Jump to content

is this malware?


Recommended Posts

Online Armor found this:

68dcaf6b-2ace-4fec-91bf-3c2ce0f29478.exe, 0.0.0.0, (0.0.0.0)

C:\WINDOWS\Temp\68dcaf6b-2ace-4fec-91bf-3c2ce0f29478.exe

Hash(MD5): A16F36F49A7B9BBF1A1FD715362E39EA

I don't know what it is and couldn't find anything on it from a google search.

Thanks.

Link to post
Share on other sites

Hello, zee

Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.

This is indeed looking like malware. We will have a deeper look.

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Unfortunately, we got more malware in the meantime and I ran Eset and Malwarebytes before I saw your post. Malwarebytes found 3 "pups" and removed them. The malware is torntv.exe. It put a searchbar on the browsers and hijacks to its homepage. I tried to remove it from the control panel and it jammed the computer so I had to reboot. I also posted to MajorGeeks about the torntv problem. Also, I downloaded security updates for windows xp but haven't installed them yet.

Link to post
Share on other sites

Would you know if the 2-spyware.com forum is trustworthy? They say they have a tool to remove the torntv problem. Also, I was wondering about whether to install the critical updates for the windows xp?

Thanks.

I thought I had posted the log files from OTL in my previous post. I definitely pasted them into an edit - in any case, here they are:

OTL logfile created on: 11/15/2012 9:37:14 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\soma\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 109.44 Mb Available Physical Memory | 14.29% Memory free

1.46 Gb Paging File | 0.70 Gb Available in Paging File | 48.21% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 189.91 Gb Total Space | 143.73 Gb Free Space | 75.68% Space Free | Partition Type: NTFS

Drive D: | 572.50 Mb Total Space | 534.64 Mb Free Space | 93.39% Space Free | Partition Type: FS_UDF

Computer Name: DELL-TOP | User Name: soma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/15 21:33:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soma\Desktop\OTL.exe

PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/10/27 11:09:32 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/10/23 06:59:45 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe

PRC - [2012/10/23 06:59:16 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\OAsrv.exe

PRC - [2012/10/23 06:58:00 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe

PRC - [2012/10/23 06:57:45 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe

PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe

PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012/09/16 05:43:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2012/08/03 22:42:58 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

PRC - [2012/08/03 22:42:52 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/04 02:58:05 | 001,827,840 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12110400\algo.dll

MOD - [2012/11/02 11:18:26 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

MOD - [2012/10/27 11:09:31 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe

MOD - [2012/08/07 18:29:00 | 000,542,792 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll

MOD - [2012/08/07 18:29:00 | 000,382,024 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll

MOD - [2012/08/07 18:29:00 | 000,193,608 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll

MOD - [2012/08/03 22:41:34 | 000,065,096 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll

MOD - [2012/08/03 22:41:34 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll

MOD - [2012/08/03 22:41:32 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll

MOD - [2012/08/03 22:41:30 | 000,105,032 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll

MOD - [2012/08/03 22:41:26 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll

MOD - [2012/08/03 22:41:24 | 000,050,760 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll

MOD - [2012/08/03 22:41:24 | 000,035,912 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll

MOD - [2012/08/03 22:41:22 | 000,022,088 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll

MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

MOD - [2011/04/11 00:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll

MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll

MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll

MOD - [2004/03/10 18:03:14 | 000,134,656 | ---- | M] () -- C:\Program Files\ZeroFootprintCrypt\ZFC_CtMe.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - File not found [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2012/11/02 11:18:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/27 11:09:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/10/23 06:59:16 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAsrv.exe -- (SvcOnlineArmor)

SRV - [2012/10/23 06:57:45 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat)

SRV - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/09/16 05:43:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2012/08/03 22:42:58 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)

SRV - [2012/08/03 22:42:52 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)

SRV - [2012/04/05 18:45:44 | 000,129,536 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc2.exe -- (Samsung UPD Service2)

SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/23 07:00:32 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)

DRV - [2012/10/23 06:58:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)

DRV - [2012/10/23 06:58:03 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)

DRV - [2012/10/23 06:57:46 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/08/20 14:57:56 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)

DRV - [2012/08/03 22:42:46 | 000,185,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)

DRV - [2012/08/03 22:42:40 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)

DRV - [2012/08/03 22:42:40 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2011/03/31 14:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)

DRV - [2011/03/31 14:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2007/02/22 11:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files\ASTRA32\astra32.sys -- (ASTRA32)

DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2004/05/17 22:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2003/10/14 22:10:52 | 000,644,377 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2003/10/14 22:10:10 | 001,231,829 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2003/10/14 22:09:32 | 000,059,685 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2003/10/14 22:09:18 | 000,033,300 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003/08/28 18:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2003/03/05 11:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)

DRV - [2002/12/12 05:23:34 | 000,459,776 | ---- | M] (ahead software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)

DRV - [2002/06/05 11:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor)

DRV - [2001/08/17 12:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)

DRV - [1998/02/21 11:37:10 | 000,115,136 | ---- | M] (Shuttle Technology.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN)

DRV - [1997/04/10 13:08:24 | 000,085,868 | ---- | M] (Silitek Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppclass.sys -- (PPCLASS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6OyUi1J6BC&i=26

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C D6 F1 20 B9 65 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyUi1J6BC&i=26

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://mystart.incre...OyUi1J6BC&i=26"

FF - prefs.js..extensions.enabledAddons: [email protected]:1.0b4

FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0

FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.530

FF - prefs.js..keyword.URL: "http://mystart.incre...&&i=26&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdn32.dll (CambridgeSoft Corp.)

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 05:18:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/15 12:00:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 11:09:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/12 11:25:27 | 000,000,000 | ---D | M]

[2012/07/01 10:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Extensions

[2012/11/15 12:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions

[2012/11/15 12:01:30 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected]

[2012/10/18 07:59:22 | 032,108,751 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected]

[2012/10/18 08:06:37 | 022,583,554 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected]

[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected]

[2012/11/15 11:59:51 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected]

[2012/11/15 12:00:26 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\searchplugins\MyStart Search.xml

[2012/10/12 10:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/11/15 12:00:54 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX

[2012/10/27 11:09:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/01/18 17:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2012/10/11 09:48:18 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2012/08/30 18:53:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/12 10:09:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/07/03 20:26:17 | 000,411,396 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14217 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Emsisoft GmbH)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341153041765 (MUWebControl Class)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB36D1FD-CE3D-4755-BE19-2B1F1B31DCEC}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Emsisoft GmbH)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/01 23:27:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 21:33:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\soma\Desktop\OTL.exe

[2012/11/15 21:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/11/15 17:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\Incredibar.com

[2012/11/15 15:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/15 15:29:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/11/15 15:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/15 12:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com

[2012/11/15 12:01:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC

[2012/11/15 12:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT

[2012/11/15 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater

[2012/11/15 11:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it

[2012/11/15 11:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Start Menu\Programs\TornTV.com

[2012/11/15 11:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\TornTV.com

[2012/11/15 11:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\Motorola

[2012/11/15 11:56:51 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motport.sys

[2012/11/15 11:56:50 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys

[2012/11/15 11:56:49 | 000,020,480 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys

[2012/11/15 11:56:49 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys

[2012/11/15 11:56:49 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys

[2012/11/15 11:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared

[2012/11/15 11:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola

[2012/11/12 10:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\KVIrc4

[2012/11/12 10:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Downloads

[2012/11/12 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KVIrc

[2012/11/12 10:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\KVIrc

[2012/10/27 23:20:27 | 000,000,000 | ---D | C] -- C:\My Backups

[2012/10/27 23:20:08 | 000,185,032 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys

[2012/10/27 23:20:08 | 000,050,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys

[2012/10/27 23:20:08 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys

[2012/10/27 23:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Free 5.0

[2012/10/27 23:18:21 | 000,019,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe

[2012/10/27 23:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS

[2012/10/27 19:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player - Codec Pack

[2012/10/27 19:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP

[2012/10/27 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft

[2012/10/27 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft

[2012/10/27 11:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2012/10/27 10:11:11 | 000,000,000 | ---D | C] -- C:\filtering

[2012/10/27 07:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2012/10/27 07:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\Nikon

[2012/10/27 07:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Local Settings\Application Data\Nikon

[2012/10/27 06:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nikon Message Center 2

[2012/10/27 06:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ViewNX 2

[2012/10/27 06:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon

[2012/10/27 06:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon

[2012/10/27 06:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2012/10/27 06:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2012/10/27 06:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2012/10/27 06:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Link to Nikon

[2012/10/23 06:06:39 | 000,000,000 | ---D | C] -- C:\apt

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/15 21:33:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soma\Desktop\OTL.exe

[2012/11/15 21:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/11/15 20:56:32 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/11/15 20:56:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/11/15 20:55:14 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job

[2012/11/15 20:54:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/11/15 17:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-507921405-725345543-1004UA.job

[2012/11/15 15:32:18 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/15 12:01:37 | 000,000,447 | ---- | M] () -- C:\user.js

[2012/11/15 11:59:50 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\TornTV.lnk

[2012/11/15 11:57:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job

[2012/11/15 11:57:11 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job

[2012/11/15 11:57:10 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job

[2012/11/15 11:24:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01007.Wdf

[2012/11/15 11:24:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf

[2012/11/15 11:23:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf

[2012/11/15 11:23:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf

[2012/11/15 11:23:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2012/11/15 11:01:27 | 000,000,129 | ---- | M] () -- C:\Shortcut to 3½ Floppy (A).lnk

[2012/11/15 03:49:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-507921405-725345543-1004Core.job

[2012/11/14 09:00:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\back.job

[2012/11/12 10:16:03 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\soma\kvirc4.ini

[2012/11/12 10:14:11 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KVIrc.lnk

[2012/11/10 23:47:25 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ulead32.ini

[2012/11/04 05:19:05 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/11/04 05:17:12 | 000,413,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/11/04 05:17:12 | 000,060,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/10/30 18:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/10/27 23:19:03 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 5.0.lnk

[2012/10/27 18:57:49 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT

[2012/10/27 18:55:21 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT

[2012/10/27 07:41:04 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2012/10/27 07:33:16 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

[2012/10/27 06:56:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX2.INI

[2012/10/27 06:38:13 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration

[2012/10/27 06:38:13 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\URLs

[2012/10/27 06:36:14 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk

[2012/10/27 06:35:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Tables

[2012/10/27 06:35:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\System Image Utility

[2012/10/27 06:35:25 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\User Pictures

[2012/10/27 06:35:25 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Trumpet Section

[2012/10/27 06:34:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT

[2012/10/27 06:34:02 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\vhosts

[2012/10/23 07:00:32 | 000,031,920 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys

[2012/10/23 06:58:34 | 000,027,648 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys

[2012/10/23 06:58:03 | 000,044,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys

[2012/10/23 06:57:46 | 000,208,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys

[2012/10/20 05:32:01 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\Backup.lnk

[2012/10/19 09:38:52 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\Windows Media Player.lnk

[2012/10/19 08:53:59 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\soma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/17 07:37:54 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\SolveigMM AVI Trimmer + MKV.lnk

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/15 15:29:55 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/15 12:01:34 | 000,000,447 | ---- | C] () -- C:\user.js

[2012/11/15 12:01:10 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll

[2012/11/15 11:59:50 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\TornTV.lnk

[2012/11/15 11:57:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Update.job

[2012/11/15 11:57:11 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper MUM.job

[2012/11/15 11:57:10 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Routing.job

[2012/11/15 11:24:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01007.Wdf

[2012/11/15 11:24:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf

[2012/11/15 11:23:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf

[2012/11/15 11:23:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf

[2012/11/15 11:23:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2012/11/15 11:01:27 | 000,000,129 | ---- | C] () -- C:\Shortcut to 3½ Floppy (A).lnk

[2012/11/12 10:16:03 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\soma\kvirc4.ini

[2012/11/12 10:14:11 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KVIrc.lnk

[2012/11/02 11:18:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/10/27 23:19:08 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys

[2012/10/27 23:19:03 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 5.0.lnk

[2012/10/27 07:41:04 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2012/10/27 06:56:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI

[2012/10/27 06:38:13 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration

[2012/10/27 06:38:13 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT

[2012/10/27 06:38:13 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\URLs

[2012/10/27 06:36:14 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk

[2012/10/27 06:35:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Tables

[2012/10/27 06:35:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\System Image Utility

[2012/10/27 06:35:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT

[2012/10/27 06:35:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT

[2012/10/27 06:35:25 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\User Pictures

[2012/10/27 06:34:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT

[2012/10/27 06:34:02 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\vhosts

[2012/10/27 06:34:02 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Trumpet Section

[2012/10/20 05:31:59 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\Backup.lnk

[2012/10/19 09:38:52 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\Windows Media Player.lnk

[2012/10/19 08:53:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\soma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/10/17 07:37:54 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\SolveigMM AVI Trimmer + MKV.lnk

[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini

[2012/09/25 00:30:54 | 003,915,776 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll

[2012/09/25 00:30:04 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2012/09/25 00:29:20 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2012/09/25 00:29:00 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2012/09/25 00:29:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2012/09/25 00:29:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2012/09/25 00:28:58 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2012/09/25 00:28:58 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2012/09/25 00:28:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2012/08/24 22:07:48 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe

[2012/07/19 13:56:08 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll

[2012/07/19 13:56:02 | 006,894,331 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll

[2012/07/19 13:56:02 | 001,111,581 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll

[2012/07/19 13:56:02 | 000,401,685 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll

[2012/07/19 13:56:02 | 000,232,895 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll

[2012/07/19 13:56:02 | 000,162,743 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-3.dll

[2012/07/19 13:56:02 | 000,101,820 | ---- | C] () -- C:\WINDOWS\System32\avresample-lav-0.dll

[2012/07/10 21:56:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\UTHUNK32.DLL

[2012/07/05 08:15:06 | 000,310,272 | ---- | C] () -- C:\WINDOWS\System32\UPDIO2.dll

[2012/07/05 08:14:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll

[2012/07/05 08:14:54 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\SUPDRun.exe

[2012/07/05 08:14:53 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe

[2012/06/17 16:15:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe

[2012/06/17 16:14:58 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe

[2012/06/17 16:14:42 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll

[2012/05/12 17:42:16 | 001,272,320 | ---- | C] () -- C:\WINDOWS\System32\avcodec-53.dll

[2012/05/12 17:42:16 | 000,146,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-51.dll

[2012/03/18 07:17:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2012/03/15 19:03:12 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys

[2012/03/14 22:47:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini

[2012/02/15 18:19:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/04 07:43:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll

[2011/09/15 04:26:38 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2011/09/15 04:26:38 | 000,000,095 | ---- | C] () -- C:\WINDOWS\vista32.ini

[2011/09/15 04:26:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini

[2011/09/15 04:26:35 | 000,047,616 | ---- | C] () -- C:\WINDOWS\ucmsp_32.dll

[2011/09/15 04:26:32 | 000,171,024 | ---- | C] () -- C:\WINDOWS\p1220_16.dll

[2011/09/15 04:26:32 | 000,150,560 | ---- | C] () -- C:\WINDOWS\vud32.dll

[2011/09/15 04:26:32 | 000,112,672 | ---- | C] () -- C:\WINDOWS\p1220_32.dll

[2011/09/15 04:26:32 | 000,105,504 | ---- | C] () -- C:\WINDOWS\p6xx_32.dll

[2011/09/15 04:26:32 | 000,064,845 | ---- | C] () -- C:\WINDOWS\pmmail.exe

[2011/09/15 04:26:32 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll

[2011/09/15 04:26:31 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll

[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe

[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe

[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe

[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2011/07/01 04:58:59 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys

[2011/06/23 22:58:32 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/06/23 22:58:04 | 000,877,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/06/13 15:01:46 | 000,068,852 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp

[2011/06/13 15:01:46 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp

[2011/06/13 14:46:39 | 000,069,000 | ---- | C] () -- C:\WINDOWS\hpoins05.dat

[2011/06/13 14:46:39 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat

[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2011/02/11 05:26:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll

========== ZeroAccess Check ==========

[2011/06/13 15:04:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\System32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/27 05:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/07/08 05:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft

[2012/10/27 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2012/10/27 11:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2011/09/13 17:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development

[2010/07/28 18:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2011/05/23 07:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2012/07/05 08:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung

[2010/06/24 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/09/13 17:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2012/10/27 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2012/08/24 22:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/08/26 18:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker

[2012/01/21 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/11/15 17:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Incredibar.com

[2012/11/12 10:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\KVIrc4

[2012/11/15 11:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Motorola

[2012/10/27 07:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Nikon

[2012/08/09 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Nova Development

[2012/07/01 10:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\OnlineArmor

[2012/07/28 06:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\OpenOffice.org

[2012/10/12 11:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Tracker Software

[2012/07/07 22:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Ulead Systems

========== Purity Check ==========

< End of report >

--------------------------------------------------------------

OTL Extras logfile created on: 11/15/2012 9:37:14 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\soma\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.98 Mb Total Physical Memory | 109.44 Mb Available Physical Memory | 14.29% Memory free

1.46 Gb Paging File | 0.70 Gb Available in Paging File | 48.21% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 189.91 Gb Total Space | 143.73 Gb Free Space | 75.68% Space Free | Partition Type: NTFS

Drive D: | 572.50 Mb Total Space | 534.64 Mb Free Space | 93.39% Space Free | Partition Type: FS_UDF

Computer Name: DELL-TOP | User Name: soma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /x ()

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:port forwarding

"1723:UDP" = 1723:UDP:*:Enabled:port forwarding

"500:TCP" = 500:TCP:*:Enabled:port forwarding

"500:UDP" = 500:UDP:*:Enabled:port forwarding

"1889:TCP" = 1889:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\downloads\video_converter_setup.exe" = C:\downloads\video_converter_setup.exe:*:Enabled:Video Converter

"C:\WINDOWS\system32\SUPDSvc2.exe" = C:\WINDOWS\system32\SUPDSvc2.exe:*:Enabled:Samsung UPD Service2 -- (Samsung Electronics)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)

"C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe:*:Enabled:TbService.exe -- (CHENGDU YIWO Tech Development Co., Ltd)

"C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe -- (CHENGDU YIWO Tech Development Co., Ltd)

"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu

"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy

"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant

"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax

"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare

"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1

"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload

"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530

"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour

"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext

"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe

"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor

"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone

"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM

"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects

"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery

"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update

"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan

"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0

"{6EA8CF9D-E8BA-462C-BADD-7C33038D7F9F}" = CambridgeSoft ChemDraw Plugin Net 12.0

"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1

"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config

"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update

"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update

"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update

"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update

"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard

"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2

"{B01B5689-930B-40A8-AC57-A0E88AAED7D9}" = Microsoft Office Word 2003 XML Viewer

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director

"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch

"{C98876CB-9847-4DCB-96F6-98CD5D66D2E2}" = Document Express DjVu Plug-in

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg

"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer

"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb

"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates

"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1ClickDownload" = TornTV

"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AnswerWorks" = AnswerWorks Runtime

"Any Video Converter_is1" = Any Video Converter 3.5.6

"ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 2.05

"avast" = avast! Free Antivirus

"Avi2Dvd" = Avi2Dvd 0.6.4

"Corel Applications" = Corel Applications

"DVD Flick_is1" = DVD Flick 1.3.0.7

"EaseUS Todo Backup Free 5.0_is1" = EaseUS Todo Backup Free 5.0

"ESET Online Scanner" = ESET Online Scanner v3

"Free Easy Burner_is1" = Free Easy Burner V 5.1

"Gzip-1.3.12-1_is1" = GnuWin32: Gzip-1.3.12-1

"HP Photo & Imaging" = HP Image Zone 4.7

"HPExtendedCapabilities" = HP Extended Capabilities 4.7

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"InCD!UninstallKey" = Ahead InCD

"incredibar" = Incredibar Toolbar on IE

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"IsoBuster_is1" = IsoBuster 2.8.5

"KVIrc" = KVIrc

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Media Player - Codec Pack" = Media Player Codec Pack 4.2.3

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mplayer" = Mplayer 0.6.9

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NirSoft WebVideoCap" = NirSoft WebVideoCap

"OnlineArmor_is1" = Online Armor 5.5

"OpenSSL-0.9.8h-1_is1" = GnuWin32: OpenSSL-0.9.8h-1

"PROSet" = Intel® PRO Network Adapters and Drivers

"Quicken 2001 Basic" = Quicken 2001 Basic

"Samsung ML-2250 Series" = Samsung ML-2250 Series

"Smart Defrag 2_is1" = Smart Defrag 2

"SolveigMM AVI Trimmer 2.0.1210.11" = SolveigMM AVI Trimmer

"SpywareBlaster_is1" = SpywareBlaster 4.3

"VLC media player" = VLC media player 2.0.2

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WNLT" = IB Updater Service

"Word8.0" = Microsoft Word 97

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid Video Codec 1.3.2" = Xvid Video Codec

"ZeroFootprint Crypt 4.03.05" = ZeroFootprint Crypt 4.03.05

Error encountered while reading event logs.

< End of report >

------------------------------------------------

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.15.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

soma :: DELL-TOP [administrator]

11/15/2012 3:33:45 PM

mbam-log-2012-11-15 (15-33-45).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 323778

Time elapsed: 1 hour(s), 8 minute(s), 37 second(s)

Memory Processes Detected: 1

C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 2544 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.

(end)

Link to post
Share on other sites

Hi,

Please wait with installing updates until we are finished.

Please attach logfiles instead of posting them into the thread.

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Also please attach a fresh OTL logfile.

Link to post
Share on other sites

Sorry - there's another person who uses the computer and I didn't mention to not reboot it - so the critical updates seem to have automatically been installed.

I wasn't able to find the "extras.txt" after exiting the otl program. Is there somewhere it gets saved?

Thanks for the help.

Link to post
Share on other sites

Hi,

How is it running?

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites

I ran OTL but it didn't seem to create an "extras.txt".

I've been unable to remove torn-tv. When I try to remove it from add/remove programs it causes the computer to freeze and I have to turn off the computer in order to reboot. I'm wondering if having removed the add-on from firefox might be why it won't remove from add/remove programs.

Link to post
Share on other sites

The Revo uninstaller was unable to remove torn-tv by the usual method --the computer froze and I had to turn it off to reboot. I had to use the force-uninstall. It seems to have removed everything it could find of the program.

Link to post
Share on other sites

When I try to uninstall Firefox from the control panel, it causes the computer to freeze and I have to turn the power off to get it to reboot. Using Revo forced uninstall (to remove Firefox) seemed to cause Internet Explorer to stop being able to connect to anything. It wouldn't connect to the modem (192.168.1.1) either. This seemed to cause a problem with a 2nd computer that is connected by a switch (hub?) to the modem and it wasn't able to connect to anything either. I finally did a system restore. There is a 2nd program listed below Firefox in  "add/remove programs"called "Mozilla Maintenance Service" that also jammed the computer when I tried to remove it.

Link to post
Share on other sites

I downloaded and reinstalled Firefox. The "Maintenance Service" seems to be a part of the Firefox program and downloads with it. I was still unable to remove Firefox or the Maintenance Service after the re-installation - it caused the computer to freeze.

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either http://support.emsisoft.com/index.php?/user/47-shadowputerdude/'>ShadowPuterDude, http://support.emsisoft.com/user/23145-elise/'>Elise, or http://support.emsisoft.com/user/18745-gt500/'>GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled http://support.emsisoft.com/index.php?/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/'>START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...