Since this morning my pc comes up with 2 things that just seems to be looping over and over.
1)Microsoft Security Essentials - Comes up with alerts like:
Detected: Virtool: Win32/Obfuscator.XZ
2)Bitdefender comes up with: (even selecting "ok" the next bunch just comes up over and over )
Virus name: Gen:Trojan.Heur.LP.Gy7@a0q2.....(can't see the rest)
Accessed by: MsMpEng.exe
Location: C:\widows\Temp\tmp000021c......(can't see the rest)
File was blocked
Virus name: looks same as above, etc
I tried deleting the windows\temp dir, but it does not alow me to delete 2 or 3 folders.
I also tried running TFC.exe, but they just keep coming back
Thanks for any help offered. It is much appreciated!!
OTL Log
OTL logfile created on: 6/13/2011 9:38:32 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 53.93% Memory free
11.98 Gb Paging File | 9.34 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 48.15 Gb Free Space | 49.36% Space Free | Partition Type: NTFS
Drive D: | 833.86 Gb Total Space | 738.96 Gb Free Space | 88.62% Space Free | Partition Type: NTFS
Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 37.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: RENNIE-PC | User Name: Rennie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/13 21:18:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Tools\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/07 18:50:00 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2010/11/09 10:12:30 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/03/13 19:09:10 | 002,060,288 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
========== Modules (SafeList) ==========
MOD - [2011/06/13 21:18:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Tools\OTL.exe
MOD - [2011/05/09 22:04:34 | 000,089,600 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\plugin_net.m32
MOD - [2011/05/09 22:04:33 | 000,166,912 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\plugin_extra.m32
MOD - [2011/05/09 22:04:24 | 000,276,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\plugin_nt.m32
MOD - [2011/05/09 22:04:22 | 000,136,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\plugin_base.m32
MOD - [2011/05/09 22:04:21 | 000,657,408 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\plugin_fragments.m32
MOD - [2011/05/09 22:04:17 | 000,120,832 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\plugin_registry.m32
MOD - [2011/05/09 22:04:15 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\midas32.dll
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/12/08 19:03:44 | 000,116,224 | ---- | M] (BitDefender SRL) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00077_002\leaktests.m32
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/06/02 21:32:21 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV:64bit: - [2011/06/02 21:21:46 | 002,660,624 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010/11/30 06:18:06 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/23 07:05:08 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/14 16:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/09 10:12:30 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/09 22:32:55 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/11/29 13:14:36 | 001,186,272 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2010/11/29 13:14:30 | 000,591,968 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/08/20 17:42:04 | 000,099,408 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2010/05/13 15:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2010/04/07 10:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/12/25 09:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009/10/29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/07 13:46:30 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 D7 4C 65 3B BB CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/05/09 23:57:29 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 23:39:50 | 000,000,070 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{42f687e2-7df3-11e0-8e1b-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{42f687e2-7df3-11e0-8e1b-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{52b545e4-7a87-11e0-81f9-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{52b545e4-7a87-11e0-81f9-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5c463be0-258a-11e0-8619-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{5c463be0-258a-11e0-8619-001e101f8aaa}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5f8d5a0d-2585-11e0-940b-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{5f8d5a0d-2585-11e0-940b-20cf304ff262}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5f8d5a1d-2585-11e0-940b-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{5f8d5a1d-2585-11e0-940b-20cf304ff262}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{643c5f8c-7a74-11e0-8297-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{643c5f8c-7a74-11e0-8297-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{643c5f95-7a74-11e0-8297-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{643c5f95-7a74-11e0-8297-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{6c4ae2e8-7f02-11e0-b35f-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{6c4ae2e8-7f02-11e0-b35f-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{bd8a75a7-7ebf-11e0-8353-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{bd8a75a7-7ebf-11e0-8353-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{bd8a75ab-7ebf-11e0-8353-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{bd8a75ab-7ebf-11e0-8353-20cf304ff262}\Shell\AutoRun\command - "" = G:\setup.exe -- [2008/03/13 21:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{be8374a9-8006-11e0-8939-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{be8374a9-8006-11e0-8939-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{be8374ab-8006-11e0-8939-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{be8374ab-8006-11e0-8939-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{c5387aa1-8231-11e0-9426-20cf304ff262}\Shell - "" = AutoRun
O33 - MountPoints2\{c5387aa1-8231-11e0-9426-20cf304ff262}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (bddel.exe) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/13 20:16:02 | 000,000,000 | ---D | C] -- C:\Tools
[2011/06/07 21:51:51 | 000,000,000 | ---D | C] -- C:\Users\Rennie\Documents\LucasArts
[2011/06/07 21:51:51 | 000,000,000 | ---D | C] -- C:\Users\Rennie\AppData\Local\LucasArts
[2011/05/17 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Rennie\Documents\Witcher 2
[2011/05/17 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Rennie\AppData\Local\The Witcher 2
[2011/05/17 18:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2011/05/15 17:03:06 | 000,112,512 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011/05/15 17:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2011/05/15 17:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2011/05/15 17:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
========== Files - Modified Within 30 Days ==========
[2011/06/13 21:40:49 | 000,066,150 | ---- | M] () -- C:\Windows\SysNative\bddel.dat
[2011/06/13 21:40:49 | 000,027,136 | ---- | M] () -- C:\Windows\SysNative\bddel.exe
[2011/06/13 21:06:31 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 21:06:31 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 21:04:03 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/13 21:04:03 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/13 21:04:03 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/13 20:59:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 20:59:08 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 07:33:31 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 09:55:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\imwords.dat
[2011/06/12 09:55:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\im_markovian.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/17 18:23:17 | 000,000,559 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/05/15 17:02:55 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk
[2011/05/15 17:02:55 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2011/05/14 21:49:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\imblacklist.dat
========== Files Created - No Company Name ==========
[2011/06/13 21:08:17 | 000,064,062 | ---- | C] () -- C:\Windows\SysNative\bddel.dat
[2011/06/13 21:08:17 | 000,027,136 | ---- | C] () -- C:\Windows\SysNative\bddel.exe
[2011/06/12 09:55:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\imwords.dat
[2011/06/12 09:55:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\im_markovian.dat
[2011/05/17 18:23:17 | 000,000,559 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/05/15 17:02:55 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk
[2011/05/15 17:02:55 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2011/05/14 21:49:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\imblacklist.dat
[2011/05/09 21:46:35 | 000,069,307 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/01/28 17:28:41 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/08 11:38:06 | 000,000,000 | ---- | C] () -- C:\Users\Rennie\AppData\Roaming\downloads.m3u
[2010/12/26 21:49:49 | 000,000,029 | ---- | C] () -- C:\Users\Rennie\AppData\Roaming\default.rss
[2010/12/14 12:55:47 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/14 12:55:47 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/14 12:55:47 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/14 12:55:47 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/14 12:55:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/12/13 21:44:09 | 000,036,422 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/12/13 21:43:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/12/13 21:43:25 | 000,026,791 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
========== LOP Check ==========
[2010/12/26 18:23:19 | 000,000,000 | -HSD | M] -- C:\Users\Rennie\AppData\Roaming\.#
[2010/12/18 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\Rennie\AppData\Roaming\BitDefender
[2011/01/22 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\Rennie\AppData\Roaming\GameSave Manager 2
[2011/01/02 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Rennie\AppData\Roaming\HDRsoft
[2011/05/09 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\Rennie\AppData\Roaming\QuickScan
[2011/05/09 21:44:59 | 000,000,000 | ---D | M] -- C:\Users\Rennie\AppData\Roaming\Vodafone
[2011/03/17 17:25:25 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >