TR/Trash.gen virus removal help

Discussion in 'Windows - Virus and spyware problems' started by AndyLaz, Jan 31, 2014.

  1. AndyLaz

    AndyLaz Member

    Joined:
    Aug 13, 2011
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    I just recently ran a computer scan with Avira free anti-virus and it detected a virus called " TR/Trash.gen . It was moved to the quarantine , and I'm not sure if clicking to delete this in the quarantine will remove it for good . I ran several programs before the Avira called Adware Cleaner , Junkware Remover , ComboFix and don't beleive any detected this . I appreciate the help in removing this for good if anyone has any suggestions .
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    If you ran Combofix, it's gone. Just delete it from the quarantine...

    2oG
     
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Sorry Andy, I misread the name of your virus... and the order of the programs you ran. getting late here. :)

    If you will run OTL we can see if it really is all gone.

    --OTL--

    Please download OTL by OldTimer to your Desktop.

    If you already have a copy of OTL, delete it and use this version.

    Double click OTL.exe to launch the program.

    Check the following.
    Scan all users.
    Standard Output.
    Lop check.
    Purity check.
    Under Extra Registry section, select Use SafeList
    Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

    When finished it will produce two logs.
    OTL.txt (open on your desktop).
    Extras.txt (minimized in your taskbar)

    Please post me both logs
     
  4. AndyLaz

    AndyLaz Member

    Joined:
    Aug 13, 2011
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    OTL Extras logfile created on: 2/1/2014 12:24:42 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5503)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.24 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 69.04% Memory free
    1.96 Gb Paging File | 1.49 Gb Available in Paging File | 76.28% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 305.99 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{06CE01E3-5B60-4B46-A4A3-A5EC33AD30D7}" = Cheetah CD Burner
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4F75616F-49C7-4EA2-8725-7E1A7AB1949C}" = Nero InfoTool 11 Help (CHM)
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}" = Nero 11 InfoTool
    "{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}" = SlimCleaner
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.12.0
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A90E924E-1B35-44B0-978E-3F6F89FBC960}" = Nero InfoTool 11
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "BurnAware Free_is1" = BurnAware Free 6.6
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
    "DivX Setup" = DivX Setup
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PROSet" = Intel(R) Network Connections Drivers
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "ZC AVI to DVD Creator_is1" = ZC AVI to DVD Creator 6.6.4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Amazon Cloud Player" = Amazon Cloud Player
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/13/2013 10:40:07 PM | Computer Name = OWNER-PC | Source = VSS | ID = 5013
    Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
    called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
    to 0x800423f3).

    Error - 11/13/2013 10:40:17 PM | Computer Name = OWNER-PC | Source = VSS | ID = 12289
    Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{b0afb3e0-170f-11e3-8bed-806d6172696f},0xc0000000,0x00000003,...).
    hr = 0x80070005.

    Error - 11/13/2013 10:40:39 PM | Computer Name = OWNER-PC | Source = VSS | ID = 5013
    Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
    called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
    to 0x800423f3).

    Error - 11/13/2013 11:20:04 PM | Computer Name = OWNER-PC | Source = VSS | ID = 12289
    Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{b0afb3e0-170f-11e3-8bed-806d6172696f},0xc0000000,0x00000003,...).
    hr = 0x80070005.

    Error - 11/13/2013 11:20:37 PM | Computer Name = OWNER-PC | Source = VSS | ID = 5013
    Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
    called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
    to 0x800423f3).

    Error - 11/21/2013 2:44:27 PM | Computer Name = OWNER-PC | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 25.0.1.5064, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/21/2013 2:44:59 PM | Computer Name = OWNER-PC | Source = Application Hang | ID = 1001
    Description = Fault bucket -335480244.

    Error - 11/28/2013 8:47:53 PM | Computer Name = OWNER-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/2/2013 1:40:09 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
    Description = Faulting application avwebgrd.exe, version 14.0.0.383, faulting module
    avwebgrd.exe, version 14.0.0.383, fault address 0x0008a4dd.

    Error - 12/2/2013 1:40:48 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1001
    Description = Fault bucket -427996687.

    [ System Events ]
    Error - 1/12/2014 10:22:11 PM | Computer Name = OWNER-PC | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/13/2014 4:44:56 PM | Computer Name = OWNER-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.2 for the Network Card with network
    address 0016767A09BA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/13/2014 9:39:07 PM | Computer Name = OWNER-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.8 for the Network Card with network
    address 0016767A09BA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/16/2014 11:32:09 PM | Computer Name = OWNER-PC | Source = HTTP | ID = 15005
    Description = Unable to bind to the underlying transport for 0.0.0.0:2869. The IP
    Listen-Only list may contain a reference to an interface which may not exist on
    this machine. The data field contains the error number.

    Error - 1/16/2014 11:32:09 PM | Computer Name = OWNER-PC | Source = HTTP | ID = 15005
    Description = Unable to bind to the underlying transport for 0.0.0.0:2869. The IP
    Listen-Only list may contain a reference to an interface which may not exist on
    this machine. The data field contains the error number.

    Error - 1/18/2014 1:24:18 AM | Computer Name = OWNER-PC | Source = System Error | ID = 1003
    Description = Error code 0000001a, parameter1 00041284, parameter2 00010001, parameter3
    000018c1, parameter4 c0883000.

    Error - 1/24/2014 11:50:22 PM | Computer Name = OWNER-PC | Source = System Error | ID = 1003
    Description = Error code 1000008e, parameter1 c0000005, parameter2 b99f6685, parameter3
    a86cba54, parameter4 00000000.

    Error - 1/31/2014 9:48:36 PM | Computer Name = OWNER-PC | Source = Removable Storage Service | ID = 262159
    Description = RSM cannot manage library CdRom0. The database is corrupt.

    Error - 1/31/2014 10:21:11 PM | Computer Name = OWNER-PC | Source = Removable Storage Service | ID = 262159
    Description = RSM cannot manage library CdRom0. The database is corrupt.

    Error - 1/31/2014 10:23:22 PM | Computer Name = OWNER-PC | Source = Removable Storage Service | ID = 262159
    Description = RSM cannot manage library CdRom0. The database is corrupt.


    < End of report >


    OTL logfile created on: 2/1/2014 12:24:42 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5503)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.24 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 69.04% Memory free
    1.96 Gb Paging File | 1.49 Gb Available in Paging File | 76.28% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 305.99 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/01 00:17:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
    PRC - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/12/09 11:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/12/09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/10/05 15:15:02 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2008/03/07 01:46:18 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/09 11:37:21 | 000,394,808 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2010/07/29 18:19:04 | 000,234,496 | ---- | M] () -- C:\Program Files\Total Video Converter\TVCShellExt.dll
    MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
    MOD - [2009/01/10 17:14:06 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
    MOD - [2008/03/07 01:46:08 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2014/01/11 16:58:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/20 22:18:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/12/09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/10/05 15:15:02 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/12/09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2013/12/09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/12/09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/12/09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2006/07/27 01:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2003/11/17 14:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [1999/12/31 19:00:00 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [1999/12/31 19:00:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [1999/12/31 19:00:00 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-776561741-1965331169-725345543-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-776561741-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.order.1: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/20 22:18:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2013/09/06 16:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2013/12/20 22:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/12/20 22:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/20 22:18:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\inpnaolhdabeflnnbeanpoakmaiggfol\1.6\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njffkmdmonbbdoelceppmjdlibabcmnc\1.0\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\

    O1 HOSTS File: ([2014/01/31 15:59:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-776561741-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.40.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.40.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7ADF195-FCD9-4A56-A962-A89B16B34280}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - http://www.omahasteaks.com/gifs/big/cmb4751.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/09/06 15:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/31 18:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Black Sabbath- Greatest Hits
    [2014/01/31 16:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
    [2014/01/31 16:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2014/01/31 16:09:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2014/01/31 16:09:26 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2014/01/31 16:09:26 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2014/01/31 16:09:26 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2014/01/31 16:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2014/01/31 16:02:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2014/01/31 14:26:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2014/01/31 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
    [2014/01/31 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2014/01/31 13:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2014
    [2014/01/31 04:35:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2014/01/30 22:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Downloads
    [2014/01/29 00:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mötley Crüe [Discography]
    [2014/01/28 22:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
    [2014/01/28 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
    [2014/01/19 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2014/01/19 17:02:25 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/01/19 17:01:56 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/01/19 16:35:38 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
    [2014/01/18 23:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Beaches
    [2014/01/12 20:35:01 | 002,078,952 | ---- | C] (Rocket Division Software) -- C:\WINDOWS\System32\starburnx.dll
    [2014/01/12 20:35:01 | 000,335,872 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\dvdauthor.ocx
    [2014/01/12 20:35:01 | 000,233,472 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomdvdimg.dll
    [2014/01/12 20:35:01 | 000,081,920 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll
    [2014/01/12 20:35:00 | 000,376,832 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomsplitter.dll
    [2014/01/12 20:35:00 | 000,339,968 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtde.dll
    [2014/01/12 20:35:00 | 000,143,360 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtenc.dll
    [2014/01/12 20:35:00 | 000,135,168 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomrmencoder.dll
    [2014/01/12 20:34:59 | 001,470,464 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscommpgenc.dll
    [2014/01/12 20:34:59 | 000,888,832 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomflvdec.dll
    [2014/01/12 20:34:59 | 000,110,592 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudioencoder.dll
    [2014/01/12 20:34:59 | 000,098,304 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudiodata.dll
    [2014/01/12 20:34:59 | 000,086,016 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomframe.dll
    [2014/01/12 20:34:58 | 001,773,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
    [2014/01/12 20:34:58 | 000,266,240 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx
    [2014/01/12 20:34:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
    [2014/01/12 20:34:57 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2014/01/12 20:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
    [2014/01/12 20:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheetah Burner
    [2014/01/12 20:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2014/01/12 19:52:29 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
    [2014/01/12 19:48:54 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4410.dll
    [2014/01/12 19:48:54 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
    [2014/01/12 19:48:54 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
    [2014/01/12 19:48:54 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
    [2014/01/12 19:48:53 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
    [2014/01/12 19:48:52 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
    [2014/01/12 19:48:51 | 000,114,688 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
    [2014/01/12 19:48:51 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
    [2014/01/12 19:48:51 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
    [2014/01/12 19:48:50 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
    [2014/01/12 19:48:50 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
    [2014/01/12 19:48:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
    [2014/01/12 19:48:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
    [2014/01/12 19:48:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
    [2014/01/12 19:48:50 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
    [2014/01/12 19:48:50 | 000,040,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
    [2014/01/12 19:48:49 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
    [2014/01/12 19:48:49 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
    [2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
    [2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
    [2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
    [2014/01/12 19:48:49 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
    [2014/01/12 19:48:49 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
    [2014/01/12 19:48:49 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
    [2014/01/12 19:48:49 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
    [2014/01/12 19:48:49 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
    [2014/01/12 19:48:48 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
    [2014/01/12 19:48:48 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
    [2014/01/12 19:48:48 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
    [2014/01/12 19:48:48 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
    [2014/01/12 19:48:48 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
    [2014/01/12 19:48:48 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
    [2014/01/12 19:48:48 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
    [2014/01/12 19:48:48 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
    [2014/01/12 19:48:48 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
    [2014/01/12 19:48:47 | 001,503,232 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
    [2014/01/12 19:48:47 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
    [2014/01/12 19:48:46 | 000,446,464 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
    [2014/01/12 19:48:46 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
    [2014/01/12 19:48:46 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
    [2014/01/12 19:48:46 | 000,077,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
    [2014/01/12 19:48:45 | 000,073,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
    [2014/01/12 19:48:45 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
    [2014/01/12 19:37:12 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
    [2014/01/12 19:37:11 | 002,318,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
    [2014/01/12 19:37:11 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
    [2014/01/12 19:37:08 | 000,956,026 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
    [2014/01/12 19:37:06 | 000,238,650 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
    [2014/01/12 19:32:00 | 000,121,467 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
    [2014/01/12 19:31:57 | 000,045,694 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
    [2014/01/12 19:31:20 | 000,251,904 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_HWB2.sys
    [2014/01/12 19:30:49 | 001,042,432 | R--- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys
    [2014/01/12 19:30:49 | 000,731,264 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
    [2014/01/12 19:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Innovative Solutions
    [2014/01/12 19:19:05 | 000,985,472 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.sys
    [2014/01/12 19:19:05 | 000,237,568 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32M30.dll
    [2014/01/12 12:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
    [2014/01/12 12:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
    [2014/01/12 12:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
    [2014/01/12 12:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
    [2014/01/11 21:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
    [2014/01/11 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
    [2014/01/04 20:38:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2014/01/04 20:38:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2014/01/04 20:38:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2014/01/04 20:38:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2014/01/03 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2014/01/03 20:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
    [2014/01/03 19:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\1Step DVD Copy
    [2014/01/03 15:59:02 | 000,000,000 | ---D | C] -- C:\ZCAVIToDVD
    [2014/01/03 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZC AVI to DVD Creator
    [2014/01/03 15:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\ZC AVI to DVD Creator
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/01 00:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/31 23:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/01/31 23:12:34 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2014/01/31 18:55:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/01/31 16:09:43 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2014/01/31 15:59:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2014/01/31 15:04:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/31 15:04:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/01/31 14:32:24 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/01/31 04:29:21 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
    [2014/01/28 23:42:56 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2014/01/19 17:02:25 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/01/19 17:01:56 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/01/16 22:35:38 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/01/12 20:34:57 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cheetah CD Burner.lnk
    [2014/01/12 20:28:14 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\burnaware.ini
    [2014/01/11 21:25:34 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio FREE.lnk
    [2014/01/11 21:25:34 | 000,000,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio FREE.lnk
    [2014/01/11 16:58:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/01/11 16:58:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/01/07 22:36:31 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
    [2014/01/06 22:59:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
    [2014/01/04 18:42:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/01/03 22:13:29 | 000,436,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/01/03 22:13:29 | 000,067,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2014/01/03 15:29:03 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZC AVI to DVD Creator.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/01/31 16:09:43 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
    [2014/01/31 14:32:24 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/01/28 22:36:21 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
    [2014/01/12 20:35:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
    [2014/01/12 20:35:01 | 000,054,612 | ---- | C] () -- C:\WINDOWS\System32\starburnx.tlb
    [2014/01/12 20:34:59 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
    [2014/01/12 20:34:58 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
    [2014/01/12 20:34:58 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2014/01/12 20:34:57 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cheetah CD Burner.lnk
    [2014/01/12 19:48:45 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2014/01/12 19:48:45 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2014/01/12 19:48:45 | 000,024,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2014/01/12 19:48:45 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2014/01/12 19:31:21 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFTProf.cty
    [2014/01/12 19:19:05 | 000,146,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
    [2014/01/11 21:25:34 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio FREE.lnk
    [2014/01/11 21:25:34 | 000,000,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio FREE.lnk
    [2014/01/11 16:40:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/01/04 20:38:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2014/01/04 20:38:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2014/01/04 20:38:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2014/01/04 20:38:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2014/01/04 20:38:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2014/01/04 20:25:58 | 000,265,524 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1965331169-725345543-1003-0.dat
    [2014/01/04 20:25:58 | 000,132,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2014/01/04 18:42:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/01/03 15:29:03 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZC AVI to DVD Creator.lnk
    [2013/12/04 20:03:53 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
    [2013/09/08 03:12:52 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\burnaware.ini
    [2013/09/06 22:58:44 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/09/06 16:18:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2013/09/06 16:08:47 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
    [2013/09/06 16:08:45 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
    [2013/09/06 15:46:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/09/06 15:40:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2013/09/06 11:34:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== ZeroAccess Check ==========

    [2013/12/05 20:13:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/03/07 01:46:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2008/03/07 01:46:04 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/03/07 01:46:12 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/01/11 21:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
    [2013/12/04 12:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
    [2013/10/15 18:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/11/13 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
    [2013/12/18 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2013/09/14 19:11:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/10/10 22:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2014/02/01 00:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2013/09/06 16:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
    [2013/10/10 22:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SummerSoft
    [2013/09/26 07:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
    [2013/09/06 16:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
    [2014/01/11 21:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
    [2013/11/06 23:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DRPSu
    [2013/10/10 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
    [2013/09/14 19:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    [2014/01/31 15:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2013/09/06 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yandex

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2013/11/25 14:14:38 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\&#20270;&#41326;&#21652;6
    [2013/11/25 03:37:26 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\&#20270;&#41326;&#21652;6
    [2013/11/19 15:58:01 | 105,275,480 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\&#6281;&#24965;&#21652;6
    [2013/11/19 13:58:04 | 105,275,480 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\&#6281;&#24965;&#21652;6

    < End of report >
     
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    AndyLaz

    I can't find any signs of malware.
    Is your computer acting OK?

    Run this as a precaution:

    Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.

    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select Perform quick scan, then click Scan.

    * When the scan is complete, click OK, then Show Results to view the results.

    * Be sure that everything is checked, and click Remove Selected.

    * When completed, a log will open in Notepad.

    * Post the log back here.


    Be sure to restart the computer.

    2oG
     
  6. AndyLaz

    AndyLaz Member

    Joined:
    Aug 13, 2011
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    I'll run it tomorrow and let you know how it turns out . Thanks for your help .
     
  7. AndyLaz

    AndyLaz Member

    Joined:
    Aug 13, 2011
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.01.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5503
    Owner :: OWNER-PC [administrator]

    2/1/2014 12:55:45 PM
    mbam-log-2014-02-01 (12-55-45).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236578
    Time elapsed: 1 hour(s), 38 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

    Files Detected: 22
    C:\Documents and Settings\Owner\My Documents\Downloads\VideoConverterSetup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027282.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027283.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027284.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027285.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027286.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027287.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027288.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027289.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027290.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027291.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027398.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027399.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP147\A0027400.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP149\A0028467.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C49B5BCA-1AF7-44C6-A170-926B189914CC}\RP163\A0036846.exe (PUP.Optional.Jumpyapps) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

    (end)

    I deleted TR/Trash.gen from avira and plan to do a re-scan .
     
  8. AndyLaz

    AndyLaz Member

    Joined:
    Aug 13, 2011
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    I just looked in the malwarebytes quarantine and all the threats are still there after I clicked to remove them and restart the computer .
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    click delete all in mbam quarantine.. see if they go away.

    p.s. MBAM puts all in quarantine, they can't hurt you there, then you must delete them.
    they do that so you can restore one if it's a mistake.
     
    Last edited: Feb 1, 2014
  10. AndyLaz

    AndyLaz Member

    Joined:
    Aug 13, 2011
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    16
    It looks like the TR/Trash.gen virus is gone after running Avira again , and I deleted all the other malware from malware-bytes and everything is ok so far . I'll keep you updated , thanks for your help .
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Keep an eye on it and if you need help just let me know.
     

Share This Page