This topic is lockedEdited by Ultilee Stupid, 15 May 2011 - 05:47 PM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Vista Security 2011 Virus Problem
Started by
Ultilee Stupid
, May 04 2011 08:12 PM
123 replies to this topic
#46
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 15 May 2011 - 11:18 AM
Register to Remove
#47
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 16 May 2011 - 04:24 AM
Hi Ultilee Stupid,
Try this link
http://www.appremover.com/
There isn't one antivirus program that is best or perfect. Some may be a bit better than others. Free ones are just as good as most of the paid for ones, IMO.
Try this link
http://www.appremover.com/
There isn't one antivirus program that is best or perfect. Some may be a bit better than others. Free ones are just as good as most of the paid for ones, IMO.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#48
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 16 May 2011 - 09:30 AM
At around 9% of the removal process this popped up for a split second
Scan then continued and completed but AntiVir is still installed.
Which free antivirus programs would you recommend?
Avira AntiVir Personal - Free Antivirus
CCPLG.XML:
Unable to find file (C:\Program Files\Avira\AntiVirDesktop\ccplg.xml).
Scan then continued and completed but AntiVir is still installed.
Which free antivirus programs would you recommend?
#49
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 16 May 2011 - 09:37 AM
Hi Ultilee Stupid,
Run it again and see what happens.Scan then continued and completed but AntiVir is still installed.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#50
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 16 May 2011 - 11:38 AM
Same outcome
#51
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 16 May 2011 - 10:19 PM
Hi Ultilee Stupid,
We'll worry about alternate antivirus programs once we we get you down to one.
Let's try it with the Avira removal tool in safe mode.
Download Avira registry cleanerand save to your desktop.
Copy and paste these instructions into a notepad and save them to your desktop for reference. You will need them as you will be working in Safe Mode.
Reboot your computer in Safe Mode by doing the following :
Next
We'll worry about alternate antivirus programs once we we get you down to one.
Let's try it with the Avira removal tool in safe mode.
Download Avira registry cleanerand save to your desktop.
Copy and paste these instructions into a notepad and save them to your desktop for reference. You will need them as you will be working in Safe Mode.
Reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Next
- Extract the contents of registrycleaner_de.zip to a folder of your choice.
- Navigate to the folder to which you extracted the contents
- Run the RegistryCleaner program by Right clicking on RegCleaner.exe and selecting "Run as Administrator".
- click on Scan for keys
- Once the scan is finished, select the option Select all and click on Delete.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#52
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 17 May 2011 - 09:31 AM
SUCCESS! 
The pop up on start up is gone, i checked control panel and Antivir is gone. The only problem was Avira registry cleaner was in german but thankfully pretty self explanatory
The pop up on start up is gone, i checked control panel and Antivir is gone. The only problem was Avira registry cleaner was in german but thankfully pretty self explanatory
#53
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 17 May 2011 - 09:46 AM
Hi Ultilee Stupid,
Good job, finally some success.
Let's remove the rest of Antivir.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Next
Please post back with
Good job, finally some success.
Let's remove the rest of Antivir.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Right click SystemLook.exe and click "Run as Administrator" to run it.
- Copy the content of the following codebox into the main textfield
- Do not copy the word CODE , please note the script starts with the :
:folderfind *antivir* *avira*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Next
- right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- UNCheck the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Please post back with
- SystemLook log
- OTL.txt
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#54
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 17 May 2011 - 03:19 PM
SystemLook 04.09.10 by jpshortstuff
Log created at 22:06 on 17/05/2011 by VJones
Administrator - Elevation successful
========== folderfind ==========
Searching for "*antivir*"
C:\Program Files\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\ProgramData\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\Users\All Users\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
Searching for "*avira*"
C:\Program Files\Avira d------ [19:38 15/09/2009]
C:\ProgramData\Avira d------ [19:38 15/09/2009]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Avira d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Avira d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira d------ [19:38 15/09/2009]
C:\Users\All Users\Avira d------ [19:38 15/09/2009]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira d------ [19:38 15/09/2009]
-= EOF =-
OTL logfile created on: 17/05/2011 22:14:26 - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 62.55 Gb Free Space | 41.98% Space Free | Partition Type: NTFS
Drive D: | 3.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\lxdacoms.exe ( )
========== Modules (SafeList) ==========
MOD - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1142338
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/04 01:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 01:00:58 | 000,000,000 | ---D | M]
[2010/07/22 16:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions
[2009/03/31 00:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/05/11 16:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions
[2010/11/07 23:51:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/07 23:51:56 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011/05/13 01:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/13 01:48:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/01/03 20:39:01 | 000,000,000 | ---D | M] (Seekeen) -- C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
[2009/03/31 00:46:30 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2009/03/31 00:46:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/05/13 01:47:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/04 01:00:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/04 01:00:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/04 01:00:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/04 01:00:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/05/10 16:46:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O24 - Desktop BackupWallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/13 01:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/13 01:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/13 01:48:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/13 01:48:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/13 01:48:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/11 16:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/10 16:52:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/10 16:48:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/10 16:48:48 | 000,000,000 | ---D | C] -- C:\Users\VJones\AppData\Local\temp
[2011/05/10 16:25:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/10 16:22:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/09 16:13:57 | 000,000,000 | ---D | C] -- C:\Users\VJones\AppData\Local\VS Revo Group
[2011/05/09 16:13:48 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/05/09 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/05/09 16:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/08 18:17:36 | 000,100,736 | ---- | C] (GMER) -- C:\kxldipow.sys
[2011/05/06 17:03:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/27 12:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 12:19:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 12:19:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/03/26 15:44:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009/03/26 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009/03/26 15:44:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009/03/26 15:44:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009/03/26 15:44:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009/03/26 15:44:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009/03/26 15:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009/03/26 15:44:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009/03/26 15:44:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009/03/26 15:44:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009/03/26 15:44:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009/03/26 15:44:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009/03/26 15:44:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009/03/26 15:44:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009/03/26 15:44:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009/01/06 18:40:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\VJones\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/17 22:17:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
[2011/05/17 22:16:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
[2011/05/17 22:15:28 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011/05/17 22:13:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
[2011/05/17 21:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 20:25:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:25:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:09:20 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for VJones.job
[2011/05/17 16:26:52 | 003,631,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/17 16:26:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 16:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 16:25:30 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 14:52:34 | 000,609,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/17 14:52:34 | 000,108,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/17 13:52:29 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
[2011/05/13 01:47:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/13 01:47:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/13 01:47:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/13 01:47:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/10 16:46:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/09 16:13:54 | 000,001,049 | ---- | M] () -- C:\Users\VJones\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/05/09 16:13:54 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/05/08 18:30:59 | 220,121,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 18:17:36 | 000,100,736 | ---- | M] (GMER) -- C:\kxldipow.sys
[2011/05/07 15:05:29 | 000,008,914 | -HS- | M] () -- C:\ProgramData\3cpi6tpt7m70gnf
[2011/05/06 17:18:43 | 000,001,044 | ---- | M] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2011/05/02 15:16:38 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/25 22:40:01 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
========== Files Created - No Company Name ==========
[2011/05/17 16:25:29 | 2136,133,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/09 16:13:54 | 000,001,049 | ---- | C] () -- C:\Users\VJones\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/05/09 16:13:54 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/05/07 15:03:22 | 000,008,914 | -HS- | C] () -- C:\ProgramData\3cpi6tpt7m70gnf
[2011/04/02 20:48:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 20:48:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 20:48:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 20:48:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 20:48:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 21:54:27 | 000,000,036 | ---- | C] () -- C:\Users\VJones\AppData\Local\housecall.guid.cache
[2011/02/02 18:42:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/02 18:42:16 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/02 18:42:15 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/02 18:42:11 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/17 17:55:23 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/12/17 17:55:23 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/12/17 17:55:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/12/17 17:55:22 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/09/15 19:37:21 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/09/14 00:34:07 | 000,000,088 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/21 23:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/21 23:02:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 21:41:01 | 000,001,044 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2009/03/26 15:44:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009/03/26 15:44:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009/03/18 13:24:34 | 000,000,308 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009/01/22 22:29:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/01/21 21:31:33 | 000,013,824 | ---- | C] () -- C:\Users\VJones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 18:40:41 | 000,007,887 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.cat
[2009/01/06 18:40:41 | 000,001,144 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.inf
[2009/01/02 20:31:21 | 000,000,552 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d8caps.dat
[2009/01/02 20:28:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 19:03:58 | 000,000,680 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d9caps.dat
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/01/22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,631,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/27 13:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
Log created at 22:06 on 17/05/2011 by VJones
Administrator - Elevation successful
========== folderfind ==========
Searching for "*antivir*"
C:\Program Files\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\ProgramData\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\Users\All Users\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop d------ [19:38 15/09/2009]
Searching for "*avira*"
C:\Program Files\Avira d------ [19:38 15/09/2009]
C:\ProgramData\Avira d------ [19:38 15/09/2009]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Avira d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Avira d------ [19:38 15/09/2009]
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira d------ [19:38 15/09/2009]
C:\Users\All Users\Avira d------ [19:38 15/09/2009]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira d------ [19:38 15/09/2009]
-= EOF =-
OTL logfile created on: 17/05/2011 22:14:26 - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 62.55 Gb Free Space | 41.98% Space Free | Partition Type: NTFS
Drive D: | 3.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\lxdacoms.exe ( )
========== Modules (SafeList) ==========
MOD - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
========== Driver Services (SafeList) ==========
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1142338
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/04 01:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 01:00:58 | 000,000,000 | ---D | M]
[2010/07/22 16:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions
[2009/03/31 00:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/05/11 16:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions
[2010/11/07 23:51:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/07 23:51:56 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011/05/13 01:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/13 01:48:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/01/03 20:39:01 | 000,000,000 | ---D | M] (Seekeen) -- C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
[2009/03/31 00:46:30 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2009/03/31 00:46:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/05/13 01:47:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/04 01:00:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/04 01:00:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/04 01:00:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/04 01:00:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/05/10 16:46:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O24 - Desktop BackupWallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/13 01:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/13 01:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/13 01:48:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/13 01:48:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/13 01:48:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/11 16:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/10 16:52:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/10 16:48:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/10 16:48:48 | 000,000,000 | ---D | C] -- C:\Users\VJones\AppData\Local\temp
[2011/05/10 16:25:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/10 16:22:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/09 16:13:57 | 000,000,000 | ---D | C] -- C:\Users\VJones\AppData\Local\VS Revo Group
[2011/05/09 16:13:48 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/05/09 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/05/09 16:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/08 18:17:36 | 000,100,736 | ---- | C] (GMER) -- C:\kxldipow.sys
[2011/05/06 17:03:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/27 12:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 12:19:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 12:19:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/03/26 15:44:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009/03/26 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009/03/26 15:44:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009/03/26 15:44:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009/03/26 15:44:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009/03/26 15:44:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009/03/26 15:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009/03/26 15:44:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009/03/26 15:44:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009/03/26 15:44:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009/03/26 15:44:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009/03/26 15:44:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009/03/26 15:44:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009/03/26 15:44:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009/03/26 15:44:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009/01/06 18:40:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\VJones\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/17 22:17:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
[2011/05/17 22:16:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
[2011/05/17 22:15:28 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011/05/17 22:13:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
[2011/05/17 21:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 20:25:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:25:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:09:20 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for VJones.job
[2011/05/17 16:26:52 | 003,631,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/17 16:26:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 16:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 16:25:30 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 14:52:34 | 000,609,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/17 14:52:34 | 000,108,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/17 13:52:29 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
[2011/05/13 01:47:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/13 01:47:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/13 01:47:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/13 01:47:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/05/10 16:46:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/09 16:13:54 | 000,001,049 | ---- | M] () -- C:\Users\VJones\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/05/09 16:13:54 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/05/08 18:30:59 | 220,121,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 18:17:36 | 000,100,736 | ---- | M] (GMER) -- C:\kxldipow.sys
[2011/05/07 15:05:29 | 000,008,914 | -HS- | M] () -- C:\ProgramData\3cpi6tpt7m70gnf
[2011/05/06 17:18:43 | 000,001,044 | ---- | M] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2011/05/02 15:16:38 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/25 22:40:01 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
========== Files Created - No Company Name ==========
[2011/05/17 16:25:29 | 2136,133,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/09 16:13:54 | 000,001,049 | ---- | C] () -- C:\Users\VJones\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/05/09 16:13:54 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/05/07 15:03:22 | 000,008,914 | -HS- | C] () -- C:\ProgramData\3cpi6tpt7m70gnf
[2011/04/02 20:48:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 20:48:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 20:48:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 20:48:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 20:48:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 21:54:27 | 000,000,036 | ---- | C] () -- C:\Users\VJones\AppData\Local\housecall.guid.cache
[2011/02/02 18:42:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/02 18:42:16 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/02 18:42:15 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/02 18:42:11 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/17 17:55:23 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/12/17 17:55:23 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/12/17 17:55:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/12/17 17:55:22 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/09/15 19:37:21 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/09/14 00:34:07 | 000,000,088 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/21 23:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/21 23:02:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 21:41:01 | 000,001,044 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2009/03/26 15:44:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009/03/26 15:44:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009/03/18 13:24:34 | 000,000,308 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009/01/22 22:29:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/01/21 21:31:33 | 000,013,824 | ---- | C] () -- C:\Users\VJones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 18:40:41 | 000,007,887 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.cat
[2009/01/06 18:40:41 | 000,001,144 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.inf
[2009/01/02 20:31:21 | 000,000,552 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d8caps.dat
[2009/01/02 20:28:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 19:03:58 | 000,000,680 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d9caps.dat
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/01/22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,631,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/27 13:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
#55
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 17 May 2011 - 04:15 PM
Hi Ultilee Stupid,
Next, Right click on OTL.exe and chose Run as Administrator to run it
Then click the Run Fix button at the top
Please post back with
Thanks
Next, Right click on OTL.exe and chose Run as Administrator to run it
- Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
:Services :Files C:\ProgramData\3cpi6tpt7m70gnf C:\Program Files\Avira C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira C:\ProgramData\Avira C:\Users\All Users\Avira C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira :Commands [createrestorepoint]
Then click the Run Fix button at the top
- Let the program run unhindered
- Please save the resulting log to be posted in your next reply.
Please post back with
- OTL fix log
Thanks
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.Register to Remove
#56
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 18 May 2011 - 09:17 AM
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\ProgramData\3cpi6tpt7m70gnf moved successfully.
C:\Program Files\Avira\AntiVir Desktop\FAILSAFE folder moved successfully.
C:\Program Files\Avira\AntiVir Desktop folder moved successfully.
C:\Program Files\Avira folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\CONFIG folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Avira folder moved successfully.
File\Folder C:\Users\All Users\Avira not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.22.3 log created on 05182011_161510
Do MYFreeze and Softonic_English Toolbar still need to be removed?
========== FILES ==========
C:\ProgramData\3cpi6tpt7m70gnf moved successfully.
C:\Program Files\Avira\AntiVir Desktop\FAILSAFE folder moved successfully.
C:\Program Files\Avira\AntiVir Desktop folder moved successfully.
C:\Program Files\Avira folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\TEMP folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop\CONFIG folder moved successfully.
C:\ProgramData\Avira\AntiVir Desktop folder moved successfully.
C:\ProgramData\Avira folder moved successfully.
File\Folder C:\Users\All Users\Avira not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Avira not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.22.3 log created on 05182011_161510
Do MYFreeze and Softonic_English Toolbar still need to be removed?
Just beefing up virus protection i think.Any remaining issues?
#57
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 18 May 2011 - 10:02 PM
Hi Ultilee Stupid,
From your desktop, please delete, if present
Next
Click the Start button, click Run. [Vista users, go Start>"Start search"] Copy and paste the following line into the run box and click OK
Combofix /uninstall
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
ESET online scan can be removed via add/remove programs.
You can keep Revo Uninstaller or uninstall it via add/remove.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have Comodo antivirus, COMODO Defense+ and firewall plus Windows Defender and MBAM and . You have the basics. If you need assistance setting up the Comodo Firewall I suggest you look at this forum.
You should also use Spyware Blaster to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis
- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System
- Keep your antivirus program updated, as well as any other security programs you have.
You know about Site Adviser and Norton Safe WebWeb of Trust is a similar tool.
-More tips and programs can be found HERE. You may find some programs that you can use to suppliment what you already have.
- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879
Please post back if you have any problems.
Take care
From your desktop, please delete, if present
- any notepads/logs that we created
- GMER
- aswMBR.exe
- SystemLook
- registrycleaner_de.zip
- AppRemover
Next
Click the Start button, click Run. [Vista users, go Start>"Start search"] Copy and paste the following line into the run box and click OK
Combofix /uninstall
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
ESET online scan can be removed via add/remove programs.
You can keep Revo Uninstaller or uninstall it via add/remove.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have Comodo antivirus, COMODO Defense+ and firewall plus Windows Defender and MBAM and . You have the basics. If you need assistance setting up the Comodo Firewall I suggest you look at this forum.
You should also use Spyware Blaster to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis
- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System
- Keep your antivirus program updated, as well as any other security programs you have.
You know about Site Adviser and Norton Safe WebWeb of Trust is a similar tool.
-More tips and programs can be found HERE. You may find some programs that you can use to suppliment what you already have.
- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879
Please post back if you have any problems.
Take care
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#58
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 19 May 2011 - 10:12 AM
The only problem at the momet is the Internet Explorer browser won't connect to the internet
This is in the the search toolbar
http://click.freeze....intage=20090101
At the bottom of the browser it says Internet | Protection Mode: Off
When i click Diagnoise Connection Problems, there are instructions to change the Proxy server. Not sure what that means
Edit: also i've just tried updating Windows but an error occured during installation
I clicked help
Internet Explorer cannot display the webpage
What you can try:
Diagnose Connection Problems
This is in the the search toolbar
http://click.freeze....intage=20090101
At the bottom of the browser it says Internet | Protection Mode: Off
When i click Diagnoise Connection Problems, there are instructions to change the Proxy server. Not sure what that means
Edit: also i've just tried updating Windows but an error occured during installation
Error(s) found:
Code 643 Windows Update encountered an unknown error
Get help with this error
I clicked help
result for "WindowsUpdate_00000643" "WindowsUpdate_dt000"
Edited by Ultilee Stupid, 19 May 2011 - 10:47 AM.
#59
oldman960
-
- Retired Classroom Teacher
-
- 14,770 posts
Forum God
Posted 19 May 2011 - 09:48 PM
Hi Ultilee Stupid,
Sorry about that. I got so excited that we were able to remove Antivir I forgot about about the toolbars. Let's see if we can resolve the update issue first.
Go HERE and run the Fix It tool from Microsoft. Let me know if the issue was resolved. If not we will try the altnerative method offered.
Sorry about that. I got so excited that we were able to remove Antivir I forgot about about the toolbars. Let's see if we can resolve the update issue first.
Go HERE and run the Fix It tool from Microsoft. Let me know if the issue was resolved. If not we will try the altnerative method offered.
Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself
Microsoft MVP 2011-2015
Threads will be closed if no response after 5 days.
#60
Ultilee Stupid
-
- Authentic Member
-
- 197 posts
Authentic Member
Posted 20 May 2011 - 09:11 AM
There's no link at Here
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
