zee 0 Posted November 14, 2012 Report Share Posted November 14, 2012 Online Armor found this: 68dcaf6b-2ace-4fec-91bf-3c2ce0f29478.exe, 0.0.0.0, (0.0.0.0) C:\WINDOWS\Temp\68dcaf6b-2ace-4fec-91bf-3c2ce0f29478.exe Hash(MD5): A16F36F49A7B9BBF1A1FD715362E39EA I don't know what it is and couldn't find anything on it from a google search. Thanks. Link to post Share on other sites
schrauber 30 Posted November 14, 2012 Report Share Posted November 14, 2012 Hello, zee Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm. This is indeed looking like malware. We will have a deeper look. Please download OTL from one of the following mirrors: This is THE Mirror [*]Save it to your desktop. [*]Double click on the icon on your desktop. [*]Push the Quick Scan button. [*]Two reports will open, copy and paste them in a reply here: OTL.txt <-- Will be opened Extra.txt <-- Will be minimized Link to post Share on other sites
zee 0 Posted November 16, 2012 Author Report Share Posted November 16, 2012 Unfortunately, we got more malware in the meantime and I ran Eset and Malwarebytes before I saw your post. Malwarebytes found 3 "pups" and removed them. The malware is torntv.exe. It put a searchbar on the browsers and hijacks to its homepage. I tried to remove it from the control panel and it jammed the computer so I had to reboot. I also posted to MajorGeeks about the torntv problem. Also, I downloaded security updates for windows xp but haven't installed them yet. Link to post Share on other sites
schrauber 30 Posted November 16, 2012 Report Share Posted November 16, 2012 Please choose for one forum to get help, and write in the other thread that you already get some help. Also please run OTL and show me the logfile from Malwarebytes Link to post Share on other sites
zee 0 Posted November 16, 2012 Author Report Share Posted November 16, 2012 Would you know if the 2-spyware.com forum is trustworthy? They say they have a tool to remove the torntv problem. Also, I was wondering about whether to install the critical updates for the windows xp? Thanks. I thought I had posted the log files from OTL in my previous post. I definitely pasted them into an edit - in any case, here they are: OTL logfile created on: 11/15/2012 9:37:14 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\soma\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 765.98 Mb Total Physical Memory | 109.44 Mb Available Physical Memory | 14.29% Memory free 1.46 Gb Paging File | 0.70 Gb Available in Paging File | 48.21% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 189.91 Gb Total Space | 143.73 Gb Free Space | 75.68% Space Free | Partition Type: NTFS Drive D: | 572.50 Mb Total Space | 534.64 Mb Free Space | 93.39% Space Free | Partition Type: FS_UDF Computer Name: DELL-TOP | User Name: soma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/15 21:33:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soma\Desktop\OTL.exe PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/10/27 11:09:32 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/10/23 06:59:45 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe PRC - [2012/10/23 06:59:16 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\OAsrv.exe PRC - [2012/10/23 06:58:00 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe PRC - [2012/10/23 06:57:45 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/09/16 05:43:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2012/08/03 22:42:58 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe PRC - [2012/08/03 22:42:52 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe ========== Modules (No Company Name) ========== MOD - [2012/11/04 02:58:05 | 001,827,840 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12110400\algo.dll MOD - [2012/11/02 11:18:26 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012/10/27 11:09:31 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe MOD - [2012/08/07 18:29:00 | 000,542,792 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll MOD - [2012/08/07 18:29:00 | 000,382,024 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll MOD - [2012/08/07 18:29:00 | 000,193,608 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll MOD - [2012/08/03 22:41:34 | 000,065,096 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll MOD - [2012/08/03 22:41:34 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll MOD - [2012/08/03 22:41:32 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll MOD - [2012/08/03 22:41:30 | 000,105,032 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll MOD - [2012/08/03 22:41:26 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll MOD - [2012/08/03 22:41:24 | 000,050,760 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll MOD - [2012/08/03 22:41:24 | 000,035,912 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll MOD - [2012/08/03 22:41:22 | 000,022,088 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe MOD - [2011/04/11 00:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll MOD - [2004/03/10 18:03:14 | 000,134,656 | ---- | M] () -- C:\Program Files\ZeroFootprintCrypt\ZFC_CtMe.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - File not found [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2012/11/02 11:18:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/10/27 11:09:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/23 06:59:16 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAsrv.exe -- (SvcOnlineArmor) SRV - [2012/10/23 06:57:45 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat) SRV - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/09/16 05:43:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012/08/03 22:42:58 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2012/08/03 22:42:52 | 000,069,192 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2012/04/05 18:45:44 | 000,129,536 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc2.exe -- (Samsung UPD Service2) SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/23 07:00:32 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2012/10/23 06:58:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2012/10/23 06:58:03 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012/10/23 06:57:46 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/08/20 14:57:56 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON) DRV - [2012/08/03 22:42:46 | 000,185,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK) DRV - [2012/08/03 22:42:40 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP) DRV - [2012/08/03 22:42:40 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2011/03/31 14:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport) DRV - [2011/03/31 14:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2007/02/22 11:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files\ASTRA32\astra32.sys -- (ASTRA32) DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2004/05/17 22:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2003/10/14 22:10:52 | 000,644,377 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2003/10/14 22:10:10 | 001,231,829 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2003/10/14 22:09:32 | 000,059,685 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2003/10/14 22:09:18 | 000,033,300 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/08/28 18:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci) DRV - [2003/03/05 11:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2002/12/12 05:23:34 | 000,459,776 | ---- | M] (ahead software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF) DRV - [2002/06/05 11:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor) DRV - [2001/08/17 12:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS) DRV - [1998/02/21 11:37:10 | 000,115,136 | ---- | M] (Shuttle Technology.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN) DRV - [1997/04/10 13:08:24 | 000,085,868 | ---- | M] (Silitek Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppclass.sys -- (PPCLASS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6OyUi1J6BC&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C D6 F1 20 B9 65 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyUi1J6BC&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://mystart.incre...OyUi1J6BC&i=26" FF - prefs.js..extensions.enabledAddons: [email protected]:1.0b4 FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.530 FF - prefs.js..keyword.URL: "http://mystart.incre...&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdn32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 05:18:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/15 12:00:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 11:09:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/12 11:25:27 | 000,000,000 | ---D | M] [2012/07/01 10:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Extensions [2012/11/15 12:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions [2012/11/15 12:01:30 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected] [2012/10/18 07:59:22 | 032,108,751 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected] [2012/10/18 08:06:37 | 022,583,554 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected] [2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected] [2012/11/15 11:59:51 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\extensions\[email protected] [2012/11/15 12:00:26 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\soma\Application Data\Mozilla\Firefox\Profiles\n7baw8p0.default\searchplugins\MyStart Search.xml [2012/10/12 10:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/15 12:00:54 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/10/27 11:09:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/01/18 17:01:46 | 001,826,704 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2012/10/11 09:48:18 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012/08/30 18:53:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/12 10:09:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2010/07/03 20:26:17 | 000,411,396 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14217 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Emsisoft GmbH) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341153041765 (MUWebControl Class) O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB36D1FD-CE3D-4755-BE19-2B1F1B31DCEC}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Emsisoft GmbH) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/01 23:27:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/15 21:33:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\soma\Desktop\OTL.exe [2012/11/15 21:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/11/15 17:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\Incredibar.com [2012/11/15 15:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/15 15:29:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/11/15 15:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/15 12:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com [2012/11/15 12:01:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC [2012/11/15 12:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT [2012/11/15 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater [2012/11/15 11:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it [2012/11/15 11:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Start Menu\Programs\TornTV.com [2012/11/15 11:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\TornTV.com [2012/11/15 11:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\Motorola [2012/11/15 11:56:51 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motport.sys [2012/11/15 11:56:50 | 000,024,064 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2012/11/15 11:56:49 | 000,020,480 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys [2012/11/15 11:56:49 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys [2012/11/15 11:56:49 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys [2012/11/15 11:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared [2012/11/15 11:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola [2012/11/12 10:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\KVIrc4 [2012/11/12 10:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Downloads [2012/11/12 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KVIrc [2012/11/12 10:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\KVIrc [2012/10/27 23:20:27 | 000,000,000 | ---D | C] -- C:\My Backups [2012/10/27 23:20:08 | 000,185,032 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys [2012/10/27 23:20:08 | 000,050,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys [2012/10/27 23:20:08 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys [2012/10/27 23:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Free 5.0 [2012/10/27 23:18:21 | 000,019,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe [2012/10/27 23:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS [2012/10/27 19:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player - Codec Pack [2012/10/27 19:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP [2012/10/27 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft [2012/10/27 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2012/10/27 11:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon [2012/10/27 10:11:11 | 000,000,000 | ---D | C] -- C:\filtering [2012/10/27 07:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2012/10/27 07:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Application Data\Nikon [2012/10/27 07:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\soma\Local Settings\Application Data\Nikon [2012/10/27 06:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nikon Message Center 2 [2012/10/27 06:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ViewNX 2 [2012/10/27 06:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon [2012/10/27 06:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon [2012/10/27 06:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2012/10/27 06:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2012/10/27 06:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2012/10/27 06:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Link to Nikon [2012/10/23 06:06:39 | 000,000,000 | ---D | C] -- C:\apt [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/15 21:33:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\soma\Desktop\OTL.exe [2012/11/15 21:28:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/11/15 20:56:32 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012/11/15 20:56:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/11/15 20:55:14 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job [2012/11/15 20:54:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/15 17:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-507921405-725345543-1004UA.job [2012/11/15 15:32:18 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/15 12:01:37 | 000,000,447 | ---- | M] () -- C:\user.js [2012/11/15 11:59:50 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\TornTV.lnk [2012/11/15 11:57:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job [2012/11/15 11:57:11 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job [2012/11/15 11:57:10 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job [2012/11/15 11:24:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01007.Wdf [2012/11/15 11:24:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2012/11/15 11:23:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012/11/15 11:23:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2012/11/15 11:23:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2012/11/15 11:01:27 | 000,000,129 | ---- | M] () -- C:\Shortcut to 3½ Floppy (A).lnk [2012/11/15 03:49:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-507921405-725345543-1004Core.job [2012/11/14 09:00:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\back.job [2012/11/12 10:16:03 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\soma\kvirc4.ini [2012/11/12 10:14:11 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KVIrc.lnk [2012/11/10 23:47:25 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ulead32.ini [2012/11/04 05:19:05 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/11/04 05:17:12 | 000,413,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/11/04 05:17:12 | 000,060,914 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012/10/30 18:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012/10/27 23:19:03 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 5.0.lnk [2012/10/27 18:57:49 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT [2012/10/27 18:55:21 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT [2012/10/27 07:41:04 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2012/10/27 07:33:16 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT [2012/10/27 06:56:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX2.INI [2012/10/27 06:38:13 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration [2012/10/27 06:38:13 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\URLs [2012/10/27 06:36:14 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk [2012/10/27 06:35:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Tables [2012/10/27 06:35:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\System Image Utility [2012/10/27 06:35:25 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\User Pictures [2012/10/27 06:35:25 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Trumpet Section [2012/10/27 06:34:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT [2012/10/27 06:34:02 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\vhosts [2012/10/23 07:00:32 | 000,031,920 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys [2012/10/23 06:58:34 | 000,027,648 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys [2012/10/23 06:58:03 | 000,044,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys [2012/10/23 06:57:46 | 000,208,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys [2012/10/20 05:32:01 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\Backup.lnk [2012/10/19 09:38:52 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\Windows Media Player.lnk [2012/10/19 08:53:59 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\soma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/17 07:37:54 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\soma\Desktop\SolveigMM AVI Trimmer + MKV.lnk [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/15 15:29:55 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/15 12:01:34 | 000,000,447 | ---- | C] () -- C:\user.js [2012/11/15 12:01:10 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll [2012/11/15 11:59:50 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\TornTV.lnk [2012/11/15 11:57:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Update.job [2012/11/15 11:57:11 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper MUM.job [2012/11/15 11:57:10 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Routing.job [2012/11/15 11:24:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motport_01007.Wdf [2012/11/15 11:24:05 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2012/11/15 11:23:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012/11/15 11:23:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf [2012/11/15 11:23:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2012/11/15 11:01:27 | 000,000,129 | ---- | C] () -- C:\Shortcut to 3½ Floppy (A).lnk [2012/11/12 10:16:03 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\soma\kvirc4.ini [2012/11/12 10:14:11 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KVIrc.lnk [2012/11/02 11:18:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/27 23:19:08 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys [2012/10/27 23:19:03 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Free 5.0.lnk [2012/10/27 07:41:04 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2012/10/27 06:56:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI [2012/10/27 06:38:13 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration [2012/10/27 06:38:13 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT [2012/10/27 06:38:13 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\URLs [2012/10/27 06:36:14 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk [2012/10/27 06:35:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Tables [2012/10/27 06:35:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\System Image Utility [2012/10/27 06:35:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT [2012/10/27 06:35:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT [2012/10/27 06:35:25 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\User Pictures [2012/10/27 06:34:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT [2012/10/27 06:34:02 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\vhosts [2012/10/27 06:34:02 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Trumpet Section [2012/10/20 05:31:59 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\Backup.lnk [2012/10/19 09:38:52 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\Windows Media Player.lnk [2012/10/19 08:53:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\soma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/17 07:37:54 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\soma\Desktop\SolveigMM AVI Trimmer + MKV.lnk [2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini [2012/09/25 00:30:54 | 003,915,776 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll [2012/09/25 00:30:04 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/09/25 00:29:20 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2012/09/25 00:29:00 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2012/09/25 00:29:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2012/09/25 00:29:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2012/09/25 00:28:58 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2012/09/25 00:28:58 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2012/09/25 00:28:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2012/08/24 22:07:48 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe [2012/07/19 13:56:08 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll [2012/07/19 13:56:02 | 006,894,331 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll [2012/07/19 13:56:02 | 001,111,581 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll [2012/07/19 13:56:02 | 000,401,685 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll [2012/07/19 13:56:02 | 000,232,895 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll [2012/07/19 13:56:02 | 000,162,743 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-3.dll [2012/07/19 13:56:02 | 000,101,820 | ---- | C] () -- C:\WINDOWS\System32\avresample-lav-0.dll [2012/07/10 21:56:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\UTHUNK32.DLL [2012/07/05 08:15:06 | 000,310,272 | ---- | C] () -- C:\WINDOWS\System32\UPDIO2.dll [2012/07/05 08:14:59 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll [2012/07/05 08:14:54 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\SUPDRun.exe [2012/07/05 08:14:53 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe [2012/06/17 16:15:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe [2012/06/17 16:14:58 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2012/06/17 16:14:42 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll [2012/05/12 17:42:16 | 001,272,320 | ---- | C] () -- C:\WINDOWS\System32\avcodec-53.dll [2012/05/12 17:42:16 | 000,146,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-51.dll [2012/03/18 07:17:00 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2012/03/15 19:03:12 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys [2012/03/14 22:47:10 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini [2012/02/15 18:19:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/04 07:43:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll [2011/09/15 04:26:38 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2011/09/15 04:26:38 | 000,000,095 | ---- | C] () -- C:\WINDOWS\vista32.ini [2011/09/15 04:26:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini [2011/09/15 04:26:35 | 000,047,616 | ---- | C] () -- C:\WINDOWS\ucmsp_32.dll [2011/09/15 04:26:32 | 000,171,024 | ---- | C] () -- C:\WINDOWS\p1220_16.dll [2011/09/15 04:26:32 | 000,150,560 | ---- | C] () -- C:\WINDOWS\vud32.dll [2011/09/15 04:26:32 | 000,112,672 | ---- | C] () -- C:\WINDOWS\p1220_32.dll [2011/09/15 04:26:32 | 000,105,504 | ---- | C] () -- C:\WINDOWS\p6xx_32.dll [2011/09/15 04:26:32 | 000,064,845 | ---- | C] () -- C:\WINDOWS\pmmail.exe [2011/09/15 04:26:32 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll [2011/09/15 04:26:31 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll [2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011/07/01 04:58:59 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys [2011/06/23 22:58:32 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/06/23 22:58:04 | 000,877,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/06/13 15:01:46 | 000,068,852 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp [2011/06/13 15:01:46 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp [2011/06/13 14:46:39 | 000,069,000 | ---- | C] () -- C:\WINDOWS\hpoins05.dat [2011/06/13 14:46:39 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat [2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2011/02/11 05:26:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll ========== ZeroAccess Check ========== [2011/06/13 15:04:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/11/27 05:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/07/08 05:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft [2012/10/27 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2012/10/27 11:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2011/09/13 17:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development [2010/07/28 18:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2011/05/23 07:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2012/07/05 08:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2010/06/24 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/09/13 17:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2012/10/27 06:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2012/08/24 22:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2011/08/26 18:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker [2012/01/21 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/11/15 17:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Incredibar.com [2012/11/12 10:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\KVIrc4 [2012/11/15 11:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Motorola [2012/10/27 07:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Nikon [2012/08/09 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Nova Development [2012/07/01 10:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\OnlineArmor [2012/07/28 06:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\OpenOffice.org [2012/10/12 11:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Tracker Software [2012/07/07 22:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\soma\Application Data\Ulead Systems ========== Purity Check ========== < End of report > -------------------------------------------------------------- OTL Extras logfile created on: 11/15/2012 9:37:14 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\soma\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 765.98 Mb Total Physical Memory | 109.44 Mb Available Physical Memory | 14.29% Memory free 1.46 Gb Paging File | 0.70 Gb Available in Paging File | 48.21% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 189.91 Gb Total Space | 143.73 Gb Free Space | 75.68% Space Free | Partition Type: NTFS Drive D: | 572.50 Mb Total Space | 534.64 Mb Free Space | 93.39% Space Free | Partition Type: FS_UDF Computer Name: DELL-TOP | User Name: soma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n () htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /x () piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1723:TCP" = 1723:TCP:*:Enabled:port forwarding "1723:UDP" = 1723:UDP:*:Enabled:port forwarding "500:TCP" = 500:TCP:*:Enabled:port forwarding "500:UDP" = 500:UDP:*:Enabled:port forwarding "1889:TCP" = 1889:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\downloads\video_converter_setup.exe" = C:\downloads\video_converter_setup.exe:*:Enabled:Video Converter "C:\WINDOWS\system32\SUPDSvc2.exe" = C:\WINDOWS\system32\SUPDSvc2.exe:*:Enabled:Samsung UPD Service2 -- (Samsung Electronics) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd) "C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe:*:Enabled:TbService.exe -- (CHENGDU YIWO Tech Development Co., Ltd) "C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe -- (CHENGDU YIWO Tech Development Co., Ltd) "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu "C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe "{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2 "{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0 "{6EA8CF9D-E8BA-462C-BADD-7C33038D7F9F}" = CambridgeSoft ChemDraw Plugin Net 12.0 "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet "{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update "{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update "{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update "{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update "{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update "{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B01B5689-930B-40A8-AC57-A0E88AAED7D9}" = Microsoft Office Word 2003 XML Viewer "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch "{C98876CB-9847-4DCB-96F6-98CD5D66D2E2}" = Document Express DjVu Plug-in "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1ClickDownload" = TornTV "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnswerWorks" = AnswerWorks Runtime "Any Video Converter_is1" = Any Video Converter 3.5.6 "ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 2.05 "avast" = avast! Free Antivirus "Avi2Dvd" = Avi2Dvd 0.6.4 "Corel Applications" = Corel Applications "DVD Flick_is1" = DVD Flick 1.3.0.7 "EaseUS Todo Backup Free 5.0_is1" = EaseUS Todo Backup Free 5.0 "ESET Online Scanner" = ESET Online Scanner v3 "Free Easy Burner_is1" = Free Easy Burner V 5.1 "Gzip-1.3.12-1_is1" = GnuWin32: Gzip-1.3.12-1 "HP Photo & Imaging" = HP Image Zone 4.7 "HPExtendedCapabilities" = HP Extended Capabilities 4.7 "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "InCD!UninstallKey" = Ahead InCD "incredibar" = Incredibar Toolbar on IE "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "IsoBuster_is1" = IsoBuster 2.8.5 "KVIrc" = KVIrc "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Media Player - Codec Pack" = Media Player Codec Pack 4.2.3 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mplayer" = Mplayer 0.6.9 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NirSoft WebVideoCap" = NirSoft WebVideoCap "OnlineArmor_is1" = Online Armor 5.5 "OpenSSL-0.9.8h-1_is1" = GnuWin32: OpenSSL-0.9.8h-1 "PROSet" = Intel® PRO Network Adapters and Drivers "Quicken 2001 Basic" = Quicken 2001 Basic "Samsung ML-2250 Series" = Samsung ML-2250 Series "Smart Defrag 2_is1" = Smart Defrag 2 "SolveigMM AVI Trimmer 2.0.1210.11" = SolveigMM AVI Trimmer "SpywareBlaster_is1" = SpywareBlaster 4.3 "VLC media player" = VLC media player 2.0.2 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.00 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WNLT" = IB Updater Service "Word8.0" = Microsoft Word 97 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec "ZeroFootprint Crypt 4.03.05" = ZeroFootprint Crypt 4.03.05 Error encountered while reading event logs. < End of report > ------------------------------------------------ Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.15.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 soma :: DELL-TOP [administrator] 11/15/2012 3:33:45 PM mbam-log-2012-11-15 (15-33-45).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 323778 Time elapsed: 1 hour(s), 8 minute(s), 37 second(s) Memory Processes Detected: 1 C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 2544 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot. (end) Link to post Share on other sites
zee 0 Posted November 16, 2012 Author Report Share Posted November 16, 2012 I've been able to disable the torntv and the incredibar search bar from firefox/tools/add-ons. It's still there in internet explorer, which I usually don't use. Link to post Share on other sites
schrauber 30 Posted November 16, 2012 Report Share Posted November 16, 2012 Hi, Please wait with installing updates until we are finished. Please attach logfiles instead of posting them into the thread. Please download AdwCleaner by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[R1].txt as well. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. Also please attach a fresh OTL logfile. Link to post Share on other sites
zee 0 Posted November 17, 2012 Author Report Share Posted November 17, 2012 Sorry - there's another person who uses the computer and I didn't mention to not reboot it - so the critical updates seem to have automatically been installed. I wasn't able to find the "extras.txt" after exiting the otl program. Is there somewhere it gets saved? Thanks for the help. Link to post Share on other sites
schrauber 30 Posted November 17, 2012 Report Share Posted November 17, 2012 Hi, How is it running? I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. [*]Check [*]Click the button. [*]Accept any security warnings from your browser. [*]Check [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the button. [*]Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Link to post Share on other sites
Kevin Zoll 309 Posted November 20, 2012 Report Share Posted November 20, 2012 Thread Closed Reason: Lack of Response PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread. Link to post Share on other sites
schrauber 30 Posted November 26, 2012 Report Share Posted November 26, 2012 Topic reopened by user request. Link to post Share on other sites
zee 0 Posted November 26, 2012 Author Report Share Posted November 26, 2012 I ran OTL but it didn't seem to create an "extras.txt". I've been unable to remove torn-tv. When I try to remove it from add/remove programs it causes the computer to freeze and I have to turn off the computer in order to reboot. I'm wondering if having removed the add-on from firefox might be why it won't remove from add/remove programs. Link to post Share on other sites
schrauber 30 Posted November 26, 2012 Report Share Posted November 26, 2012 Please try Revo Uninstaller to remove it http://www.revouninstaller.com/ Let me know if it worked. Link to post Share on other sites
zee 0 Posted November 26, 2012 Author Report Share Posted November 26, 2012 The Revo uninstaller was unable to remove torn-tv by the usual method --the computer froze and I had to turn it off to reboot. I had to use the force-uninstall. It seems to have removed everything it could find of the program. Link to post Share on other sites
schrauber 30 Posted November 27, 2012 Report Share Posted November 27, 2012 Good. Please test the system a day or two ands let me know if there are any issues left, then pleaser post back with a fresh OTL logfile. Link to post Share on other sites
zee 0 Posted November 28, 2012 Author Report Share Posted November 28, 2012 Super Anti-Spyware found this: Trojan.Agent/Gen-Nullo[short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{ADB0BBBE-8F18-4B20-84C5-6A12D96417CB}\RP810\A0130868.EXE Link to post Share on other sites
zee 0 Posted November 28, 2012 Author Report Share Posted November 28, 2012 Just ran Eset and it found 4 instances of Win32/InstallMonetizer.AF application Link to post Share on other sites
schrauber 30 Posted November 28, 2012 Report Share Posted November 28, 2012 Logfile from ESET? SuperAntiSpyware just found a restore Point, we will clean them when we cleanup our work. Any Problems with the system? Link to post Share on other sites
zee 0 Posted November 29, 2012 Author Report Share Posted November 29, 2012 Log from Eset. Link to post Share on other sites
zee 0 Posted November 29, 2012 Author Report Share Posted November 29, 2012 Any Problems with the system? Not that I've noticed. It usually has on and off problems connecting to sites. Link to post Share on other sites
schrauber 30 Posted November 30, 2012 Report Share Posted November 30, 2012 Ok, please attach a fresh OTL logfile so we can cleanup our work Link to post Share on other sites
zee 0 Posted December 3, 2012 Author Report Share Posted December 3, 2012 We've been having on and off trouble with yahoo. Sometimes the browser (firefox) freezes at yahoo and has to be closed and opened again to get out of it. Link to post Share on other sites
schrauber 30 Posted December 3, 2012 Report Share Posted December 3, 2012 Please test this with Internet Explorer. Same problems? Link to post Share on other sites
zee 0 Posted December 5, 2012 Author Report Share Posted December 5, 2012 It may take a few days to find out. Will get back. Link to post Share on other sites
schrauber 30 Posted December 5, 2012 Report Share Posted December 5, 2012 Ok Link to post Share on other sites
zee 0 Posted December 6, 2012 Author Report Share Posted December 6, 2012 Eset found another virus. I think it was where torn-tv originally came from. Link to post Share on other sites
schrauber 30 Posted December 6, 2012 Report Share Posted December 6, 2012 Looks good. Please attach a fresh OTL logfile and tell me if there are any problems left. Link to post Share on other sites
zee 0 Posted December 9, 2012 Author Report Share Posted December 9, 2012 The problem doesn't seem to happen with internet explorer. Â Thanks for the help. Link to post Share on other sites
schrauber 30 Posted December 10, 2012 Report Share Posted December 10, 2012 Ok, please uninstall firefox completely, keep no data saved, and reinstall it. Test firefox again and let me know, also please attach a fresh OTL logfile. Link to post Share on other sites
zee 0 Posted December 12, 2012 Author Report Share Posted December 12, 2012 Having problems uninstalling firefox. I tried using Revo Uninstaller and it seems to have not been able to completely remove it even using "forced uninstall". Link to post Share on other sites
schrauber 30 Posted December 13, 2012 Report Share Posted December 13, 2012 What kind of problems? Link to post Share on other sites
zee 0 Posted December 13, 2012 Author Report Share Posted December 13, 2012 When I try to uninstall Firefox from the control panel, it causes the computer to freeze and I have to turn the power off to get it to reboot. Using Revo forced uninstall (to remove Firefox) seemed to cause Internet Explorer to stop being able to connect to anything. It wouldn't connect to the modem (192.168.1.1) either. This seemed to cause a problem with a 2nd computer that is connected by a switch (hub?) to the modem and it wasn't able to connect to anything either. I finally did a system restore. There is a 2nd program listed below Firefox in "add/remove programs"called "Mozilla Maintenance Service" that also jammed the computer when I tried to remove it. Link to post Share on other sites
schrauber 30 Posted December 13, 2012 Report Share Posted December 13, 2012 Please download both Firefox and the other tool from the mozilla site and install them again without uninstalling it before. The installer will remove/repair the old installations. Link to post Share on other sites
zee 0 Posted December 14, 2012 Author Report Share Posted December 14, 2012 I downloaded and reinstalled Firefox. The "Maintenance Service" seems to be a part of the Firefox program and downloads with it. I was still unable to remove Firefox or the Maintenance Service after the re-installation - it caused the computer to freeze. Link to post Share on other sites
schrauber 30 Posted December 16, 2012 Report Share Posted December 16, 2012 No need to remove them again after the reinstallation. Is firefox working better now after reinstalling it? Link to post Share on other sites
zee 0 Posted December 16, 2012 Author Report Share Posted December 16, 2012 Not sure how it's running yet but wouldn't it indicate a problem that Firefox can't be uninstalled? Â Also, I noticed a file called ie4uinit.exe that some people seem to think is a dangerous trojan. Not sure about it. Link to post Share on other sites
schrauber 30 Posted December 17, 2012 Report Share Posted December 17, 2012 Sure its indicate a problem, of course. But I will fix the malware related problems first. Please attach a fresh OTL logfile. Are there any other problems beside firefox? This file is legit http://www.bleepingcomputer.com/startups/ie4uinit.exe-24768.html Link to post Share on other sites
zee 0 Posted December 19, 2012 Author Report Share Posted December 19, 2012 Hard to tell if there are other problems -- verizon was down yesterday. I thought, at first, that a virus was preventing me from connecting - then found out it was verizon. Â Â Link to post Share on other sites
schrauber 30 Posted December 20, 2012 Report Share Posted December 20, 2012 I thought, at first, that a virus was preventing me from connecting - then found out it was verizon. Not all issues are malware related everytime  Logs are clean. So firefox still making problems after you did the fresh installation? Link to post Share on other sites
Kevin Zoll 309 Posted December 24, 2012 Report Share Posted December 24, 2012 Thread ClosedReason: Lack of ResponsePM either http://support.emsisoft.com/index.php?/user/47-shadowputerdude/'>ShadowPuterDude, http://support.emsisoft.com/user/23145-elise/'>Elise, or http://support.emsisoft.com/user/18745-gt500/'>GT500 to have this thread reopened.The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled http://support.emsisoft.com/index.php?/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/'>START HERE, if you don't we are just going to send you back to this thread. Link to post Share on other sites
Recommended Posts