|
TR/Trash.gen virus removal help
|
|
AndyLaz
Junior Member
|
31. January 2014 @ 23:30 |
Link to this message
|
I just recently ran a computer scan with Avira free anti-virus and it detected a virus called " TR/Trash.gen . It was moved to the quarantine , and I'm not sure if clicking to delete this in the quarantine will remove it for good . I ran several programs before the Avira called Adware Cleaner , Junkware Remover , ComboFix and don't beleive any detected this . I appreciate the help in removing this for good if anyone has any suggestions .
|
Advertisement
|
|
|
AfterDawn Addict
|
31. January 2014 @ 23:52 |
Link to this message
|
Originally posted by AndyLaz: I just recently ran a computer scan with Avira free anti-virus and it detected a virus called " TR/Trash.gen . It was moved to the quarantine , and I'm not sure if clicking to delete this in the quarantine will remove it for good . I ran several programs before the Avira called Adware Cleaner , Junkware Remover , ComboFix and don't beleive any detected this . I appreciate the help in removing this for good if anyone has any suggestions .
If you ran Combofix, it's gone. Just delete it from the quarantine...
2oG
|
AfterDawn Addict
|
1. February 2014 @ 00:10 |
Link to this message
|
Originally posted by 2oldGeek: Originally posted by AndyLaz: I just recently ran a computer scan with Avira free anti-virus and it detected a virus called " TR/Trash.gen . It was moved to the quarantine , and I'm not sure if clicking to delete this in the quarantine will remove it for good . I ran several programs before the Avira called Adware Cleaner , Junkware Remover , ComboFix and don't beleive any detected this . I appreciate the help in removing this for good if anyone has any suggestions .
If you ran Combofix, it's gone. Just delete it from the quarantine...
2oG
Sorry Andy, I misread the name of your virus... and the order of the programs you ran. getting late here. :)
If you will run OTL we can see if it really is all gone.
--OTL--
Please download OTL by OldTimer to your Desktop.
If you already have a copy of OTL, delete it and use this version.
Double click OTL.exe to launch the program.
Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)
Please post me both logs
|
AndyLaz
Junior Member
|
1. February 2014 @ 00:37 |
Link to this message
|
OTL Extras logfile created on: 2/1/2014 12:24:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5503)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.24 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 69.04% Memory free
1.96 Gb Paging File | 1.49 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 305.99 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{06CE01E3-5B60-4B46-A4A3-A5EC33AD30D7}" = Cheetah CD Burner
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4F75616F-49C7-4EA2-8725-7E1A7AB1949C}" = Nero InfoTool 11 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}" = Nero 11 InfoTool
"{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}" = SlimCleaner
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.12.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A90E924E-1B35-44B0-978E-3F6F89FBC960}" = Nero InfoTool 11
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BurnAware Free_is1" = BurnAware Free 6.6
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
"DivX Setup" = DivX Setup
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSet" = Intel(R) Network Connections Drivers
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZC AVI to DVD Creator_is1" = ZC AVI to DVD Creator 6.6.4
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"uTorrent" = µTorrent
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 11/13/2013 10:40:07 PM | Computer Name = OWNER-PC | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
Error - 11/13/2013 10:40:17 PM | Computer Name = OWNER-PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{b0afb3e0-170f-11e3-8bed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 11/13/2013 10:40:39 PM | Computer Name = OWNER-PC | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
Error - 11/13/2013 11:20:04 PM | Computer Name = OWNER-PC | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{b0afb3e0-170f-11e3-8bed-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 11/13/2013 11:20:37 PM | Computer Name = OWNER-PC | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
Error - 11/21/2013 2:44:27 PM | Computer Name = OWNER-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 25.0.1.5064, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/21/2013 2:44:59 PM | Computer Name = OWNER-PC | Source = Application Hang | ID = 1001
Description = Fault bucket -335480244.
Error - 11/28/2013 8:47:53 PM | Computer Name = OWNER-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 12/2/2013 1:40:09 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application avwebgrd.exe, version 14.0.0.383, faulting module
avwebgrd.exe, version 14.0.0.383, fault address 0x0008a4dd.
Error - 12/2/2013 1:40:48 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1001
Description = Fault bucket -427996687.
[ System Events ]
Error - 1/12/2014 10:22:11 PM | Computer Name = OWNER-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/13/2014 4:44:56 PM | Computer Name = OWNER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0016767A09BA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 1/13/2014 9:39:07 PM | Computer Name = OWNER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.8 for the Network Card with network
address 0016767A09BA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 1/16/2014 11:32:09 PM | Computer Name = OWNER-PC | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:2869. The IP
Listen-Only list may contain a reference to an interface which may not exist on
this machine. The data field contains the error number.
Error - 1/16/2014 11:32:09 PM | Computer Name = OWNER-PC | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:2869. The IP
Listen-Only list may contain a reference to an interface which may not exist on
this machine. The data field contains the error number.
Error - 1/18/2014 1:24:18 AM | Computer Name = OWNER-PC | Source = System Error | ID = 1003
Description = Error code 0000001a, parameter1 00041284, parameter2 00010001, parameter3
000018c1, parameter4 c0883000.
Error - 1/24/2014 11:50:22 PM | Computer Name = OWNER-PC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b99f6685, parameter3
a86cba54, parameter4 00000000.
Error - 1/31/2014 9:48:36 PM | Computer Name = OWNER-PC | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom0. The database is corrupt.
Error - 1/31/2014 10:21:11 PM | Computer Name = OWNER-PC | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom0. The database is corrupt.
Error - 1/31/2014 10:23:22 PM | Computer Name = OWNER-PC | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom0. The database is corrupt.
< End of report >
OTL logfile created on: 2/1/2014 12:24:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5503)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.24 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 69.04% Memory free
1.96 Gb Paging File | 1.49 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 305.99 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014/02/01 00:17:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/09 11:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/05 15:15:02 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/03/07 01:46:18 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/12/09 11:37:21 | 000,394,808 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/07/29 18:19:04 | 000,234,496 | ---- | M] () -- C:\Program Files\Total Video Converter\TVCShellExt.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2009/01/10 17:14:06 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2008/03/07 01:46:08 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/11 16:58:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 22:18:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/05 15:15:02 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/12/09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/12/09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2006/07/27 01:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 14:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [1999/12/31 19:00:00 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [1999/12/31 19:00:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [1999/12/31 19:00:00 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-776561741-1965331169-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-776561741-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/20 22:18:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2013/09/06 16:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/12/20 22:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/20 22:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 22:18:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[color=#E56717]========== Chrome ==========[/color]
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inpnaolhdabeflnnbeanpoakmaiggfol\1.6\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njffkmdmonbbdoelceppmjdlibabcmnc\1.0\
CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
O1 HOSTS File: ([2014/01/31 15:59:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 10.40.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7ADF195-FCD9-4A56-A962-A89B16B34280}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.omahasteaks.com/gifs/big/cmb4751.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/06 15:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014/01/31 18:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Black Sabbath- Greatest Hits
[2014/01/31 16:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2014/01/31 16:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/31 16:09:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014/01/31 16:09:26 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/01/31 16:09:26 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/01/31 16:09:26 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/01/31 16:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2014/01/31 16:02:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/31 14:26:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/01/31 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2014/01/31 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/31 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2014
[2014/01/31 04:35:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/01/30 22:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Downloads
[2014/01/29 00:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mötley Crüe [Discography]
[2014/01/28 22:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2014/01/28 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2014/01/19 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/01/19 17:02:25 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/19 17:01:56 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/19 16:35:38 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
[2014/01/18 23:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Beaches
[2014/01/12 20:35:01 | 002,078,952 | ---- | C] (Rocket Division Software) -- C:\WINDOWS\System32\starburnx.dll
[2014/01/12 20:35:01 | 000,335,872 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\dvdauthor.ocx
[2014/01/12 20:35:01 | 000,233,472 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomdvdimg.dll
[2014/01/12 20:35:01 | 000,081,920 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll
[2014/01/12 20:35:00 | 000,376,832 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomsplitter.dll
[2014/01/12 20:35:00 | 000,339,968 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtde.dll
[2014/01/12 20:35:00 | 000,143,360 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtenc.dll
[2014/01/12 20:35:00 | 000,135,168 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomrmencoder.dll
[2014/01/12 20:34:59 | 001,470,464 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscommpgenc.dll
[2014/01/12 20:34:59 | 000,888,832 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomflvdec.dll
[2014/01/12 20:34:59 | 000,110,592 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudioencoder.dll
[2014/01/12 20:34:59 | 000,098,304 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudiodata.dll
[2014/01/12 20:34:59 | 000,086,016 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomframe.dll
[2014/01/12 20:34:58 | 001,773,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2014/01/12 20:34:58 | 000,266,240 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx
[2014/01/12 20:34:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2014/01/12 20:34:57 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2014/01/12 20:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
[2014/01/12 20:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheetah Burner
[2014/01/12 20:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2014/01/12 19:52:29 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2014/01/12 19:48:54 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4410.dll
[2014/01/12 19:48:54 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2014/01/12 19:48:54 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2014/01/12 19:48:54 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2014/01/12 19:48:51 | 000,114,688 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2014/01/12 19:48:51 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2014/01/12 19:48:51 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2014/01/12 19:48:50 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2014/01/12 19:48:50 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2014/01/12 19:48:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2014/01/12 19:48:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2014/01/12 19:48:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2014/01/12 19:48:50 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2014/01/12 19:48:50 | 000,040,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2014/01/12 19:48:49 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2014/01/12 19:48:49 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2014/01/12 19:48:49 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2014/01/12 19:48:49 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2014/01/12 19:48:49 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2014/01/12 19:48:49 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2014/01/12 19:48:48 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2014/01/12 19:48:48 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2014/01/12 19:48:48 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2014/01/12 19:48:48 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2014/01/12 19:48:48 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2014/01/12 19:48:48 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2014/01/12 19:48:48 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2014/01/12 19:48:48 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2014/01/12 19:48:48 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2014/01/12 19:48:47 | 001,503,232 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2014/01/12 19:48:47 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2014/01/12 19:48:46 | 000,446,464 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2014/01/12 19:48:46 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2014/01/12 19:48:46 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2014/01/12 19:48:46 | 000,077,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2014/01/12 19:48:45 | 000,073,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2014/01/12 19:48:45 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2014/01/12 19:37:12 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2014/01/12 19:37:11 | 002,318,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2014/01/12 19:37:11 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2014/01/12 19:37:08 | 000,956,026 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2014/01/12 19:37:06 | 000,238,650 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2014/01/12 19:32:00 | 000,121,467 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2014/01/12 19:31:57 | 000,045,694 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2014/01/12 19:31:20 | 000,251,904 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_HWB2.sys
[2014/01/12 19:30:49 | 001,042,432 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys
[2014/01/12 19:30:49 | 000,731,264 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
[2014/01/12 19:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Innovative Solutions
[2014/01/12 19:19:05 | 000,985,472 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.sys
[2014/01/12 19:19:05 | 000,237,568 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32M30.dll
[2014/01/12 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2014/01/12 12:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2014/01/12 12:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2014/01/12 12:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2014/01/11 21:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2014/01/11 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2014/01/04 20:38:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/04 20:38:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/04 20:38:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/04 20:38:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/03 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/01/03 20:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2014/01/03 19:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\1Step DVD Copy
[2014/01/03 15:59:02 | 000,000,000 | ---D | C] -- C:\ZCAVIToDVD
[2014/01/03 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZC AVI to DVD Creator
[2014/01/03 15:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\ZC AVI to DVD Creator
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014/02/01 00:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 23:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/31 23:12:34 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2014/01/31 18:55:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/31 16:09:43 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/31 15:59:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/31 15:04:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 15:04:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/31 14:32:24 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/31 04:29:21 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2014/01/28 23:42:56 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/01/19 17:02:25 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/19 17:01:56 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/16 22:35:38 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/12 20:34:57 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cheetah CD Burner.lnk
[2014/01/12 20:28:14 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\burnaware.ini
[2014/01/11 21:25:34 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio FREE.lnk
[2014/01/11 21:25:34 | 000,000,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio FREE.lnk
[2014/01/11 16:58:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/01/11 16:58:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/01/07 22:36:31 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
[2014/01/06 22:59:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2014/01/04 18:42:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/03 22:13:29 | 000,436,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/03 22:13:29 | 000,067,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/03 15:29:03 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZC AVI to DVD Creator.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014/01/31 16:09:43 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/31 14:32:24 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/28 22:36:21 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2014/01/12 20:35:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2014/01/12 20:35:01 | 000,054,612 | ---- | C] () -- C:\WINDOWS\System32\starburnx.tlb
[2014/01/12 20:34:59 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2014/01/12 20:34:58 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2014/01/12 20:34:58 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2014/01/12 20:34:57 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cheetah CD Burner.lnk
[2014/01/12 19:48:45 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2014/01/12 19:48:45 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2014/01/12 19:48:45 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2014/01/12 19:48:45 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2014/01/12 19:31:21 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFTProf.cty
[2014/01/12 19:19:05 | 000,146,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2014/01/11 21:25:34 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio FREE.lnk
[2014/01/11 21:25:34 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio FREE.lnk
[2014/01/11 16:40:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/04 20:38:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/01/04 20:38:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/04 20:38:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/04 20:38:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/04 20:38:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/04 20:25:58 | 000,265,524 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1965331169-725345543-1003-0.dat
[2014/01/04 20:25:58 | 000,132,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/01/04 18:42:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/03 15:29:03 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZC AVI to DVD Creator.lnk
[2013/12/04 20:03:53 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2013/09/08 03:12:52 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\burnaware.ini
[2013/09/06 22:58:44 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/06 16:18:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/09/06 16:08:47 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2013/09/06 16:08:45 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2013/09/06 15:46:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/09/06 15:40:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/09/06 11:34:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2013/12/05 20:13:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/03/07 01:46:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/03/07 01:46:04 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/03/07 01:46:12 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2014/01/11 21:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2013/12/04 12:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/10/15 18:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/11/13 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/12/18 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2013/09/14 19:11:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/10/10 22:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2014/02/01 00:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/06 16:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/10/10 22:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SummerSoft
[2013/09/26 07:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/09/06 16:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2014/01/11 21:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[2013/11/06 23:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DRPSu
[2013/10/10 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2013/09/14 19:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2014/01/31 15:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2013/09/06 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yandex
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/11/25 14:14:38 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\伮ꅮ咔6
[2013/11/25 03:37:26 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\伮ꅮ咔6
[2013/11/19 15:58:01 | 105,275,480 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᢉ憅咔6
[2013/11/19 13:58:04 | 105,275,480 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᢉ憅咔6
< End of report >
|
AfterDawn Addict
|
1. February 2014 @ 01:03 |
Link to this message
|
AndyLaz
I can't find any signs of malware.
Is your computer acting OK?
Run this as a precaution:
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
2oG
|
AndyLaz
Junior Member
|
1. February 2014 @ 02:04 |
Link to this message
|
Originally posted by 2oldGeek: AndyLaz
I can't find any signs of malware.
Is your computer acting OK?
Run this as a precaution:
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
2oG
I'll run it tomorrow and let you know how it turns out . Thanks for your help .
|
AndyLaz
Junior Member
|
1. February 2014 @ 14:55 |
Link to this message
|
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.01.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5503
Owner :: OWNER-PC [administrator]
2/1/2014 12:55:45 PM
mbam-log-2014-02-01 (12-55-45).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236578
Time elapsed: 1 hour(s), 38 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
Files Detected: 22
C:\Documents and Settings\Owner\My Documents\Downloads\VideoConverterSetup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027282.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027283.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027284.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027285.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027286.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027287.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027288.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027289.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027290.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027291.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027398.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027399.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027400.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP149\A0028467.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP163\A0036846.exe (PUP.Optional.Jumpyapps) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
(end)
I deleted TR/Trash.gen from avira and plan to do a re-scan .
|
AndyLaz
Junior Member
|
1. February 2014 @ 15:02 |
Link to this message
|
I just looked in the malwarebytes quarantine and all the threats are still there after I clicked to remove them and restart the computer .
|
AfterDawn Addict
|
1. February 2014 @ 16:05 |
Link to this message
|
click delete all in mbam quarantine.. see if they go away.
p.s. MBAM puts all in quarantine, they can't hurt you there, then you must delete them.
they do that so you can restore one if it's a mistake.
This message has been edited since posting. Last time this message was edited on 1. February 2014 @ 16:28
|
AndyLaz
Junior Member
|
2. February 2014 @ 00:01 |
Link to this message
|
It looks like the TR/Trash.gen virus is gone after running Avira again , and I deleted all the other malware from malware-bytes and everything is ok so far . I'll keep you updated , thanks for your help .
|
Advertisement
|
|
|
AfterDawn Addict
|
2. February 2014 @ 00:09 |
Link to this message
|
Keep an eye on it and if you need help just let me know.
|
|