Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frostwire/pc protection, etc. problems


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I don't think either will interfere but it will run faster without avast and mbam
  • 0

Advertisements


#32
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
C:\Users\home\Downloads\intunemp3(2).exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\home\Downloads\intunemp3.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined


Here's the log from ESET. Running bitdefender next.
  • 0

#33
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sat Dec 01 00:55:13 2012
Machine ID: 842B315E



No infection found.
-------------------



Processes
---------
Adobe® Flash® Player Installer/Uninstal 2292 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
Driver Genius Starter 1936 C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
Driver Genius Task Scheduler 1944 C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
Firefox 912 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 2552 C:\Program Files\Mozilla Firefox\plugin-container.exe
Java™ Platform SE Auto Updater 2 0 1952 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 2540 C:\Program Files\Internet Explorer\ieuser.exe
Microsoft® Windows® Operating System 1968 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 1820 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 3728 C:\Windows\System32\notepad.exe
Microsoft® Windows® Operating System 3228 C:\Windows\System32\taskeng.exe
RoboForm 1992 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
WeatherBug Desktop 1984 C:\Program Files\AWS\WeatherBug\Weather.exe
Windows® Internet Explorer 3072 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Microsoft® Windows® Operating System 2492 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1760 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 800 C:\Windows\System32\wuauclt.exe


Network activity
----------------
Process firefox.exe (912) connected on port 80 (HTTP) --> 74.125.228.122
Process firefox.exe (912) connected on port 80 (HTTP) --> 74.125.228.0
Process firefox.exe (912) connected on port 80 (HTTP) --> 74.125.228.13
Process firefox.exe (912) connected on port 80 (HTTP) --> 173.194.75.99
Process firefox.exe (912) connected on port 80 (HTTP) --> 66.235.142.14
Process firefox.exe (912) connected on port 80 (HTTP) --> 74.125.228.0
Process TaskTray.exe (1944) connected on port 80 (HTTP) --> 208.101.53.235
Process TaskTray.exe (1944) connected on port 80 (HTTP) --> 80.237.189.52
Process Weather.exe (1984) connected on port 80 (HTTP) --> 107.21.62.180



Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
CheckUpdate.exe C:\Program Files\Xvid\CheckUpdate.exe
Driver Genius Starter C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
Driver Genius Task Scheduler C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Mozilla Firefox C:\Program Files\Mozilla Firefox
MusicFrost C:\Program Files\MusicFrost\MusicFrost.exe
RoboForm C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
WeatherBug Desktop C:\Program Files\AWS\WeatherBug\Weather.exe
Windows® Internet Explorer C:\Windows\system32\webcheck.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Windows Defender C:\Program Files\Windows Defender\MSASCui.exe


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
avast! EasyPass C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL
Bitdefender QuickScan C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
Java Deployment Toolkit 7.0.90.5 C:\Windows\system32\npDeployJava1.dll
Java™ Platform SE 7 U9 C:\Program Files\Java\jre7\bin\jp2ssv.dll
Java™ Platform SE 7 U9 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U9 C:\Program Files\Java\jre7\bin\ssv.dll
NPSWF32_11_5_502_110.dll C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: C:\Program Files\Itibiti Soft Phone\Itibiti.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Itibiti.exe"

File not found: C:\Program Files\Lime PRO\LimePro.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"lime pro"

File not found: C:\Program Files\SpeedItup Free\speeditupfree.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"SpeetItUpFree"


Scan
----
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 701dfda2fe95adf7f42f7ad853e5d0a3 C:\Program Files\AWS\WeatherBug\Weather.exe
MD5: 9aca98b6051ab442a3b87d0db601900c C:\Program Files\AWS\WeatherBug\WxDist.dll
MD5: 6cd44651413ce8f6f8a66760b027d23c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 951f36219c7384c6ed6c9f44d45c5235 C:\Program Files\Common Files\System\Ole DB\oledb32.dll
MD5: 892125b60ba6c2a66f485a89c4a6b918 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
MD5: a2a25e0be815a1762148e0869ba41daf C:\Program Files\Driver-Soft\DriverGenius\clmultidx7.ocx
MD5: 6b64479193d343bfe3a444a862e61cd8 C:\Program Files\Driver-Soft\DriverGenius\CodejockControls.ocx
MD5: c281710e1d7cec357765371cd8a29959 C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
MD5: 9f5a88c599f712f0133bbf6901256b04 C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
MD5: fb4ac7969a7cbadb6ea5636ed6163257 C:\Program Files\Driver-Soft\DriverGenius\XceedZip.dll
MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
MD5: 5b2e1c16a2c420f60cd391b666003f14 C:\Program Files\Internet Explorer\ieuser.exe
MD5: 77b9a891222fb46b13e414b99e1af842 C:\Program Files\Internet Explorer\iexplore.exe
MD5: eb47e405a9222ca595e5e763b4156529 C:\Program Files\Java\jre7\bin\jp2ssv.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Java\jre7\bin\msvcr100.dll
MD5: c04fcb7eebeb5097b30468828f20fb9e C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: a7a6954e500715117b64b414ab81cb44 C:\Program Files\Java\jre7\bin\ssv.dll
MD5: d35575fbf6d1625ca46057c02b4f13b7 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: efb14d8390f55f680b76b9d84ae30ca2 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 84889af2a5e9b573fe2da660d1d943eb C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 5e0253f352ce1c42e1690ae3888a6e1b C:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: 7024d85b5265f7189424618e441489b1 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 6075a85e1660c72613de11df79d5a317 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: b8c6104d10621ae3200cd42f00f9ca97 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: b8b15057df15e8185fab92137bd34fdb C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: 020b33b4abc8a9c66b9c1183b9297a8f C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: c69902b0aab8ce5707c2d93c9b1d1e8b C:\Program Files\Mozilla Firefox\nss3.dll
MD5: bdb4627f19b2bdcf658af10d0fca06d8 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: eccdf6913da80184fdbdbe7f08a629f4 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 7bff9c1afba13c742002bf9638733699 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 6baacaa05ac622e9cb64308426c4ba43 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 62ae8ea26ef783b1324521ff2169cfc4 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 78dadd6ee9fb1225991902f45bd1a984 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: b1514054d751670ca8b9d5cc5d598de4 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 695bc149fc7da805fdd4bf463ee60673 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: d961cac0e7345c1d67ed704da7f7b2cd C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 6ce297a4f159db2aabacbe076eb72d91 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: eaf8b6953b35f5e9533b8a77f2427860 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 313265cf4f5f02ed927774da1db3fe00 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: e290d765ae2a7adf97b724638128bb41 C:\Program Files\MusicFrost\MusicFrost.exe
MD5: 27a48862c1474fb42d3c9e64de790528 C:\Program Files\Siber Systems\AI RoboForm\RoboForm.DLL
MD5: b6a87d77cc1e839885ee875a77d89673 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
MD5: e7369ca015162ef4f9e207897ef7ded8 C:\Program Files\Windows Media Player\wmpband.dll
MD5: fd278e51a7d6f52d22fce6c67e037ad6 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: 6d9e1356a9c1b5f36698faff9205e34a C:\Program Files\Xvid\CheckUpdate.exe
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 05e3bac0d6d3bf468754dd9fe8f5e9d2 C:\Windows\AppPatch\AcLayers.DLL
MD5: f4d241169a2635e28732ca51c3adb1ec C:\Windows\AppPatch\AcRedir.DLL
MD5: c9e8191e28539ba03daf5298d6d7f1df C:\Windows\AppPatch\iebrshim.dll
MD5: 9a2d686c89acc36e3aa7cde3d1c45c1a C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: c77f71aa825263541965846edd9e8729 C:\Windows\system32\ADVPACK.DLL
MD5: 86fb6b8ddbcb6e025ce8a90f77af1ff1 C:\Windows\system32\Ati2evxx.exe
MD5: c9c1236cf647fd9c6d218b22ba090d7f C:\Windows\system32\atipdlxx.dll
MD5: 62278f4472dc31e71c5e74430bd14ca8 C:\Windows\system32\atitmmxx.dll
MD5: 70298527adc16f871c5978ec3ae35910 C:\Windows\system32\atiumdag.dll
MD5: 15e5f29898b2c1987dd93cc251feb755 C:\Windows\system32\atiumdva.dll
MD5: d3e6d78285529962349a7f1617035938 C:\Windows\System32\bfe.dll
MD5: ee11e4fe19d61275246e5772bc1ec795 C:\Windows\system32\comsvcs.dll
MD5: bf6f0c2df119f71c22c00525adf2ee56 C:\Windows\system32\corpol.dll
MD5: 615a3b1cda204e8123c5472540d229c0 C:\Windows\system32\CRYPTUI.dll
MD5: d306ea7436ac1587463a89be29b456fb C:\Windows\System32\davclnt.dll
MD5: 5665120753fce7123c4deace241ee715 C:\Windows\system32\DNSAPI.dll
MD5: 4805d9a6d281c7a7defd9094dec6af7d C:\Windows\System32\dnsrslvr.dll
MD5: 48eb99503533c27ac6135648e5474457 C:\Windows\system32\drivers\afd.sys
MD5: a23efb72057fed7128eb558866055fdf C:\Windows\system32\DRIVERS\atikmdag.sys
MD5: 08015d34f6fdd0b355805bad978497c3 C:\Windows\system32\DRIVERS\bcm4sbxp.sys
MD5: cf6a67c90951e3e763d2135dede44b85 C:\Windows\system32\DRIVERS\bcmwl6.sys
MD5: 8153396d5551276227fa146900f734e6 C:\Windows\system32\DRIVERS\bowser.sys
MD5: a3e9fa213f443ac77c7746119d13feec C:\Windows\System32\Drivers\dfsc.sys
MD5: 33b02459e86d0a2b86a6b9fe19139390 C:\Windows\system32\drivers\HTTP.sys
MD5: 6c42815dd57e397f0cd988304b5eb4b3 C:\Windows\system32\DRIVERS\lvuvc.sys
MD5: 5734a0f2be7e495f7d3ed6efd4b9f5a1 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 6b5fa5adfacac9dbbe0991f4566d7d55 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 5c80d8159181c7abf1b14ba703b01e0b C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 126ea89bcc413ee45e3004fb0764888f C:\Windows\system32\DRIVERS\sdbus.sys
MD5: 2252aef839b1093d16761189f45af885 C:\Windows\System32\DRIVERS\srv.sys
MD5: b7ff59408034119476b00a81bb53d5d1 C:\Windows\System32\DRIVERS\srv2.sys
MD5: 2accc9b12af02030f531e6cca6f8b76e C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 6216a954ed7045b62880a92d6c9b9fc7 C:\Windows\System32\drivers\tcpip.sys
MD5: 292a25bb75a568ae2c67169ba2c6365a C:\Windows\system32\drivers\usbaudio.sys
MD5: 7bdb7b0e7d45ac0402d78b90789ef47c C:\Windows\system32\DRIVERS\usbohci.sys
MD5: 0cec23084b51b8288099eb710224e955 C:\Windows\system32\DRIVERS\wpdusb.sys
MD5: b68fcc1f8684ab3ec4be4d0a2537d26d C:\Windows\system32\Dxtmsft.dll
MD5: d12feb0e3ea6063a65a5498ed90fd790 C:\Windows\system32\Dxtrans.dll
MD5: 4fb37ec51bdb2a6543f1f712555b9579 C:\Windows\system32\feclient.dll
MD5: cd5a4dfdebc0e36a666db92f93290c63 C:\Windows\System32\fwpuclnt.dll
MD5: d5e8f09e9db9eb3a81925f7e634b95be C:\Windows\system32\ieapfltr.dll
MD5: 92047ade3fe9ff51132bc14fb8d77997 C:\Windows\system32\ieframe.dll
MD5: 43ab7846279a09104e5e04cce8b241be C:\Windows\system32\iepeers.dll
MD5: 962abfb0805210936f0c149f9154bedf C:\Windows\system32\iertutil.dll
MD5: f2f627e24fc6adf67526840d68a3544d C:\Windows\system32\IEUI.dll
MD5: 68e8c415e102e5d79fd7e4a765b8cba4 C:\Windows\System32\ikeext.dll
MD5: 5a005676a0252fbafec8f68162eb9f88 C:\Windows\system32\ImgUtil.dll
MD5: dcb288183cf77605110944232c6a2665 C:\Windows\system32\jscript.dll
MD5: 306835d4e74e49a5d10f0fca0b422eb1 C:\Windows\system32\kernel32.dll
MD5: 0dcb5d8ecb97961f71dfab464fc99f7d C:\Windows\system32\Macromed\Flash\Flash32_11_5_502_110.ocx
MD5: 0cb0aa071c7b86a64f361dcfdf357329 C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 2bb3507661eb655e0e5b3942998597cf C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.dll
MD5: 4fa52f3693961257e3364aacf8f8b572 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
MD5: a3e477acda2c5a427e56fb075adeb536 C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MD5: f2dc1ce3a91c87e7995500e989a5d2f1 C:\Windows\system32\MFC42u.DLL
MD5: 554ed6988e44fdf18941429e8b2cb652 C:\Windows\system32\MSDART.DLL
MD5: eea6f3cfc1f7e8709ebd8a78fba1674a C:\Windows\system32\msfeeds.dll
MD5: d6c2ceacb1ee184ea0c1d6bd594b398f C:\Windows\system32\mshtml.dll
MD5: c5bbd8bdcf29c18e9646a2f7af2a2a33 C:\Windows\system32\mshtmled.dll
MD5: f3ebda850cc141768498decaad513299 C:\Windows\system32\msls31.dll
MD5: 365fef29b22f626c5756ac0dee91c249 C:\Windows\System32\msshsq.dll
MD5: 8d43735c8b4519ccc473d68e25f24c1d C:\Windows\system32\MSVBVM60.DLL
MD5: e3c52cd56f4cb2d9736c75efaa62a07f C:\Windows\system32\NetworkExplorer.dll
MD5: 5a0b0235899ec846fc914458d5cb5332 C:\Windows\System32\NLSLexicons0009.dll
MD5: daf60e13e96ecb67f0edaa89c6b01b8d C:\Windows\System32\notepad.exe
MD5: 2c82d753ef779945977c82a3908da20a C:\Windows\system32\npDeployJava1.dll
MD5: 89d0e06d6165c98e47065722ce703fad C:\Windows\system32\ntdll.dll
MD5: cabe68b4ad2fec8c18e18f73303eb26f C:\Windows\system32\ODBC32.dll
MD5: aa406846dd60e3a4536dbaab4037b685 C:\Windows\system32\ole32.dll
MD5: 72442157eaf84c806392ec99652bcdc2 C:\Windows\system32\oleaccrc.dll
MD5: fa6bd25a5a65a6ff5be4385098e3bdef C:\Windows\system32\OLEAUT32.dll
MD5: ae70ae6f0760793d4893c3735eec7292 C:\Windows\system32\olepro32.dll
MD5: 4a1feebf039b283258b0e479fa135dba C:\Windows\System32\osbaseln.dll
MD5: b8d3bf818defe1da9a754f214e528221 C:\Windows\system32\pngfilt.dll
MD5: 6684437f3628ef237c354f77d33426d1 C:\Windows\system32\rpcnet.exe
MD5: 9de05ce950e4bc8820464f137029b358 C:\Windows\system32\RPCRT4.dll
MD5: 301ae00e12408650baddc04dbc832830 C:\Windows\system32\rpcss.dll
MD5: 6528ee11efa77f8c8b1c6ead401f907f C:\Windows\system32\schannel.dll
MD5: 7b587b8a6d4a99f79d2902d0385f29bd C:\Windows\system32\schedsvc.dll
MD5: 048b65ec931a39a5f42016be04775274 C:\Windows\system32\SHELL32.dll
MD5: 44338cab70f1db264d2f3f9f86a5d281 C:\Windows\system32\SHLWAPI.dll
MD5: 1e3fdb80e40a3ce645f229dfbdfb7694 C:\Windows\System32\shsvcs.dll
MD5: 3665f79026a3f91fbca63f2c65a09b19 C:\Windows\System32\spoolsv.exe
MD5: 234cb691fba69e8c1be489a341586252 C:\Windows\System32\srchadmin.dll
MD5: 1925e63c91cf1610ae41bfd539062079 C:\Windows\system32\srvsvc.dll
MD5: ed0f7e497b69b6b0fb375c283e2b44be C:\Windows\system32\t2embed.dll
MD5: eafb5897ac9cd84890171ac38862320f C:\Windows\System32\taskeng.exe
MD5: 4e58242f363e84c31531b84c5efa484a C:\Windows\system32\UIAutomationCore.dll
MD5: fedf099539e39797a58f136ac3144be4 C:\Windows\system32\urlmon.dll
MD5: a23e4692716c25e5aea300ed74e73a1c C:\Windows\system32\USP10.dll
MD5: 52a53bcccf489d4097191b7b78dffa58 C:\Windows\system32\wbem\fastprox.dll
MD5: da39b480239feb2cc0f4be7b185b63db C:\Windows\system32\wbem\wbemprox.dll
MD5: 4f4889a9d680714be11b31bd01a0411a C:\Windows\system32\webcheck.dll
MD5: da5a72211661c7f162b332fea4f09a69 C:\Windows\system32\WININET.dll
MD5: e402a6e79d1e4dbfeba8b364c67a3158 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\comctl32.dll
MD5: d702b4e30b31bfcab7bd4e5965c1a5dc C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MD5: 81e199bfe82c106d38f989674d0dec1f C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 cmd.exe


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.66 KB recvd
Scanned 606 files and modules - 113 seconds

==============================================================================
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Run OTL again. (Right click and Run As Admin)


Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Submit C:\Windows\System32\rpcnetp.exe to http://virustotal.com and let's see what they say about it. If they don't say 0/42 or so please copy and paste the report.

How is it running now?
  • 0

#35
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
OTL logfile created on: 01/12/2012 12:22:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

893.32 Mb Total Physical Memory | 213.23 Mb Available Physical Memory | 23.87% Memory free
2.00 Gb Paging File | 1.21 Gb Available in Paging File | 60.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.92 Gb Free Space | 61.62% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 12:21:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
PRC - [2012/11/29 00:53:42 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2012/11/28 12:56:04 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/26 14:18:20 | 000,075,120 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2011/04/23 20:58:48 | 000,292,208 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
PRC - [2009/12/29 09:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/06/03 06:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2012/11/29 09:23:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2012/11/20 01:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://starwebsearch...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: "PureDef Music"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1474
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/29 00:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/29 00:56:27 | 000,000,000 | ---D | M]

[2012/11/28 16:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2012/12/01 00:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions
[2011/03/29 17:00:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/01 00:55:03 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/24 00:42:08 | 000,002,115 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\MFGSearch.xml
[2012/11/28 11:18:08 | 000,001,211 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\Mp3Tube.xml
[2012/11/28 12:48:49 | 000,009,944 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\puredefmusic.xml
[2012/11/30 22:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/28 16:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[2012/11/20 01:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: MF Custom Search ()
CHR - default_search_provider: search_url = http://starwebsearch...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Surf Canyon = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.3.4_0\
CHR - Extension: avast! WebRep = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{657E195F-066D-435C-92DB-7C261E6FE832} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] File not found
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D749C5C-ABDC-44D2-AB7C-64F6F777BD03}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4473B18-506E-40FB-8FE1-6CFF51F348FB}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 12:21:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2012/12/01 00:55:08 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\QuickScan
[2012/11/30 23:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/30 13:08:16 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\home\Desktop\procexp.exe
[2012/11/29 09:10:15 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Macromedia
[2012/11/29 00:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/29 00:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/11/29 00:53:43 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/29 00:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/29 00:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/29 00:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/29 00:26:50 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/29 00:26:49 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/29 00:26:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/29 00:26:21 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/29 00:26:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/29 00:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/29 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/29 00:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2012/11/28 20:39:31 | 000,013,272 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2012/11/28 12:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/11/28 12:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2012/11/28 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\My Avast EasyPass Data
[2012/11/28 12:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012/11/28 12:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/28 12:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/28 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2012/11/28 11:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/01 12:24:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/01 12:24:06 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/01 12:21:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2012/12/01 12:19:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 12:19:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 12:19:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/01 12:19:09 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/12/01 12:19:06 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/12/01 12:19:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012/12/01 12:18:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 12:18:49 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/01 01:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/01 00:04:37 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/30 23:34:09 | 000,599,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/30 23:34:09 | 000,103,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/30 13:08:27 | 002,712,200 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\home\Desktop\procexp.exe
[2012/11/30 09:54:18 | 000,001,659 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/11/30 09:50:51 | 000,000,761 | ---- | M] () -- C:\Users\home\test.vbs
[2012/11/30 09:36:35 | 000,000,910 | ---- | M] () -- C:\Users\home\workaround.vbs
[2012/11/29 23:34:40 | 000,671,232 | ---- | M] () -- C:\Users\home\Desktop\MicrosoftFixit50688.msi
[2012/11/29 16:40:56 | 000,061,440 | ---- | M] ( ) -- C:\Users\home\Desktop\VEW.exe
[2012/11/29 09:23:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/29 09:23:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/29 00:56:28 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/11/29 00:47:09 | 000,000,870 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/29 00:47:09 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/29 00:25:49 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/29 00:25:36 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/29 00:25:36 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/29 00:25:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/29 00:25:30 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/29 00:25:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/11/28 23:52:14 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2012/11/28 23:05:01 | 000,000,293 | ---- | M] () -- C:\Users\home\Desktop\Local Disk © - Shortcut.lnk
[2012/11/28 20:57:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/28 20:44:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/28 20:40:11 | 000,013,272 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\Upgrd.exe
[2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2012/11/28 20:17:33 | 000,000,680 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2012/11/28 17:28:20 | 000,001,829 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2012/11/28 12:57:10 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Run RoboForm TaskBar Icon.job
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/01 00:04:36 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/30 09:54:18 | 000,001,659 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/11/30 09:50:51 | 000,000,761 | ---- | C] () -- C:\Users\home\test.vbs
[2012/11/29 23:34:34 | 000,671,232 | ---- | C] () -- C:\Users\home\Desktop\MicrosoftFixit50688.msi
[2012/11/29 23:23:23 | 000,000,910 | ---- | C] () -- C:\Users\home\workaround.vbs
[2012/11/29 16:40:55 | 000,061,440 | ---- | C] ( ) -- C:\Users\home\Desktop\VEW.exe
[2012/11/29 00:56:28 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/11/29 00:56:27 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/11/29 00:53:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/29 00:47:09 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/28 23:05:01 | 000,000,293 | ---- | C] () -- C:\Users\home\Desktop\Local Disk © - Shortcut.lnk
[2012/11/28 20:36:06 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/28 17:28:20 | 000,001,829 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2012/11/28 12:57:14 | 000,000,680 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2012/11/28 12:57:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\Run RoboForm TaskBar Icon.job
[2011/09/01 23:08:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/08/01 02:46:28 | 000,003,584 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 00:21:32 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/27 00:21:32 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/03 00:57:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/03 00:57:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/02 23:12:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/24 16:22:56 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/02/24 16:20:59 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



OTL Extras logfile created on: 01/12/2012 12:22:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

893.32 Mb Total Physical Memory | 213.23 Mb Available Physical Memory | 23.87% Memory free
2.00 Gb Paging File | 1.21 Gb Available in Paging File | 60.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.92 Gb Free Space | 61.62% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067D9557-E951-4A54-AA6A-96ED3C566185}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{23FCB48F-50F0-42F7-9F3A-51AB7BEB419B}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{527455CB-89FD-495A-B83C-99A480EB1882}" = protocol=17 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
"{5564F247-DFE5-4157-BAC3-604E22B61C02}" = protocol=6 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |
"{618327A5-55F0-4926-B28B-73EE6FE9666D}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{629AB50E-6E73-49FF-9448-8C77C5789269}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{6AF5CF46-345D-4579-BC05-571AE85D49E2}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{84AFB83D-6742-46EC-945A-224D0566A13E}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zsf566.tmp\symnrt.exe |
"{921E0C5D-00E5-499C-9B52-DC5A3C396682}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A79EBFCB-7A05-4400-B815-592750FF9309}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B342E624-31B6-4CE6-8B59-1573C7FD9DBA}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zsf566.tmp\symnrt.exe |
"{FEF5D849-8E50-44C5-82F7-BB8373C2DCB3}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"TCP Query User{5DCF78B5-449D-47F1-AABB-FE8A3D70AA06}C:\program files\lime pro\limepro.exe" = protocol=6 | dir=in | app=c:\program files\lime pro\limepro.exe |
"TCP Query User{95525519-1A0C-4C98-A8B7-C8CA7647DBED}C:\program files\lime pro\limepro.exe" = protocol=6 | dir=in | app=c:\program files\lime pro\limepro.exe |
"UDP Query User{6E582E96-44F5-4483-A8A8-2D73943CD5B4}C:\program files\lime pro\limepro.exe" = protocol=17 | dir=in | app=c:\program files\lime pro\limepro.exe |
"UDP Query User{BF63902A-EB8A-4B91-BA23-7131CB91CCF4}C:\program files\lime pro\limepro.exe" = protocol=17 | dir=in | app=c:\program files\lime pro\limepro.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30A0F8D9-709B-451C-BFB3-D8559F4797F8}" = Fantapper Browser Plugin
"{39F8E2BF-6868-483A-9AC1-7369C1905D7C}" = ASPCA Tri Reminder by We-Care.com v4.0.10.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = avast! EasyPass
"ARO 2011_is1" = ARO 2011
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/11/2012 11:53:19 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/12/2012 12:02:31 AM | Computer Name = home-PC | Source = Perflib | ID = 1010
Description =

Error - 01/12/2012 12:29:56 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/12/2012 12:33:48 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/12/2012 12:33:48 AM | Computer Name = home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/12/2012 1:20:37 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30/11/2012 11:51:42 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 01/12/2012 12:28:17 AM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =

Error - 01/12/2012 1:18:58 PM | Computer Name = home-PC | Source = HTTP | ID = 15016
Description =


< End of report >


here's the logs. It's running better, but when I open firefox the home page is something with that bearshare. I'll submit the rpcnetp.exe later, as I'm about to head into work.
  • 0

#36
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
and never mind; 0/46 from virustotal.
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://starwebsearch...q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "PureDef Music"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
[2012/11/28 16:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
O3 - HKLM\..\Toolbar: (no name) - !{657E195F-066D-435C-92DB-7C261E6FE832} - No CLSID value found.
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [AROReminder] File not found
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h File not found

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12012012-some number.log so if you don't see it look there.

How is it running now?

rpcnetp.exe is legit then. It's sort of lojack for your PC so if it's stolen it can be recovered.
  • 0

#38
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Prefs.js: "PureDef Music" removed from browser.search.selectedEngine
Prefs.js: "http://search.bearshare.com/" removed from browser.startup.homepage
C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{657E195F-066D-435C-92DB-7C261E6FE832} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpeetItUpFree deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AROReminder deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lime pro deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: home
->Flash cache emptied: 46178 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: home
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012012_215335


Running better yet. The one thing I can't get rid of is Musicfrost showing up whenever the laptop is turned on; and something called fantapper browser plugin won't delete. I'm not sure if either are infections or not, but I don't really want them. Musicfrost doesn't show up in add/remove programs.
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Fantapper Browser Plugin shows up in the uninstall list. If it won't uninstall try the free version of Revo:
http://www.revounins...e_download.html

MusicFrost doesn't show up in the OTL log for some reason but BitDefender says it's C:\Program Files\MusicFrost so you might look there to see if there is an uninstall program if not let's get Autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. You should be able to find MusicFrost and uncheck it. Then close Autoruns and reboot and see if it stays away.
  • 0

#40
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Wouldn't uninstall with Revo, so it scanned it and showed where it was, deleted it that way.

When I search for things such as bearshare, some stuff still pops up for it. Anyway to get rid of that? Same with Musicfrost; said it deleted it and all of its components, but there's still an exe file of it.


Ran an Avast scan on my own, and nothing came up. the only thing was some files couldn't be scanned, because they were password protected. That didn't happen two days ago.

Edited by Psu22UL, 02 December 2012 - 11:25 AM.

  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Check with Autoruns. See if you see anything from bearshare or Musicfrost and uncheck them. Then do your search again and just delete anything it finds.
  • 0

#42
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Got a bit of a nasty virus (I should say, sickness), sorry it took so long to get back.

I've run autoruns, but nothing for bearshare or musicfrost come up. My Avast scan once again said it couldn't scan some files because they were password protected.

edit: i've gone and deleted the bearshare thing that came up.

the password protected stuff all seems to deal with install reader 10.

Edited by Psu22UL, 08 December 2012 - 11:00 AM.

  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Sorry for the delay. Had to go off-island to get my wife from the Seattle airport.

If you don't see musicfrost in Autoruns then it's not running so you should be able to do a search for musicfrost, making sure it starts at C:\ and searches all files, hidden and system and just delete any you find.

Password protected stuff is probably OK if you know where it came from. If you are talking Adobe Reader it should be at version 11 or XI not 10.
  • 0

#44
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Sorry once again for the delay, I've been very busy as of late. I haven't found anything of musicfrost on this computer; however, it's been running very slowly as of late. Slow, the internet won't respond, and a little bit of freezing up. I'm going to download filehippo to see if it's just something I have running that's very old and needs updated or something.
  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP