 (20-11-57).txt

Scan type: Quick scan
Objects scanned: 192668
Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jessica\Local Settings\Application Data\flp.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jessica\Local Settings\Application Data\flp.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jessica\Local Settings\Application Data\flp.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Things I would like to see in your reply:
  • aswMBR log
  • OTL.txt and Extras.txt

  • 0

#3
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you for replying to my post!

I tried downloading aswMBR.exe but my computer isn't letting me open executive files anymore. Is it OK to change the name to aswMBR.com? Same for OTL? I noticed it lets me do that with other things.
  • 0

#4
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-02 14:03:28
-----------------------------
14:03:28.828 OS Version: Windows 5.1.2600 Service Pack 3
14:03:28.828 Number of processors: 2 586 0x209
14:03:28.828 ComputerName: JESSICAA UserName: Jessica
14:03:30.796 Initialize success
14:05:06.796 AVAST engine defs: 11120200
14:07:34.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:07:34.187 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3
14:07:36.203 Disk 0 MBR read successfully
14:07:36.203 Disk 0 MBR scan
14:07:36.250 Disk 0 Windows XP default MBR code
14:07:36.265 Disk 0 scanning sectors +156296385
14:07:36.359 Disk 0 scanning C:\WINDOWS\system32\drivers
14:07:49.750 File: C:\WINDOWS\system32\drivers\redbook.sys **INFECTED** Win32:Alureon-AOK [Rtk]
14:07:54.906 Service scanning
14:07:55.109 Service .ipsec \* **LOCKED** 123
14:07:55.953 Modules scanning
14:07:58.468 Module: C:\WINDOWS\system32\DRIVERS\redbook.sys **SUSPICIOUS**
14:08:08.015 Disk 0 trace - called modules:
14:08:08.031 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8649af10]<<
14:08:08.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86757ab8]
14:08:08.031 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> [0x8655af08]
14:08:08.031 \Driver\00000831[0x864e0c08] -> IRP_MJ_CREATE -> 0x8649af10
14:08:10.109 AVAST engine scan C:\WINDOWS
14:08:21.625 AVAST engine scan C:\WINDOWS\system32
14:10:44.109 AVAST engine scan C:\WINDOWS\system32\drivers
14:10:54.265 File: C:\WINDOWS\system32\drivers\redbook.sys **INFECTED** Win32:Alureon-AOK [Rtk]
14:10:59.375 AVAST engine scan C:\Documents and Settings\Jessica
14:12:12.562 File: C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\51\19a31173-4b2c93c3 **INFECTED** Win32:FakeAlert-BLY [Trj]
14:14:05.796 File: C:\Documents and Settings\Jessica\Local Settings\temp\641.6021.exe **INFECTED** Win32:FakeAlert-BLY [Trj]
14:17:45.078 AVAST engine scan C:\Documents and Settings\All Users
14:18:44.578 Scan finished successfully
14:19:24.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\My Documents\Downloads\MBR.dat"
14:19:24.343 The log file has been saved successfully to "C:\Documents and Settings\Jessica\My Documents\Downloads\aswMBR.txt"




OTL.Txt:


OTL logfile created on: 12/2/2011 2:21:20 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.07% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.32 Gb Free Space | 25.88% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.03 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 7.40 Gb Total Space | 5.11 Gb Free Space | 69.13% Space Free | Partition Type: FAT32

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 02:46:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\My Documents\Downloads\OTL.com
PRC - [2011/11/19 00:23:01 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Jessica\Application Data\Spotify\spotify.exe
PRC - [2011/11/10 14:35:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/14 14:37:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 14:35:16 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/09/14 14:38:29 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/10/22 14:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/06/28 09:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 09:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 09:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 09:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 09:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 14:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 14:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 19:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 22:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 22:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 21:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 10:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...043,16898,0,8,0
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 82 44 DB 07 66 CC 01 [binary data]
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 14:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 20:37:29 | 000,000,000 | ---D | M]

[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/10/27 01:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 20:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 21:46:19 | 000,000,000 | ---D | M] (RawCoupon Community Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{93130a67-a674-4177-952a-7d803ce57924}
[2011/07/28 19:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/31 17:36:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/10/18 01:38:59 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\[email protected]
[2011/10/09 11:11:32 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\conduit.xml
[2010/10/28 07:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/08/31 17:35:53 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\SweetIM Search.xml
[2011/08/31 17:36:19 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\sweetim.xml
[2011/11/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 14:35:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 07:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 14:35:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweeti...C-443A20F8B47B}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5F9398-AF2C-47F6-B9ED-11B076565380}: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 12:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\...exe [@ = ah] -- "C:\Documents and Settings\Jessica\Local Settings\Application Data\flp.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/01 18:32:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/28 01:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\My Documents\LimeWire
[2011/11/28 01:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/11/15 03:12:54 | 002,060,760 | ---- | C] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe

========== Files - Modified Within 30 Days ==========

[2011/12/02 13:51:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/02 12:54:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/02 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 05:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/02 02:23:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/02 02:21:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/02 02:21:54 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 02:21:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/02 00:41:52 | 000,015,798 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\e8cu43g8kg1coi
[2011/12/02 00:41:52 | 000,015,798 | -H-- | M] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\e8cu43g8kg1coi
[2011/12/01 20:26:19 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/01 18:32:38 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hooblahh.pif
[2011/11/30 21:41:14 | 000,036,948 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:02 | 000,052,581 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:01 | 000,039,799 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:17 | 000,011,889 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/11/24 13:06:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\subv.exe
[2011/11/15 03:12:54 | 002,060,760 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe
[2011/11/11 13:30:18 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 13:30:18 | 000,087,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/10 12:04:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/12/02 02:21:54 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/01 17:47:00 | 000,015,798 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e8cu43g8kg1coi
[2011/12/01 17:47:00 | 000,015,798 | -H-- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\e8cu43g8kg1coi
[2011/11/30 21:41:10 | 000,036,948 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:01 | 000,052,581 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:00 | 000,039,799 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:12 | 000,011,889 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/11/24 13:06:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\subv.exe
[2011/08/22 02:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 16:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 22:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 22:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 07:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/06 01:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/06/11 13:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 12:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 12:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 05:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 05:30:27 | 003,447,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 13:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 19:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 14:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 14:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 14:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 14:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 14:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 14:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 14:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 14:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 14:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 14:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 14:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/01 01:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 05:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/10/14 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/14 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/27 01:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/07 23:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/10/14 12:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/11 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2010/12/11 22:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2011/01/01 04:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/09/20 21:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Pokemon Online
[2011/09/02 00:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PriceGong
[2011/06/29 18:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2011/12/02 14:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Spotify
[2010/10/06 01:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2011/10/27 01:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/10 14:35:12 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/10 14:35:12 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 14:35:12 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/12/02 02:26:12 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/10 14:35:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/04/30 01:12:41 | 001,006,778 | ---- | M] ()

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/10 14:35:12 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/10 14:35:12 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 14:35:12 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe [2011/12/02 02:26:12 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/10 14:35:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe [2011/04/30 01:12:41 | 001,006,778 | ---- | M] ()

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB22893$] -> Error: Cannot create file handle -> Unknown point type

< End of report >



Extras.Txt

OTL Extras logfile created on: 12/2/2011 2:50:05 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 23.05 Mb Available Physical Memory | 2.25% Memory free
2.40 Gb Paging File | 1.04 Gb Available in Paging File | 43.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.37 Gb Free Space | 26.11% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.03 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 7.40 Gb Total Space | 5.11 Gb Free Space | 69.13% Space Free | Partition Type: FAT32

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = ah] -- "C:\Documents and Settings\Jessica\Local Settings\Application Data\flp.exe" -a "%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Jessica\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Jessica\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{9257734E-5A99-47E5-82B5-496ACC53EE40}" = Before You Know It 3.6
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0C5A78-6DBF-3444-0120-0FE8F0134FCD}" = Adobe Download Assistant
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Premium Security Suite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Setup.divx.com" = DivX Setup
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mplayer" = Mplayer 0.6.9
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"WEB Framework" = WEB Framework
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2011 2:38:25 AM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.8.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2011 2:38:27 AM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.8.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2011 2:38:27 AM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.8.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/19/2011 5:22:57 PM | Computer Name = JESSICAA | Source = nview_info | ID = 11141121
Description =

Error - 10/20/2011 2:00:02 AM | Computer Name = JESSICAA | Source = ESENT | ID = 490
Description = svchost (1448) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/11/2011 2:31:02 PM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2011 2:31:04 PM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2011 3:06:26 PM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/26/2011 3:12:35 PM | Computer Name = JESSICAA | Source = nview_info | ID = 11141121
Description =

Error - 12/2/2011 3:43:43 AM | Computer Name = JESSICAA | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.69.80.9, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/2/2011 3:23:28 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7024
Description = The Avira AntiVir MailGuard service terminated with service-specific
error 1 (0x1).

Error - 12/2/2011 3:23:28 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:23:28 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:32:00 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:35:36 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:41:43 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:42:28 AM | Computer Name = JESSICAA | Source = DCOM | ID = 10010
Description = The server {72278E83-B0EF-4E49-9E10-6947602C1030} did not register
with DCOM within the required timeout.

Error - 12/2/2011 3:43:21 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:55:05 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/2/2011 3:59:17 AM | Computer Name = JESSICAA | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

#5
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi



Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/11/10 14:35:16 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    O35 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005..exefile [open] -- "%1" %*
    O37 - HKU\S-1-5-21-1819643104-910290269-4184997253-1005\...exe [@ = ah] -- "C:\Documents and Settings\Jessica\Local Settings\Application Data\flp.exe" -a "%1" %*
    [2011/12/01 17:47:00 | 000,015,798 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e8cu43g8kg1coi
    [2011/12/01 17:47:00 | 000,015,798 | -H-- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\e8cu43g8kg1coi
    [2011/11/24 13:06:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\subv.exe
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#6
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you so much for replying, by the way. (:


OTL.Txt

OTL logfile created on: 12/3/2011 3:36:21 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 520.01 Mb Available Physical Memory | 50.85% Memory free
2.40 Gb Paging File | 1.43 Gb Available in Paging File | 59.30% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 7.08 Gb Free Space | 28.98% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.03 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 7.40 Gb Total Space | 5.11 Gb Free Space | 69.13% Space Free | Partition Type: FAT32

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 02:46:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\My Documents\Downloads\OTL.exe
PRC - [2011/11/10 14:35:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 09:17:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/14 14:37:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/08 13:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 13:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 14:35:16 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/10/29 15:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 15:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/16 15:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/14 14:38:29 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/05/08 13:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 13:35:28 | 000,181,520 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/05/08 13:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/22 14:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 14:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/22 14:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/06/28 09:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 09:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 09:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 09:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 09:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 14:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 14:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 19:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 22:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 22:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 21:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 10:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...043,16898,0,8,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 82 44 DB 07 66 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 14:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 20:37:29 | 000,000,000 | ---D | M]

[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/10/27 01:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 20:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 21:46:19 | 000,000,000 | ---D | M] (RawCoupon Community Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{93130a67-a674-4177-952a-7d803ce57924}
[2011/07/28 19:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/31 17:36:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/10/18 01:38:59 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\[email protected]
[2011/10/09 11:11:32 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\conduit.xml
[2010/10/28 07:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/08/31 17:35:53 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\SweetIM Search.xml
[2011/08/31 17:36:19 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\sweetim.xml
[2011/11/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 14:35:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 07:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 14:35:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweeti...C-443A20F8B47B}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/03 03:22:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5F9398-AF2C-47F6-B9ED-11B076565380}: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 12:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 03:22:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/01 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/01 18:32:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/28 01:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\My Documents\LimeWire
[2011/11/28 01:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/11/15 03:12:54 | 002,060,760 | ---- | C] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe

========== Files - Modified Within 30 Days ==========

[2011/12/03 03:32:27 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/03 03:31:49 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/03 03:31:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/03 03:28:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/03 03:28:34 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 03:28:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/03 03:22:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/03 02:51:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/03 02:51:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/02 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/01 18:32:38 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hooblahh.pif
[2011/11/30 21:41:14 | 000,036,948 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:02 | 000,052,581 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:01 | 000,039,799 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:17 | 000,011,889 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/11/15 03:12:54 | 002,060,760 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe
[2011/11/11 13:30:18 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 13:30:18 | 000,087,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/10 12:04:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/12/02 02:21:54 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/30 21:41:10 | 000,036,948 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:01 | 000,052,581 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:00 | 000,039,799 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:12 | 000,011,889 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/08/22 02:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 16:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 22:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 22:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 07:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/06 01:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/06/11 13:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 12:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 12:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 05:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 05:30:27 | 003,447,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 13:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 19:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 14:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 14:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 14:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 14:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 14:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 14:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 14:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 14:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 14:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 14:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 14:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/01 01:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 05:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/10/14 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/14 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/27 01:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/07 23:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/10/14 12:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/11 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2010/12/11 22:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2011/01/01 04:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/09/20 21:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Pokemon Online
[2011/09/02 00:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PriceGong
[2011/06/29 18:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2011/12/03 01:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Spotify
[2010/10/06 01:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2011/10/27 01:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



< End of report >






log.txt


ComboFix 11-12-02.02 - Jessica 12/03/2011 4:00.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.654 [GMT -5:00]
Running from: c:\documents and settings\Jessica\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *Enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\Jessica\Application Data\PriceGong
c:\documents and settings\Jessica\Recent\Thumbs.db
c:\windows\$NtUninstallKB22893$\2459688321
c:\windows\$NtUninstallKB22893$\913862421\@
c:\windows\$NtUninstallKB22893$\913862421\bckfg.tmp
c:\windows\$NtUninstallKB22893$\913862421\cfg.ini
c:\windows\$NtUninstallKB22893$\913862421\Desktop.ini
c:\windows\$NtUninstallKB22893$\913862421\keywords
c:\windows\$NtUninstallKB22893$\913862421\kwrd.dll
c:\windows\$NtUninstallKB22893$\913862421\L\tyelnejh
c:\windows\$NtUninstallKB22893$\913862421\lsflt7.ver
c:\windows\$NtUninstallKB22893$\913862421\U\[email protected]
c:\windows\$NtUninstallKB22893$\913862421\U\[email protected]
c:\windows\$NtUninstallKB22893$\913862421\U\[email protected]
c:\windows\$NtUninstallKB22893$\913862421\U\[email protected]
c:\windows\$NtUninstallKB22893$\913862421\U\[email protected]
c:\windows\$NtUninstallKB22893$\913862421\U\[email protected]
c:\windows\CSC\d6
c:\windows\EventSystem.log
c:\windows\system32\usmt\migwiz_a.exe
D:\install.exe
c:\windows\$NtUninstallKB22893$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.ipsec
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 08:22 . 2011-12-03 08:22 -------- d-----w- C:\_OTL
2011-12-01 23:40 . 2011-12-01 23:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-01 23:32 . 2011-12-01 23:32 -------- d--h--w- c:\windows\PIF
2011-11-28 06:09 . 2011-11-28 06:14 -------- d-----w- c:\program files\LimeWire
2011-11-19 04:15 . 2011-11-19 04:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 05:59 . 2011-05-26 01:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 03:47 . 2011-10-18 03:47 18944 ----a-r- c:\documents and settings\Jessica\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-10-10 14:22 . 2009-06-11 17:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 18:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 19:35 . 2011-04-28 02:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Jessica\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [9/14/2010 2:43 PM 106904]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [9/14/2010 2:43 PM 567464]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/14/2010 2:43 PM 136360]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [9/14/2010 2:43 PM 82952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 7:00 AM 14336]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [9/14/2010 2:43 PM 340136]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [9/14/2010 2:43 PM 428200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 4:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2010 10:20 PM 136176]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [5/6/2011 3:40 AM 29184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2010 10:20 PM 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 4:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 03:20]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-15 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111043,16898,0,8,0
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\documents and settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-Akamai - c:\program files\Common Files\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 04:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-12-03 04:15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 09:15
.
Pre-Run: 7,536,406,528 bytes free
Post-Run: 7,474,769,920 bytes free
.
- - End Of File - - 211967FE6E203EFEB9CE541AAA390926
  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#8
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
My computer now runs really good! Thank you so much! It actually seems a little faster than it was before. (: I'm just not good with cleaning it out. I'm great with following instructions, I just get confused with running OTL by myself without any suggestions. I've removed about 6 of those viruses from just this computer. And my Avira anti-virus expired not too long ago. Before I done all this, I was having issues accessing the internet, it would pop up with a tab that said "Open with... Firefox, Wordpad, etc.," and when you clicked firefox, it would pop up with a download tab to download Firefox.exe. I don't get that anymore, thankfully!


mbam-log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8300

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/3/2011 7:25:58 PM
mbam-log-2011-12-03 (19-25-58).txt

Scan type: Quick scan
Objects scanned: 183797
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETScan.txt
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP453\A0058114.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059059.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059068.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059102.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059109.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059116.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059122.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059153.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059159.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059167.exe a variant of Win32/Kryptik.WMD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059169.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP459\A0059200.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP459\A0059260.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP459\A0059365.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\redbook.sys Win32/Sirefef.DA trojan unable to clean
  • 0

#9
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ah, just when I thought the one virus was gone and everything was getting better, it's other clone popped up. XP Security 2012 is the name of this one. ): Just thought I'd let you know!
  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

Advertisements


#11
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I manually deleted the main part of the virus, I just tracked it down using Malwarebytes since it couldn't delete it from where the virus was acting as a "program" and it was "currently in use", so I found it under C:\Documents and Settings\Jessica\Local Settings\Application Data and it wouldn't let me delete it right away, so I done Ctrl + Alt + Delete, went to Processes, then found it under that, clicked End Process, then deleted it before it came back up. But I already knew that wasn't all I needed to do. My computer is back to doing the "Open With" when you click Firefox, or even Automatic Updates, also even Executive files it does it, too. I had problems opening Kaspersky Virus Removal Tool for a minute, but I finally got it working! Just thought I would let you know what's been going on. Thank you for replying! I appreciate you helping me, I really do.



Status: Deleted (events: 3)
12/4/2011 3:01:59 AM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP456\A0059057.lnk High
12/4/2011 3:04:01 AM Deleted Trojan program Packed.Win32.Katusha.o C:\WINDOWS\system32\drivers\redbook.sys High
12/4/2011 3:25:11 AM Deleted Trojan program Packed.Win32.Katusha.o C:\System Volume Information\_restore{80887C9E-ECA3-4996-ABFA-B97C9AA47310}\RP460\A0059396.sys High
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#13
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 12/4/2011 4:27:09 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 237.32 Mb Available Physical Memory | 23.20% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.57 Gb Free Space | 26.90% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.03 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 7.40 Gb Total Space | 5.11 Gb Free Space | 69.13% Space Free | Partition Type: FAT32

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 02:46:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\My Documents\Downloads\OTL.com
PRC - [2011/11/10 14:35:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/05 12:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/14 14:37:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/24 00:59:24 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 14:35:16 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/05 12:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2010/09/14 14:38:29 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006/10/22 14:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/22 14:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/06/28 09:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 09:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/12/04 10:18:35 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\73199881.sys -- (73199881)
DRV - [2011/12/04 03:25:11 | 000,000,206 | -HS- | M] () [File_System | Unknown | Running] -- C:\WINDOWS\4776865drv.spi -- (4776865drv)
DRV - [2011/06/28 09:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 09:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 09:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 09:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 14:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 14:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 19:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 22:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 22:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 21:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 10:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...043,16898,0,8,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 82 44 DB 07 66 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 14:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 20:37:29 | 000,000,000 | ---D | M]

[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/10/27 01:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 20:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 21:46:19 | 000,000,000 | ---D | M] (RawCoupon Community Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{93130a67-a674-4177-952a-7d803ce57924}
[2011/07/28 19:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/31 17:36:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/10/18 01:38:59 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\[email protected]
[2011/10/09 11:11:32 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\conduit.xml
[2010/10/28 07:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/08/31 17:35:53 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\SweetIM Search.xml
[2011/08/31 17:36:19 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\sweetim.xml
[2011/11/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 14:35:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 07:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 14:35:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweeti...C-443A20F8B47B}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/03 04:10:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Explorerr\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\_uninst_81142186.lnk = C:\Documents and Settings\Jessica\Local Settings\temp\_uninst_81142186.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5F9398-AF2C-47F6-B9ED-11B076565380}: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 12:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = ah] -- "C:\Documents and Settings\Jessica\Local Settings\Application Data\rph.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 03:10:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/04 02:10:51 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\73199881.sys
[2011/12/04 01:36:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/03 03:49:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/03 03:49:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/03 03:49:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/03 03:49:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/03 03:42:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/03 03:22:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/01 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/01 18:32:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/28 01:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\My Documents\LimeWire
[2011/11/28 01:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/11/15 03:12:54 | 002,060,760 | ---- | C] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe

========== Files - Modified Within 30 Days ==========

[2011/12/04 15:51:16 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 10:18:35 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\73199881.sys
[2011/12/04 05:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/04 03:25:11 | 000,000,206 | -HS- | M] () -- C:\WINDOWS\4776865drv.spi
[2011/12/04 03:09:45 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 03:08:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 03:08:48 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 03:08:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/04 02:13:18 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\_uninst_81142186.lnk
[2011/12/04 01:34:53 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/04 01:02:52 | 000,004,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1s02rm3f58d483
[2011/12/04 01:02:51 | 000,004,952 | -HS- | M] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\1s02rm3f58d483
[2011/12/03 19:18:32 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 04:10:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/03 02:51:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/02 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/30 21:41:14 | 000,036,948 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:02 | 000,052,581 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:01 | 000,039,799 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:17 | 000,011,889 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/11/15 03:12:54 | 002,060,760 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe
[2011/11/11 13:30:18 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 13:30:18 | 000,087,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/10 12:04:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/12/04 03:25:11 | 000,000,206 | -HS- | C] () -- C:\WINDOWS\4776865drv.spi
[2011/12/04 02:13:18 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\_uninst_81142186.lnk
[2011/12/04 00:30:12 | 000,004,952 | -HS- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\1s02rm3f58d483
[2011/12/04 00:30:12 | 000,004,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1s02rm3f58d483
[2011/12/03 19:18:32 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 03:49:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/03 03:49:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/03 03:49:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/03 03:49:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/03 03:49:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/02 02:21:54 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/30 21:41:10 | 000,036,948 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:01 | 000,052,581 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:00 | 000,039,799 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:12 | 000,011,889 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/08/22 02:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 16:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 22:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 22:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 07:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/06 01:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/06/11 13:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 12:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 12:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 05:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 05:30:27 | 003,447,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 13:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 19:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 14:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 14:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 14:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 14:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 14:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 14:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 14:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 14:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 14:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 14:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 14:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/01 01:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 05:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/10/14 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/14 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/07 23:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/10/14 12:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/11 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2010/12/11 22:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2011/01/01 04:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/09/20 21:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Pokemon Online
[2011/06/29 18:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2011/12/03 01:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Spotify
[2010/10/06 01:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2011/10/27 01:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



< End of report >
  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
    SRV - File not found [Auto | Stopped] -- -- (Akamai)
    DRV - [2011/12/04 03:25:11 | 000,000,206 | -HS- | M] () [File_System | Unknown | Running] -- C:\WINDOWS\4776865drv.spi -- (4776865drv)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O37 - HKCU\...exe [@ = ah] -- "C:\Documents and Settings\Jessica\Local Settings\Application Data\rph.exe" -a "%1" %*
    [2011/12/04 03:25:11 | 000,000,206 | -HS- | M] () -- C:\WINDOWS\4776865drv.spi
    [2011/12/04 01:02:52 | 000,004,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1s02rm3f58d483
    [2011/12/04 01:02:51 | 000,004,952 | -HS- | M] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\1s02rm3f58d483
    [2011/12/04 02:13:18 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Jessica\Start Menu\Programs\Startup\_uninst_81142186.lnk
    
    :Files
    C:\Documents and Settings\Jessica\Local Settings\Application Data\*.exe
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I would like to see in your reply:
  • OTL log
  • TDSSkiller log

  • 0

#15
ikissedyomomma

ikissedyomomma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 12/5/2011 5:41:10 AM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jessica\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 456.16 Mb Available Physical Memory | 44.60% Memory free
2.40 Gb Paging File | 1.39 Gb Available in Paging File | 58.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 6.52 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 50.03 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 7.40 Gb Total Space | 5.12 Gb Free Space | 69.18% Space Free | Partition Type: FAT32

Computer Name: JESSICAA | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 02:46:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\My Documents\Downloads\OTL.exe
PRC - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 09:17:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/14 14:37:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/08 13:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 13:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/29 15:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 15:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/16 15:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/14 14:38:29 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/05/08 13:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 13:35:28 | 000,181,520 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/05/08 13:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/10/22 14:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 14:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/22 14:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 09:58:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 09:58:08 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/06/28 09:58:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/28 09:58:07 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/04/27 05:37:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 19:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:58:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 09:58:08 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2011/06/28 09:58:08 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/06/28 09:58:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/14 14:39:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/14 14:37:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/04/30 19:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 18:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/02/08 08:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/02/07 22:30:30 | 000,392,704 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2007/02/07 22:30:30 | 000,033,995 | R--- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2006/05/05 21:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 10:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...043,16898,0,8,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 82 44 DB 07 66 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 14:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 20:37:29 | 000,000,000 | ---D | M]

[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/09/15 16:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions\[email protected]
[2011/10/27 01:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions
[2010/12/11 20:27:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 21:46:19 | 000,000,000 | ---D | M] (RawCoupon Community Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{93130a67-a674-4177-952a-7d803ce57924}
[2011/07/28 19:32:35 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/31 17:36:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/10/18 01:38:59 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\extensions\[email protected]
[2011/10/09 11:11:32 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\conduit.xml
[2010/10/28 07:21:32 | 000,002,228 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\iBryte_potfarm.xml
[2011/08/31 17:35:53 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\SweetIM Search.xml
[2011/08/31 17:36:19 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\k1lygot7.default\searchplugins\sweetim.xml
[2011/11/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 14:35:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 07:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 14:35:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweeti...C-443A20F8B47B}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/05 05:36:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5F9398-AF2C-47F6-B9ED-11B076565380}: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 12:43:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 01:36:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/03 03:49:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/03 03:49:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/03 03:49:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/03 03:49:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/03 03:42:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/03 03:22:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/01 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/01 18:32:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/28 01:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\My Documents\LimeWire
[2011/11/28 01:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/11/15 03:12:54 | 002,060,760 | ---- | C] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe

========== Files - Modified Within 30 Days ==========

[2011/12/05 05:40:35 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/05 05:40:21 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 05:40:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/05 05:39:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/05 05:39:37 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/05 05:39:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/05 05:36:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/05 04:51:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/03 19:18:32 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 02:51:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/02 07:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/01 21:11:38 | 147,265,618 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\100_0667.MP4
[2011/11/30 21:41:14 | 000,036,948 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:02 | 000,052,581 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:01 | 000,039,799 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:17 | 000,011,889 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/11/28 22:07:06 | 147,377,412 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\100_0666.MP4
[2011/11/21 22:23:28 | 031,320,030 | ---- | M] () -- C:\Documents and Settings\Jessica\Desktop\100_0647.MP4
[2011/11/15 03:12:54 | 002,060,760 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\Jessica\Desktop\iLividSetupV1.exe
[2011/11/11 13:30:18 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 13:30:18 | 000,087,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/10 12:04:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/12/05 02:56:57 | 147,377,412 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\100_0666.MP4
[2011/12/05 02:56:56 | 147,265,618 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\100_0667.MP4
[2011/12/05 02:56:47 | 031,320,030 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\100_0647.MP4
[2011/12/03 19:18:32 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 03:49:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/03 03:49:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/03 03:49:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/03 03:49:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/03 03:49:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/02 02:21:54 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/30 21:41:10 | 000,036,948 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\14076570.gif
[2011/11/29 05:39:47 | 000,125,135 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Chocobo.jpg
[2011/11/29 05:15:01 | 000,052,581 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\Baby_chocobo.jpg
[2011/11/29 05:12:00 | 000,039,799 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\FFVII-Chocobo.jpg
[2011/11/29 04:48:12 | 000,011,889 | ---- | C] () -- C:\Documents and Settings\Jessica\Desktop\monkey_cartoon4.gif
[2011/08/22 02:23:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 16:00:30 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2011/03/22 22:16:10 | 000,001,223 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/12/11 22:01:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/28 07:21:39 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat
[2010/10/06 01:47:57 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/06/11 13:35:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/11 12:46:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 12:40:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/11 05:31:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/11 05:30:27 | 003,447,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 13:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 19:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/10/22 14:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 14:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 14:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 14:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 14:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 14:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 14:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 14:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 14:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 14:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 14:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,087,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/01/01 01:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

========== LOP Check ==========

[2010/11/11 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/08/24 14:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/06/07 05:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2011/10/14 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/14 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/07 23:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/11/11 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2011/10/14 12:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/11 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\FrostWire
[2010/12/31 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\GetRightToGo
[2010/12/11 22:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Leadertech
[2011/01/01 04:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2010/11/14 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\PlayFirst
[2011/09/20 21:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Pokemon Online
[2011/06/29 18:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\QuickScan
[2011/12/05 03:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Spotify
[2010/10/06 01:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Uniblue
[2011/10/27 01:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Unity

========== Purity Check ==========



< End of report >




I'm having problems with Copying and Pasting the log on here, it won't let me copy it off of TDSSKiller. I don't know what to do.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP