OTL logfile created on: 12/10/2011 11:32:14 AM - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.25% Memory free
3.98 Gb Paging File | 2.35 Gb Available in Paging File | 59.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 689.44 Gb Free Space | 74.02% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.87% Space Free | Partition Type: NTFS
 
Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/12/10 11:31:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
PRC - [2011/11/29 21:40:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/09 06:57:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/21 11:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2008/11/18 09:31:38 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\VentSrv\ventrilo_srv.exe
PRC - [2008/08/25 08:02:58 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/11/09 06:57:13 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 18:53:16 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:[b]64bit:[/b] - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility)
SRV - [2011/11/29 21:40:43 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/13 06:28:12 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/21 11:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/25 08:02:58 | 000,076,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe -- (Ventrilo)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/12/08 09:06:13 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:[b]64bit:[/b] - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:[b]64bit:[/b] - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/05/11 11:00:40 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:[b]64bit:[/b] - [2009/09/15 10:13:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:[b]64bit:[/b] - [2009/09/15 10:13:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:[b]64bit:[/b] - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:[b]64bit:[/b] - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/12/08 19:19:32 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\enmsp.sys -- (vvksyeq)
DRV - [2011/12/08 19:09:24 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\twgpdk.sys -- (vjogzkm)
DRV - [2011/12/08 19:04:52 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\brox.sys -- (funt)
DRV - [2010/09/04 02:14:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\hmonitor45.sys -- (Hmonitor45)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E F3 4F 0E 96 A4 CC 01  [binary data]
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 06:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/07 17:51:10 | 000,000,000 | ---D | M]
 
[2011/05/16 19:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2011/12/07 10:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions
[2011/12/07 10:59:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/22 20:17:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions\toolbar@ask.com
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\searchplugins\askcom.xml
[2011/12/10 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/10 10:46:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 06:57:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2010/11/23 09:39:16 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 06:57:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
 
O1 HOSTS File: ([2011/12/07 16:42:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:[b]64bit:[/b] - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69A4787F-18B1-4708-886C-CD071846ECDD}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:[b]64bit:[/b] FastUserSwitchingCompatibility - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/12/10 11:31:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/12/10 10:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/09 15:44:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/09 15:17:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\ImgBurn
[2011/12/09 15:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/12/09 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/12/08 20:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/08 19:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/12/08 18:46:50 | 007,045,869 | ---- | C] (BitDefender LLC) -- C:\Users\Aaron\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/12/08 18:29:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Aaron\Desktop\xxx.exe
[2011/12/08 17:38:28 | 010,487,296 | ---- | C] (BitDefender LLC) -- C:\Users\Aaron\Desktop\BDRemovalTool_TDSS-Clones_x64.exe
[2011/12/08 16:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/08 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\GooredFix Backups
[2011/12/08 09:00:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/07 17:10:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/07 15:51:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 14:18:21 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7D026599-317C-425B-BD31-EE0F435A28FD}
[2011/12/07 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F7487026-64FD-46DB-BAEA-BCF3628708FE}
[2011/12/06 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Avira
[2011/12/06 22:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/06 22:32:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/06 22:32:52 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/06 22:32:52 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/06 22:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/06 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/06 22:16:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3197B743-E0AA-4380-BDC6-CA7C4F08ECCE}
[2011/12/06 22:16:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{90EE97D1-1892-4305-B7F7-587018A5D6B0}
[2011/12/06 21:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/06 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/06 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/06 21:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/06 21:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/06 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/06 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{904C220A-1395-4CD3-B759-6C2903F21975}
[2011/12/06 09:01:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{147F59EF-EC4F-4E1D-B6D8-AF3DA494221E}
[2011/12/05 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{976765DD-E7E2-413F-9A50-CA975F7CB000}
[2011/12/05 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{E1662DE7-0C14-4BF6-A6D4-26AAE44FF3F1}
[2011/12/05 17:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/12/05 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Wireshark
[2011/12/05 15:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2011/12/05 12:05:03 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/05 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Sunbelt Software
[2011/12/05 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/05 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/05 08:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/05 08:04:24 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/05 07:57:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B73E102E-E384-4244-878C-C11137B0D838}
[2011/12/05 07:57:35 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{67729157-668C-4190-9E0A-9BC168CFD3C9}
[2011/12/04 04:33:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{322B4A21-C409-45CF-A8B9-5D7DFB0364D3}
[2011/12/04 04:33:21 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4CEDDDF4-9466-42AD-B28C-785C730DC1D5}
[2011/12/03 16:30:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D64443B3-1441-48AE-8589-CF8CE58D2722}
[2011/12/03 16:30:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{24D32C51-7968-4E49-B39D-3D3CA3BA7EB7}
[2011/12/02 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{0A3A46EF-7E1F-4823-BAF1-EF3CEA59ACFE}
[2011/12/02 22:40:44 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B6947607-FC57-40D2-B064-577461B219E2}
[2011/12/02 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{A008E696-1F8B-46E3-B03B-8DFA77B35C58}
[2011/12/02 10:40:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{13858552-9C2A-49A8-956F-16F34536A3F8}
[2011/12/01 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{E2D9BD09-F685-4BBC-AC52-67553F6A893C}
[2011/12/01 10:15:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{51BAF048-FC39-4D78-B449-BEB8AEEC9BA1}
[2011/11/30 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7C556479-7F91-4E18-9ACF-B88AD35BBEEC}
[2011/11/30 22:14:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{263FE104-E007-4944-8598-07EE473B98EB}
[2011/11/30 13:10:11 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\XBMC
[2011/11/30 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2011/11/30 13:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2011/11/30 12:47:20 | 000,000,000 | ---D | C] -- C:\xbmc addons
[2011/11/30 10:14:12 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{13FA6372-3341-467B-A7CA-24246A1C8FDA}
[2011/11/30 10:14:00 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{DCFF2B46-6B08-4937-B495-63D2E097C289}
[2011/11/29 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FAD0F31B-902D-43F3-AF56-0350BDA97447}
[2011/11/29 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F0F20837-2BF2-4983-98B5-79ED4923E94C}
[2011/11/29 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{47CFFFBC-1073-4E59-B3B7-C79831BB513F}
[2011/11/29 08:21:49 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{2591B5F4-447B-4F9D-8A12-6F78DAF64A31}
[2011/11/28 11:53:31 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{59E8ECC3-768E-453C-9E2B-B7DEA0F60417}
[2011/11/28 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4C3604D4-523A-4F30-BED8-3C3852019199}
[2011/11/28 11:48:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{86D10A6B-D8A8-4C3A-9FD2-CD54D3D6BCA2}
[2011/11/28 11:48:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{95C501DB-D2CF-4010-B90D-3B348E0EB789}
[2011/11/27 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{63A6F59A-9E17-44EA-A636-DB6DC0633AA7}
[2011/11/27 16:48:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{0D584EF0-853A-4BBE-BF1D-7F4148554C6B}
[2011/11/27 04:37:49 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3299F32D-89E9-402C-BD6B-CDCD3578BA9E}
[2011/11/27 04:37:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{915476FD-A799-4D3E-8F08-4AF59F402670}
[2011/11/26 06:15:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{90D26FAB-9491-4DF5-8669-D599F63D99B0}
[2011/11/26 06:15:08 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{04812F26-28CD-4CE4-AAA5-939526C402C5}
[2011/11/25 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{C1357B4B-5C74-4546-A9E8-16378DEB228B}
[2011/11/25 15:29:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{0A206FB3-70BF-440B-BC74-535F6758A415}
[2011/11/24 14:43:08 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{72C7EBF4-1096-4639-9C0B-F7A4FBFB578B}
[2011/11/24 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{8C53D4E7-83C3-4B97-84AD-9A306BCB0DA4}
[2011/11/23 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{457DD3CD-5F8F-45F3-A9AE-3EE8E077F146}
[2011/11/23 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{342188D6-B420-4824-917C-5F8FB4E0E0EA}
[2011/11/23 05:06:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9AA6BDDA-8655-4C3A-9725-0418D476B5C7}
[2011/11/23 05:06:03 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{25FB3596-80B6-4544-9B75-B4FE991CDD74}
[2011/11/22 21:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2011/11/22 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\APN
[2011/11/22 19:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/22 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{BBED2036-5600-424C-98CE-38839F048B24}
[2011/11/22 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{18FDEB8F-58BE-4EB8-8D14-09CABE6505B3}
[2011/11/21 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{649445B7-15E8-4FBB-A8C1-A09F50BE7954}
[2011/11/21 23:45:53 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7EAE35D9-9E24-4ACF-93F8-FA9DB8C3AC57}
[2011/11/21 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{FE8644FC-5EE1-4293-A773-6CAF5514725B}
[2011/11/21 10:50:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3DF661C4-2E54-46D5-82E3-3719638F7E70}
[2011/11/20 18:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/11/20 13:07:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7D3FFB3E-FAEA-443F-9B4F-B2A801B4B5DF}
[2011/11/20 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{25071D6B-CE69-4715-BA28-5A5081E621BB}
[2011/11/19 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4F437241-CB4A-421D-A44D-12861ABB6424}
[2011/11/19 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{AF9E7743-A013-49E0-AED2-8D833F0FAF42}
[2011/11/18 11:28:22 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B945E0BB-B7CF-489C-996D-BB514D601A88}
[2011/11/18 11:28:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{40C59A2B-11AC-4852-A31C-C4672BCF703E}
[2011/11/17 09:45:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9628E17D-B7A9-41B2-BEA6-BD1044763D24}
[2011/11/17 09:45:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{12C05F2B-BCA0-4D5B-BB22-77765C0CCC7B}
[2011/11/16 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F863DD91-3177-43AA-A5EB-174412F1F342}
[2011/11/16 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{05C59D4C-D79E-4D04-A3B2-788829C3DF21}
[2011/11/15 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{20CBACFB-96F5-48F4-805F-03380281035C}
[2011/11/15 14:21:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{96D14341-8A66-4C62-A30E-006154D0772B}
[2011/11/14 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4B5B3452-E829-4FD2-AB1B-87D7031BE811}
[2011/11/14 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{EA636035-72BB-4079-A0AD-CC1EE2827FBC}
[2011/11/14 10:48:04 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{E8BD4412-C07B-4BFC-A5D0-714BAD3EC03E}
[2011/11/14 10:47:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{0F3E0C5B-AC0C-4914-9951-25DD11781A93}
[2011/11/13 10:32:25 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F91220A0-0652-4C8A-984F-14E6B6DB2C76}
[2011/11/13 10:32:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{742B24FB-B8DD-47B1-9A86-9E9BCD9D80A4}
[2011/11/12 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{0A6E374B-FAEB-4C8C-9150-DA493062B276}
[2011/11/12 10:06:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F84D13F8-5CE1-4BA7-8855-E0F5DE2F89D7}
[2011/11/11 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B6AB551B-93BA-49D3-B83A-D1A93E3E2B2C}
[2011/11/11 18:16:50 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F2A29335-4650-4154-BE8C-D6D6CEEC9F88}
[2011/11/11 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/11 16:20:12 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/11 16:20:12 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/11 14:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/11/11 14:55:08 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\SystemRequirementsLab
[2011/11/11 06:16:20 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{53C70424-8E65-48A8-A3E9-9ED05EB09A0E}
[2011/11/11 06:16:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7DAE56AF-8636-4374-8288-A83E9374364C}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/12/10 11:31:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/12/10 11:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 09:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 05:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
[2011/12/09 15:56:59 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 15:56:59 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 15:51:07 | 000,080,384 | ---- | M] () -- C:\Users\Aaron\Desktop\MBRCheck(1).exe
[2011/12/09 15:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/09 15:12:40 | 115,079,168 | ---- | M] () -- C:\Users\Aaron\Desktop\gparted-live-0.10.0-3.iso
[2011/12/09 15:06:30 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/09 13:27:29 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Aaron\Desktop\xxx.exe
[2011/12/09 13:06:31 | 000,236,455 | ---- | M] () -- C:\Users\Aaron\Desktop\diskmanagement.jpg
[2011/12/08 20:12:48 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 19:53:31 | 000,302,592 | ---- | M] () -- C:\Users\Aaron\Desktop\tpttg2bx.exe
[2011/12/08 19:19:32 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\enmsp.sys
[2011/12/08 19:19:32 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/12/08 19:09:24 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\twgpdk.sys
[2011/12/08 19:04:52 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\brox.sys
[2011/12/08 19:00:32 | 000,724,952 | ---- | M] () -- C:\Users\Aaron\Desktop\avenger.zip
[2011/12/08 18:51:32 | 000,684,297 | ---- | M] () -- C:\Users\Aaron\Desktop\unhide.exe
[2011/12/08 18:47:27 | 007,045,869 | ---- | M] (BitDefender LLC) -- C:\Users\Aaron\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/12/08 18:33:50 | 000,568,832 | ---- | M] () -- C:\Users\Aaron\Desktop\BTKR_RunBox.exe
[2011/12/08 17:39:28 | 010,487,296 | ---- | M] (BitDefender LLC) -- C:\Users\Aaron\Desktop\BDRemovalTool_TDSS-Clones_x64.exe
[2011/12/08 16:10:47 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/08 09:06:13 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/07 16:42:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/06 22:33:13 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/06 21:47:09 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/12/06 08:44:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/06 08:44:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 16:05:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 15:24:14 | 000,001,750 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/12/05 12:05:03 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/05 10:37:06 | 000,007,635 | ---- | M] () -- C:\Users\Aaron\Desktop\Nat Turner.rtf
[2011/12/05 08:52:21 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/05 08:31:28 | 000,001,288 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/04 06:35:29 | 000,000,046 | ---- | M] () -- C:\Users\Aaron\jagex_runescape_preferences.dat
[2011/12/04 06:35:28 | 000,000,040 | ---- | M] () -- C:\Users\Aaron\jagex_cl_runescape_LIVE.dat
[2011/12/04 04:45:07 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/04 04:45:07 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/04 04:45:07 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/04 04:23:22 | 000,000,312 | ---- | M] () -- C:\ProgramData\~O8CkuojsBLu5iM
[2011/12/04 04:23:22 | 000,000,216 | ---- | M] () -- C:\ProgramData\~O8CkuojsBLu5iMr
[2011/12/04 04:23:16 | 000,000,344 | ---- | M] () -- C:\ProgramData\O8CkuojsBLu5iM
[2011/12/03 12:58:22 | 000,000,099 | ---- | M] () -- C:\Users\Aaron\jagex_runescape_preferences2.dat
[2011/11/30 16:18:42 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/30 16:18:42 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/30 16:18:22 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/30 13:44:50 | 000,328,041 | ---- | M] () -- C:\Users\Aaron\Desktop\CampusMapPHC.pdf
[2011/11/29 21:41:21 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/29 21:40:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/21 17:54:28 | 000,003,729 | ---- | M] () -- C:\Users\Aaron\Desktop\Yue.rtf
[2011/11/18 22:47:33 | 000,000,725 | ---- | M] () -- C:\Users\Aaron\Desktop\Battlefield 3.lnk
[2011/11/14 11:13:52 | 000,036,131 | ---- | M] () -- C:\Users\Aaron\Desktop\premonly.php
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/12/09 15:51:00 | 000,080,384 | ---- | C] () -- C:\Users\Aaron\Desktop\MBRCheck(1).exe
[2011/12/09 15:48:33 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/12/09 15:06:30 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/09 15:06:30 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/09 14:59:37 | 115,079,168 | ---- | C] () -- C:\Users\Aaron\Desktop\gparted-live-0.10.0-3.iso
[2011/12/09 13:06:31 | 000,236,455 | ---- | C] () -- C:\Users\Aaron\Desktop\diskmanagement.jpg
[2011/12/08 19:53:30 | 000,302,592 | ---- | C] () -- C:\Users\Aaron\Desktop\tpttg2bx.exe
[2011/12/08 19:19:32 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\enmsp.sys
[2011/12/08 19:09:24 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\twgpdk.sys
[2011/12/08 19:04:54 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/12/08 19:04:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\brox.sys
[2011/12/08 19:00:49 | 000,731,136 | ---- | C] () -- C:\Users\Aaron\Desktop\avenger.exe
[2011/12/08 19:00:25 | 000,724,952 | ---- | C] () -- C:\Users\Aaron\Desktop\avenger.zip
[2011/12/08 18:51:29 | 000,684,297 | ---- | C] () -- C:\Users\Aaron\Desktop\unhide.exe
[2011/12/08 18:33:40 | 000,568,832 | ---- | C] () -- C:\Users\Aaron\Desktop\BTKR_RunBox.exe
[2011/12/08 16:10:47 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/06 22:33:13 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/06 21:47:29 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/06 21:47:28 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
[2011/12/06 21:47:09 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/12/05 16:05:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 15:24:14 | 000,001,750 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/12/05 15:24:13 | 000,001,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/12/05 10:36:07 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/05 10:36:07 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 08:22:53 | 000,001,288 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/04 04:23:22 | 000,000,312 | ---- | C] () -- C:\ProgramData\~O8CkuojsBLu5iM
[2011/12/04 04:23:22 | 000,000,216 | ---- | C] () -- C:\ProgramData\~O8CkuojsBLu5iMr
[2011/12/04 04:23:16 | 000,000,344 | ---- | C] () -- C:\ProgramData\O8CkuojsBLu5iM
[2011/12/03 12:55:42 | 000,000,040 | ---- | C] () -- C:\Users\Aaron\jagex_cl_runescape_LIVE.dat
[2011/11/30 13:44:36 | 000,328,041 | ---- | C] () -- C:\Users\Aaron\Desktop\CampusMapPHC.pdf
[2011/11/20 17:37:13 | 000,003,729 | ---- | C] () -- C:\Users\Aaron\Desktop\Yue.rtf
[2011/11/18 22:47:33 | 000,000,725 | ---- | C] () -- C:\Users\Aaron\Desktop\Battlefield 3.lnk
[2011/11/14 11:13:49 | 000,036,131 | ---- | C] () -- C:\Users\Aaron\Desktop\premonly.php
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/02 06:00:21 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/20 19:22:37 | 000,007,598 | ---- | C] () -- C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/26 11:29:18 | 000,000,084 | ---- | C] () -- C:\Windows\netdet.ini
[2011/01/26 09:48:25 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2010/10/11 23:14:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/10 10:00:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/27 21:10:52 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/27 21:10:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/04 01:13:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/12/08 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Azureus
[2011/05/17 06:24:39 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\CheckPoint
[2011/03/22 01:25:56 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Darkfall
[2010/09/05 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Darkfall US
[2011/01/23 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Elluminate
[2010/12/19 02:51:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\GetRightToGo
[2011/12/09 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\ImgBurn
[2010/11/24 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mumble
[2011/08/07 08:12:42 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\OpenCandy
[2011/11/04 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Origin
[2011/08/27 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\RIFT
[2011/01/26 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Smith Micro
[2011/11/11 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\SystemRequirementsLab
[2010/09/06 02:12:00 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Sytexis Software
[2011/12/08 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\TS3Client
[2011/12/05 15:35:03 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Wireshark
[2011/12/09 23:48:13 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\XBMC
[2011/10/09 13:02:35 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/10 05:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2011/12/08 19:19:32 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >[/color]
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F24D955-88D2-455E-A1FF-DFBDC07ABE18}]
"NameServerList" =  [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{69A4787F-18B1-4708-886C-CD071846ECDD}]
"NameServerList" =  [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9235C2C4-661C-41A4-9372-4384C7B46E0C}]
"NameServerList" =  [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >[/color]
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 04 01 01 01 03 01 08 01 07 01 05 01 00 01 02  [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
 
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]

< End of report >