Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect/ TDSS [Solved]


  • This topic is locked This topic is locked

#1
Flotsaf

Flotsaf

    New Member

  • Member
  • Pip
  • 8 posts
Hi, I've had some problems with this the past 2 or so days. I'm posting a lot of this from memory, so bear with me.

One of the viruses hid everything on my desktop while another popped up after spamming 50 error messages and telling me to fix Windows 7 >>> comp shuts down

Upon reboot everything is still hidden >>> I use system restore and everything is back on desktop/quicklaunch sites. After some pain of getting TDSSKiller (I think I had to use some Kaspersky virus removal tool) it eventually worked and found TDSS.x or something similar, along with a few other things. After that Avira/Malware Bytes/SUPERAntiSpyware started working properly and found some other trojans, including some process called ping.exe which was taking up massive amounts of cpu and using up bandwidth. TDSSKiller, GMER, Avira, and SUPER are no longer finding anything other than tracking cookies.

Anyway, since the removal of all that junk, I'm stuck with what I think is a bootkit. I've tried bootrec /fixmbr and few other things eluding my memory, but I'm still getting this with MBRCheck:

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


I'm not particularly good with comps, so be a bit patient please. Thanks!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I believe I know what this might be - but I will need to confirm it first

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

AND FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

aswMBR will not run. I did save it to the desktop. It will not run after being renamed to xxx.exe or xxx.scr

Logs attached


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the size of that first partition 2 MB perchance ?
  • 0

#5
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
it's not appearing in disk management now
  • 0

#6
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
restarted comp and it's back

and yes, it's 2 MB

will post a new screenshot if you want

Edited by Flotsaf, 09 December 2011 - 04:20 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will need you to create two discs - If you cannot create your own repair disc then there is a link to download the recovery ISO

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK.

    THEN


    gparted-live-0.10.0-3.iso (115.1 MB)
    Windows 7 64-Bit (x64) Recovery Environment

    Create a bootable CD, 1 for Gparted and 1 for the Windows 7 Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

    Now boot off of the newly created Gparted CD.

    Posted Image
    You should be here...
    Press ENTER

    Posted Image
    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

    Posted Image
    Choose your language and press ENTER. English is default [33]

    Posted Image
    Once again, at this prompt, press ENTER

    You will now be taken to the main GUI screen below
    Posted Image
    According to your logs, the partition that you want to delete is 2MB
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    Posted Image

    Now you should be here:
    Posted Image

    Posted Image
    Is "boot" next to your OS drive?

    If "boot" is not next to your System Reserve drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

    In the menu that pops up, place a checkmark in boot like the picture below:
    Posted Image

    Now double-click the Posted Image button.

    You should receive a small pop up like this:
    Posted Image
    Choose reboot and then press OK.

    Now reboot from the Windows 7 Recovery Environment CD and execute the following commands:

    [list]
  • bootrec /FixMbr
  • bootrec /FixBoot
  • exit

Once back in Windows.

If you are unable to get to windows then run the recovery disc again and select this option:

Startup Repair



Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.

  • 0

#8
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MBRCheck attached

What was this virus and what was the point of it?

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The point of this virus (TDL4 Mebroot) is to - generate money by one of the following methods :

Click per view payments on the redirect
Download fake malware programmes to extract your money and credit card details
A variation of the above two

Could you now run a fresh OTL scan for me please using the initial scrip, and let me know of any current problems
  • 0

#10
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

OTL log attached. I did not get an extras.txt this time. I haven't had any problems, except when I was doing the recovery after the G Parted fix. It wouldn't start because some MGR or MGB or something boot file was missing. Startup repair fixed it though. Thanks for all your help so far!
OTL log attached. I did not get an extras.txt this time. I haven't had any problems, except when I was doing the recovery after the G Parted fix. It wouldn't start because some MGR or MGB or something boot file was missing. Startup repair fixed it though. Thanks for all your help so far!

OTL logfile created on: 12/10/2011 11:32:14 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.25% Memory free
3.98 Gb Paging File | 2.35 Gb Available in Paging File | 59.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 689.44 Gb Free Space | 74.02% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.87% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 11:31:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011/11/29 21:40:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/09 06:57:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/21 11:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2008/11/18 09:31:38 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\VentSrv\ventrilo_srv.exe
PRC - [2008/08/25 08:02:58 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/09 06:57:13 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 18:53:16 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility)
SRV - [2011/11/29 21:40:43 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/13 06:28:12 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/21 11:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/25 08:02:58 | 000,076,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe -- (Ventrilo)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/08 09:06:13 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/11 11:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2009/09/15 10:13:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/09/15 10:13:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/12/08 19:19:32 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\enmsp.sys -- (vvksyeq)
DRV - [2011/12/08 19:09:24 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\twgpdk.sys -- (vjogzkm)
DRV - [2011/12/08 19:04:52 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\brox.sys -- (funt)
DRV - [2010/09/04 02:14:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\hmonitor45.sys -- (Hmonitor45)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E F3 4F 0E 96 A4 CC 01 [binary data]
IE - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.google.co...b=adawaretb&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 06:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/07 17:51:10 | 000,000,000 | ---D | M]

[2011/05/16 19:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2011/12/07 10:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions
[2011/12/07 10:59:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/22 20:17:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions\[email protected]
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\searchplugins\askcom.xml
[2011/12/10 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/10 10:46:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 06:57:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2010/11/23 09:39:16 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 06:57:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2011/12/07 16:42:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2627347624-225570341-2163133224-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab(Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab(Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69A4787F-18B1-4708-886C-CD071846ECDD}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 11:31:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/12/10 10:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/09 15:44:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/09 15:17:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2011/12/09 15:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/12/09 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/12/08 20:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/08 19:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/12/08 18:46:50 | 007,045,869 | ---- | C] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/12/08 18:29:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\xxx.exe
[2011/12/08 17:38:28 | 010,487,296 | ---- | C] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS-Clones_x64.exe
[2011/12/08 16:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/08 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\GooredFix Backups
[2011/12/08 09:00:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/07 17:10:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/07 15:51:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 14:18:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7D026599-317C-425B-BD31-EE0F435A28FD}
[2011/12/07 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F7487026-64FD-46DB-BAEA-BCF3628708FE}
[2011/12/06 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira
[2011/12/06 22:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/06 22:32:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/06 22:32:52 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/06 22:32:52 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/06 22:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/06 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/06 22:16:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3197B743-E0AA-4380-BDC6-CA7C4F08ECCE}
[2011/12/06 22:16:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{90EE97D1-1892-4305-B7F7-587018A5D6B0}
[2011/12/06 21:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/06 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/06 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/06 21:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/06 21:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/06 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/06 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{904C220A-1395-4CD3-B759-6C2903F21975}
[2011/12/06 09:01:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{147F59EF-EC4F-4E1D-B6D8-AF3DA494221E}
[2011/12/05 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{976765DD-E7E2-413F-9A50-CA975F7CB000}
[2011/12/05 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E1662DE7-0C14-4BF6-A6D4-26AAE44FF3F1}
[2011/12/05 17:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/12/05 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Wireshark
[2011/12/05 15:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2011/12/05 12:05:03 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/05 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sunbelt Software
[2011/12/05 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/05 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/05 08:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/05 08:04:24 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/05 07:57:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B73E102E-E384-4244-878C-C11137B0D838}
[2011/12/05 07:57:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{67729157-668C-4190-9E0A-9BC168CFD3C9}
[2011/12/04 04:33:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{322B4A21-C409-45CF-A8B9-5D7DFB0364D3}
[2011/12/04 04:33:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4CEDDDF4-9466-42AD-B28C-785C730DC1D5}
[2011/12/03 16:30:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D64443B3-1441-48AE-8589-CF8CE58D2722}
[2011/12/03 16:30:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{24D32C51-7968-4E49-B39D-3D3CA3BA7EB7}
[2011/12/02 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A3A46EF-7E1F-4823-BAF1-EF3CEA59ACFE}
[2011/12/02 22:40:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B6947607-FC57-40D2-B064-577461B219E2}
[2011/12/02 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A008E696-1F8B-46E3-B03B-8DFA77B35C58}
[2011/12/02 10:40:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{13858552-9C2A-49A8-956F-16F34536A3F8}
[2011/12/01 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E2D9BD09-F685-4BBC-AC52-67553F6A893C}
[2011/12/01 10:15:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{51BAF048-FC39-4D78-B449-BEB8AEEC9BA1}
[2011/11/30 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7C556479-7F91-4E18-9ACF-B88AD35BBEEC}
[2011/11/30 22:14:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{263FE104-E007-4944-8598-07EE473B98EB}
[2011/11/30 13:10:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\XBMC
[2011/11/30 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2011/11/30 13:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2011/11/30 12:47:20 | 000,000,000 | ---D | C] -- C:\xbmc addons
[2011/11/30 10:14:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{13FA6372-3341-467B-A7CA-24246A1C8FDA}
[2011/11/30 10:14:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DCFF2B46-6B08-4937-B495-63D2E097C289}
[2011/11/29 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{FAD0F31B-902D-43F3-AF56-0350BDA97447}
[2011/11/29 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F0F20837-2BF2-4983-98B5-79ED4923E94C}
[2011/11/29 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{47CFFFBC-1073-4E59-B3B7-C79831BB513F}
[2011/11/29 08:21:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{2591B5F4-447B-4F9D-8A12-6F78DAF64A31}
[2011/11/28 11:53:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{59E8ECC3-768E-453C-9E2B-B7DEA0F60417}
[2011/11/28 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4C3604D4-523A-4F30-BED8-3C3852019199}
[2011/11/28 11:48:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{86D10A6B-D8A8-4C3A-9FD2-CD54D3D6BCA2}
[2011/11/28 11:48:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{95C501DB-D2CF-4010-B90D-3B348E0EB789}
[2011/11/27 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{63A6F59A-9E17-44EA-A636-DB6DC0633AA7}
[2011/11/27 16:48:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0D584EF0-853A-4BBE-BF1D-7F4148554C6B}
[2011/11/27 04:37:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3299F32D-89E9-402C-BD6B-CDCD3578BA9E}
[2011/11/27 04:37:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{915476FD-A799-4D3E-8F08-4AF59F402670}
[2011/11/26 06:15:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{90D26FAB-9491-4DF5-8669-D599F63D99B0}
[2011/11/26 06:15:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{04812F26-28CD-4CE4-AAA5-939526C402C5}
[2011/11/25 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{C1357B4B-5C74-4546-A9E8-16378DEB228B}
[2011/11/25 15:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A206FB3-70BF-440B-BC74-535F6758A415}
[2011/11/24 14:43:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{72C7EBF4-1096-4639-9C0B-F7A4FBFB578B}
[2011/11/24 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{8C53D4E7-83C3-4B97-84AD-9A306BCB0DA4}
[2011/11/23 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{457DD3CD-5F8F-45F3-A9AE-3EE8E077F146}
[2011/11/23 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{342188D6-B420-4824-917C-5F8FB4E0E0EA}
[2011/11/23 05:06:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9AA6BDDA-8655-4C3A-9725-0418D476B5C7}
[2011/11/23 05:06:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{25FB3596-80B6-4544-9B75-B4FE991CDD74}
[2011/11/22 21:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2011/11/22 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\APN
[2011/11/22 19:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/22 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BBED2036-5600-424C-98CE-38839F048B24}
[2011/11/22 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{18FDEB8F-58BE-4EB8-8D14-09CABE6505B3}
[2011/11/21 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{649445B7-15E8-4FBB-A8C1-A09F50BE7954}
[2011/11/21 23:45:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7EAE35D9-9E24-4ACF-93F8-FA9DB8C3AC57}
[2011/11/21 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{FE8644FC-5EE1-4293-A773-6CAF5514725B}
[2011/11/21 10:50:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3DF661C4-2E54-46D5-82E3-3719638F7E70}
[2011/11/20 18:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/11/20 13:07:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7D3FFB3E-FAEA-443F-9B4F-B2A801B4B5DF}
[2011/11/20 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{25071D6B-CE69-4715-BA28-5A5081E621BB}
[2011/11/19 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4F437241-CB4A-421D-A44D-12861ABB6424}
[2011/11/19 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AF9E7743-A013-49E0-AED2-8D833F0FAF42}
[2011/11/18 11:28:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B945E0BB-B7CF-489C-996D-BB514D601A88}
[2011/11/18 11:28:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{40C59A2B-11AC-4852-A31C-C4672BCF703E}
[2011/11/17 09:45:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9628E17D-B7A9-41B2-BEA6-BD1044763D24}
[2011/11/17 09:45:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{12C05F2B-BCA0-4D5B-BB22-77765C0CCC7B}
[2011/11/16 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F863DD91-3177-43AA-A5EB-174412F1F342}
[2011/11/16 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{05C59D4C-D79E-4D04-A3B2-788829C3DF21}
[2011/11/15 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{20CBACFB-96F5-48F4-805F-03380281035C}
[2011/11/15 14:21:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{96D14341-8A66-4C62-A30E-006154D0772B}
[2011/11/14 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4B5B3452-E829-4FD2-AB1B-87D7031BE811}
[2011/11/14 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{EA636035-72BB-4079-A0AD-CC1EE2827FBC}
[2011/11/14 10:48:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E8BD4412-C07B-4BFC-A5D0-714BAD3EC03E}
[2011/11/14 10:47:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0F3E0C5B-AC0C-4914-9951-25DD11781A93}
[2011/11/13 10:32:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F91220A0-0652-4C8A-984F-14E6B6DB2C76}
[2011/11/13 10:32:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{742B24FB-B8DD-47B1-9A86-9E9BCD9D80A4}
[2011/11/12 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A6E374B-FAEB-4C8C-9150-DA493062B276}
[2011/11/12 10:06:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F84D13F8-5CE1-4BA7-8855-E0F5DE2F89D7}
[2011/11/11 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B6AB551B-93BA-49D3-B83A-D1A93E3E2B2C}
[2011/11/11 18:16:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F2A29335-4650-4154-BE8C-D6D6CEEC9F88}
[2011/11/11 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/11 16:20:12 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/11 16:20:12 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/11 14:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/11/11 14:55:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2011/11/11 06:16:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{53C70424-8E65-48A8-A3E9-9ED05EB09A0E}
[2011/11/11 06:16:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7DAE56AF-8636-4374-8288-A83E9374364C}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 11:31:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/12/10 11:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 09:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 05:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
[2011/12/09 15:56:59 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 15:56:59 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 15:51:07 | 000,080,384 | ---- | M] () -- C:\Users\*****\Desktop\MBRCheck(1).exe
[2011/12/09 15:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/09 15:12:40 | 115,079,168 | ---- | M] () -- C:\Users\*****\Desktop\gparted-live-0.10.0-3.iso
[2011/12/09 15:06:30 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/09 13:27:29 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\xxx.exe
[2011/12/09 13:06:31 | 000,236,455 | ---- | M] () -- C:\Users\*****\Desktop\diskmanagement.jpg
[2011/12/08 20:12:48 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 19:53:31 | 000,302,592 | ---- | M] () -- C:\Users\*****\Desktop\tpttg2bx.exe
[2011/12/08 19:19:32 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\enmsp.sys
[2011/12/08 19:19:32 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/12/08 19:09:24 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\twgpdk.sys
[2011/12/08 19:04:52 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\brox.sys
[2011/12/08 19:00:32 | 000,724,952 | ---- | M] () -- C:\Users\*****\Desktop\avenger.zip
[2011/12/08 18:51:32 | 000,684,297 | ---- | M] () -- C:\Users\*****\Desktop\unhide.exe
[2011/12/08 18:47:27 | 007,045,869 | ---- | M] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/12/08 18:33:50 | 000,568,832 | ---- | M] () -- C:\Users\*****\Desktop\BTKR_RunBox.exe
[2011/12/08 17:39:28 | 010,487,296 | ---- | M] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS-Clones_x64.exe
[2011/12/08 16:10:47 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/08 09:06:13 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/07 16:42:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/06 22:33:13 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/06 21:47:09 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/12/06 08:44:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/06 08:44:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 16:05:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 15:24:14 | 000,001,750 | ---- | M] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/12/05 12:05:03 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/05 10:37:06 | 000,007,635 | ---- | M] () -- C:\Users\*****\Desktop\Nat Turner.rtf
[2011/12/05 08:52:21 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/05 08:31:28 | 000,001,288 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/04 06:35:29 | 000,000,046 | ---- | M] () -- C:\Users\*****\jagex_runescape_preferences.dat
[2011/12/04 06:35:28 | 000,000,040 | ---- | M] () -- C:\Users\*****\jagex_cl_runescape_LIVE.dat
[2011/12/04 04:45:07 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/04 04:45:07 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/04 04:45:07 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/04 04:23:22 | 000,000,312 | ---- | M] () -- C:\ProgramData\~O8CkuojsBLu5iM
[2011/12/04 04:23:22 | 000,000,216 | ---- | M] () -- C:\ProgramData\~O8CkuojsBLu5iMr
[2011/12/04 04:23:16 | 000,000,344 | ---- | M] () -- C:\ProgramData\O8CkuojsBLu5iM
[2011/12/03 12:58:22 | 000,000,099 | ---- | M] () -- C:\Users\*****\jagex_runescape_preferences2.dat
[2011/11/30 16:18:42 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/30 16:18:42 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/30 16:18:22 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/30 13:44:50 | 000,328,041 | ---- | M] () -- C:\Users\*****\Desktop\CampusMapPHC.pdf
[2011/11/29 21:41:21 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/29 21:40:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/21 17:54:28 | 000,003,729 | ---- | M] () -- C:\Users\*****\Desktop\Yue.rtf
[2011/11/18 22:47:33 | 000,000,725 | ---- | M] () -- C:\Users\*****\Desktop\Battlefield 3.lnk
[2011/11/14 11:13:52 | 000,036,131 | ---- | M] () -- C:\Users\*****\Desktop\premonly.php
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 15:51:00 | 000,080,384 | ---- | C] () -- C:\Users\*****\Desktop\MBRCheck(1).exe
[2011/12/09 15:48:33 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/12/09 15:06:30 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/09 15:06:30 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/09 14:59:37 | 115,079,168 | ---- | C] () -- C:\Users\*****\Desktop\gparted-live-0.10.0-3.iso
[2011/12/09 13:06:31 | 000,236,455 | ---- | C] () -- C:\Users\*****\Desktop\diskmanagement.jpg
[2011/12/08 19:53:30 | 000,302,592 | ---- | C] () -- C:\Users\*****\Desktop\tpttg2bx.exe
[2011/12/08 19:19:32 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\enmsp.sys
[2011/12/08 19:09:24 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\twgpdk.sys
[2011/12/08 19:04:54 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/12/08 19:04:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\brox.sys
[2011/12/08 19:00:49 | 000,731,136 | ---- | C] () -- C:\Users\*****\Desktop\avenger.exe
[2011/12/08 19:00:25 | 000,724,952 | ---- | C] () -- C:\Users\*****\Desktop\avenger.zip
[2011/12/08 18:51:29 | 000,684,297 | ---- | C] () -- C:\Users\*****\Desktop\unhide.exe
[2011/12/08 18:33:40 | 000,568,832 | ---- | C] () -- C:\Users\*****\Desktop\BTKR_RunBox.exe
[2011/12/08 16:10:47 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/06 22:33:13 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/06 21:47:29 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/06 21:47:28 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
[2011/12/06 21:47:09 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/12/05 16:05:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 15:24:14 | 000,001,750 | ---- | C] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/12/05 15:24:13 | 000,001,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/12/05 10:36:07 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/05 10:36:07 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 08:22:53 | 000,001,288 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/04 04:23:22 | 000,000,312 | ---- | C] () -- C:\ProgramData\~O8CkuojsBLu5iM
[2011/12/04 04:23:22 | 000,000,216 | ---- | C] () -- C:\ProgramData\~O8CkuojsBLu5iMr
[2011/12/04 04:23:16 | 000,000,344 | ---- | C] () -- C:\ProgramData\O8CkuojsBLu5iM
[2011/12/03 12:55:42 | 000,000,040 | ---- | C] () -- C:\Users\*****\jagex_cl_runescape_LIVE.dat
[2011/11/30 13:44:36 | 000,328,041 | ---- | C] () -- C:\Users\*****\Desktop\CampusMapPHC.pdf
[2011/11/20 17:37:13 | 000,003,729 | ---- | C] () -- C:\Users\*****\Desktop\Yue.rtf
[2011/11/18 22:47:33 | 000,000,725 | ---- | C] () -- C:\Users\*****\Desktop\Battlefield 3.lnk
[2011/11/14 11:13:49 | 000,036,131 | ---- | C] () -- C:\Users\*****\Desktop\premonly.php
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/02 06:00:21 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/20 19:22:37 | 000,007,598 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/26 11:29:18 | 000,000,084 | ---- | C] () -- C:\Windows\netdet.ini
[2011/01/26 09:48:25 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2010/10/11 23:14:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/10 10:00:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/27 21:10:52 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/27 21:10:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/04 01:13:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/08 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus
[2011/05/17 06:24:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CheckPoint
[2011/03/22 01:25:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Darkfall
[2010/09/05 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Darkfall US
[2011/01/23 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Elluminate
[2010/12/19 02:51:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2011/12/09 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2010/11/24 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mumble
[2011/08/07 08:12:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy
[2011/11/04 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2011/08/27 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RIFT
[2011/01/26 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Smith Micro
[2011/11/11 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2010/09/06 02:12:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sytexis Software
[2011/12/08 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011/12/05 15:35:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wireshark
[2011/12/09 23:48:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XBMC
[2011/10/09 13:02:35 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/10 05:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/12/08 19:19:32 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F24D955-88D2-455E-A1FF-DFBDC07ABE18}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{69A4787F-18B1-4708-886C-CD071846ECDD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9235C2C4-661C-41A4-9372-4384C7B46E0C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 04 01 01 01 03 01 08 01 07 01 05 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

Attached Files

  • Attached File  OTL.Txt   122.67KB   21 downloads

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks mucho better :)

What are your current problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/12/08 19:19:32 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\enmsp.sys -- (vvksyeq)
    DRV - [2011/12/08 19:09:24 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\twgpdk.sys -- (vjogzkm)
    DRV - [2011/12/08 19:04:52 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\brox.sys -- (funt)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    [2011/12/08 19:09:24 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\twgpdk.sys
    [2011/12/08 19:04:52 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\brox.sys
    [2011/12/08 19:19:32 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\enmsp.sys
    [2011/12/04 04:23:22 | 000,000,312 | ---- | M] () -- C:\ProgramData\~O8CkuojsBLu5iM
    [2011/12/04 04:23:22 | 000,000,216 | ---- | M] () -- C:\ProgramData\~O8CkuojsBLu5iMr
    [2011/12/04 04:23:16 | 000,000,344 | ---- | M] () -- C:\ProgramData\O8CkuojsBLu5iM
    [2011/12/09 15:51:00 | 000,080,384 | ---- | C] () -- C:\Users\Aaron\Desktop\MBRCheck(1).exe
    [2011/12/09 14:59:37 | 115,079,168 | ---- | C] () -- C:\Users\Aaron\Desktop\gparted-live-0.10.0-3.iso

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#12
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

No current problems I'm aware of. Avira seems a lot less agitated than before when it was telling me there was a system modification allowing programs to hide themselves. OTL log attached

OTL logfile created on: 12/10/2011 12:46:48 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.08% Memory free
3.98 Gb Paging File | 2.48 Gb Available in Paging File | 62.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 689.29 Gb Free Space | 74.00% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.87% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 11:31:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011/11/29 21:40:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/02 04:58:39 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/12/21 11:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2008/11/18 09:31:38 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\VentSrv\ventrilo_srv.exe
PRC - [2008/08/25 08:02:58 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/08 19:07:07 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/08 19:07:01 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 19:07:01 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/08 19:07:01 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/08 19:07:01 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility)
SRV - [2011/11/29 21:40:43 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/07 18:53:32 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/13 06:28:12 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/21 11:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/25 08:02:58 | 000,076,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VentSrv\ventrilo_svc.exe -- (Ventrilo)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/08 09:06:13 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/11 11:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2009/09/15 10:13:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2009/09/15 10:13:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/09/04 02:14:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\hmonitor45.sys -- (Hmonitor45)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E F3 4F 0E 96 A4 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.google.co...b=adawaretb&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 06:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/07 17:51:10 | 000,000,000 | ---D | M]

[2011/05/16 19:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2011/12/07 10:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions
[2011/12/07 10:59:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/22 20:17:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\extensions\[email protected]
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\t33akpm2.default\searchplugins\askcom.xml
[2011/12/10 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/10 10:46:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 06:57:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2010/11/23 09:39:16 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 06:57:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

O1 HOSTS File: ([2011/12/10 12:19:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab(Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab(Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab(Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69A4787F-18B1-4708-886C-CD071846ECDD}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 12:12:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/10 11:31:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/12/10 10:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/09 15:44:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/09 15:17:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2011/12/09 15:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/12/09 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/12/08 20:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/08 19:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/12/08 18:46:50 | 007,045,869 | ---- | C] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/12/08 18:29:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\xxx.exe
[2011/12/08 17:38:28 | 010,487,296 | ---- | C] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS-Clones_x64.exe
[2011/12/08 16:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/08 16:02:18 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\GooredFix Backups
[2011/12/08 09:00:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/07 17:10:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/07 15:51:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 14:18:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7D026599-317C-425B-BD31-EE0F435A28FD}
[2011/12/07 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F7487026-64FD-46DB-BAEA-BCF3628708FE}
[2011/12/06 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira
[2011/12/06 22:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/06 22:32:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/06 22:32:52 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/06 22:32:52 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/06 22:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/06 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/06 22:16:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3197B743-E0AA-4380-BDC6-CA7C4F08ECCE}
[2011/12/06 22:16:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{90EE97D1-1892-4305-B7F7-587018A5D6B0}
[2011/12/06 21:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/06 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/06 21:47:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/06 21:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/06 21:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/06 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/06 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{904C220A-1395-4CD3-B759-6C2903F21975}
[2011/12/06 09:01:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{147F59EF-EC4F-4E1D-B6D8-AF3DA494221E}
[2011/12/05 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{976765DD-E7E2-413F-9A50-CA975F7CB000}
[2011/12/05 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E1662DE7-0C14-4BF6-A6D4-26AAE44FF3F1}
[2011/12/05 17:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/12/05 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Wireshark
[2011/12/05 15:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2011/12/05 12:05:03 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/05 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sunbelt Software
[2011/12/05 08:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/05 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/05 08:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/05 08:04:24 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/05 07:57:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B73E102E-E384-4244-878C-C11137B0D838}
[2011/12/05 07:57:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{67729157-668C-4190-9E0A-9BC168CFD3C9}
[2011/12/04 04:33:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{322B4A21-C409-45CF-A8B9-5D7DFB0364D3}
[2011/12/04 04:33:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4CEDDDF4-9466-42AD-B28C-785C730DC1D5}
[2011/12/03 16:30:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D64443B3-1441-48AE-8589-CF8CE58D2722}
[2011/12/03 16:30:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{24D32C51-7968-4E49-B39D-3D3CA3BA7EB7}
[2011/12/02 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A3A46EF-7E1F-4823-BAF1-EF3CEA59ACFE}
[2011/12/02 22:40:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B6947607-FC57-40D2-B064-577461B219E2}
[2011/12/02 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A008E696-1F8B-46E3-B03B-8DFA77B35C58}
[2011/12/02 10:40:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{13858552-9C2A-49A8-956F-16F34536A3F8}
[2011/12/01 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E2D9BD09-F685-4BBC-AC52-67553F6A893C}
[2011/12/01 10:15:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{51BAF048-FC39-4D78-B449-BEB8AEEC9BA1}
[2011/11/30 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7C556479-7F91-4E18-9ACF-B88AD35BBEEC}
[2011/11/30 22:14:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{263FE104-E007-4944-8598-07EE473B98EB}
[2011/11/30 13:10:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\XBMC
[2011/11/30 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2011/11/30 13:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2011/11/30 12:47:20 | 000,000,000 | ---D | C] -- C:\xbmc addons
[2011/11/30 10:14:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{13FA6372-3341-467B-A7CA-24246A1C8FDA}
[2011/11/30 10:14:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DCFF2B46-6B08-4937-B495-63D2E097C289}
[2011/11/29 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{FAD0F31B-902D-43F3-AF56-0350BDA97447}
[2011/11/29 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F0F20837-2BF2-4983-98B5-79ED4923E94C}
[2011/11/29 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{47CFFFBC-1073-4E59-B3B7-C79831BB513F}
[2011/11/29 08:21:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{2591B5F4-447B-4F9D-8A12-6F78DAF64A31}
[2011/11/28 11:53:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{59E8ECC3-768E-453C-9E2B-B7DEA0F60417}
[2011/11/28 11:53:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4C3604D4-523A-4F30-BED8-3C3852019199}
[2011/11/28 11:48:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{86D10A6B-D8A8-4C3A-9FD2-CD54D3D6BCA2}
[2011/11/28 11:48:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{95C501DB-D2CF-4010-B90D-3B348E0EB789}
[2011/11/27 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{63A6F59A-9E17-44EA-A636-DB6DC0633AA7}
[2011/11/27 16:48:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0D584EF0-853A-4BBE-BF1D-7F4148554C6B}
[2011/11/27 04:37:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3299F32D-89E9-402C-BD6B-CDCD3578BA9E}
[2011/11/27 04:37:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{915476FD-A799-4D3E-8F08-4AF59F402670}
[2011/11/26 06:15:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{90D26FAB-9491-4DF5-8669-D599F63D99B0}
[2011/11/26 06:15:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{04812F26-28CD-4CE4-AAA5-939526C402C5}
[2011/11/25 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{C1357B4B-5C74-4546-A9E8-16378DEB228B}
[2011/11/25 15:29:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A206FB3-70BF-440B-BC74-535F6758A415}
[2011/11/24 14:43:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{72C7EBF4-1096-4639-9C0B-F7A4FBFB578B}
[2011/11/24 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{8C53D4E7-83C3-4B97-84AD-9A306BCB0DA4}
[2011/11/23 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{457DD3CD-5F8F-45F3-A9AE-3EE8E077F146}
[2011/11/23 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{342188D6-B420-4824-917C-5F8FB4E0E0EA}
[2011/11/23 05:06:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9AA6BDDA-8655-4C3A-9725-0418D476B5C7}
[2011/11/23 05:06:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{25FB3596-80B6-4544-9B75-B4FE991CDD74}
[2011/11/22 21:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2011/11/22 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\APN
[2011/11/22 19:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/22 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BBED2036-5600-424C-98CE-38839F048B24}
[2011/11/22 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{18FDEB8F-58BE-4EB8-8D14-09CABE6505B3}
[2011/11/21 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{649445B7-15E8-4FBB-A8C1-A09F50BE7954}
[2011/11/21 23:45:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7EAE35D9-9E24-4ACF-93F8-FA9DB8C3AC57}
[2011/11/21 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{FE8644FC-5EE1-4293-A773-6CAF5514725B}
[2011/11/21 10:50:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3DF661C4-2E54-46D5-82E3-3719638F7E70}
[2011/11/20 18:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/11/20 13:07:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7D3FFB3E-FAEA-443F-9B4F-B2A801B4B5DF}
[2011/11/20 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{25071D6B-CE69-4715-BA28-5A5081E621BB}
[2011/11/19 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4F437241-CB4A-421D-A44D-12861ABB6424}
[2011/11/19 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AF9E7743-A013-49E0-AED2-8D833F0FAF42}
[2011/11/18 11:28:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B945E0BB-B7CF-489C-996D-BB514D601A88}
[2011/11/18 11:28:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{40C59A2B-11AC-4852-A31C-C4672BCF703E}
[2011/11/17 09:45:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9628E17D-B7A9-41B2-BEA6-BD1044763D24}
[2011/11/17 09:45:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{12C05F2B-BCA0-4D5B-BB22-77765C0CCC7B}
[2011/11/16 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F863DD91-3177-43AA-A5EB-174412F1F342}
[2011/11/16 11:29:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{05C59D4C-D79E-4D04-A3B2-788829C3DF21}
[2011/11/15 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{20CBACFB-96F5-48F4-805F-03380281035C}
[2011/11/15 14:21:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{96D14341-8A66-4C62-A30E-006154D0772B}
[2011/11/14 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4B5B3452-E829-4FD2-AB1B-87D7031BE811}
[2011/11/14 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{EA636035-72BB-4079-A0AD-CC1EE2827FBC}
[2011/11/14 10:48:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E8BD4412-C07B-4BFC-A5D0-714BAD3EC03E}
[2011/11/14 10:47:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0F3E0C5B-AC0C-4914-9951-25DD11781A93}
[2011/11/13 10:32:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F91220A0-0652-4C8A-984F-14E6B6DB2C76}
[2011/11/13 10:32:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{742B24FB-B8DD-47B1-9A86-9E9BCD9D80A4}
[2011/11/12 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A6E374B-FAEB-4C8C-9150-DA493062B276}
[2011/11/12 10:06:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F84D13F8-5CE1-4BA7-8855-E0F5DE2F89D7}
[2011/11/11 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B6AB551B-93BA-49D3-B83A-D1A93E3E2B2C}
[2011/11/11 18:16:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F2A29335-4650-4154-BE8C-D6D6CEEC9F88}
[2011/11/11 16:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/11 16:20:12 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/11 16:20:12 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/11 14:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/11/11 14:55:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2011/11/11 06:16:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{53C70424-8E65-48A8-A3E9-9ED05EB09A0E}
[2011/11/11 06:16:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7DAE56AF-8636-4374-8288-A83E9374364C}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 12:41:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 12:19:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/10 12:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 11:31:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/12/10 05:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
[2011/12/09 15:56:59 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 15:56:59 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 15:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/09 15:06:30 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/09 13:27:29 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\xxx.exe
[2011/12/09 13:06:31 | 000,236,455 | ---- | M] () -- C:\Users\*****\Desktop\diskmanagement.jpg
[2011/12/08 20:12:48 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 19:53:31 | 000,302,592 | ---- | M] () -- C:\Users\*****\Desktop\tpttg2bx.exe
[2011/12/08 19:19:32 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/12/08 19:00:32 | 000,724,952 | ---- | M] () -- C:\Users\*****\Desktop\avenger.zip
[2011/12/08 18:51:32 | 000,684,297 | ---- | M] () -- C:\Users\*****\Desktop\unhide.exe
[2011/12/08 18:47:27 | 007,045,869 | ---- | M] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/12/08 18:33:50 | 000,568,832 | ---- | M] () -- C:\Users\*****\Desktop\BTKR_RunBox.exe
[2011/12/08 17:39:28 | 010,487,296 | ---- | M] (BitDefender LLC) -- C:\Users\*****\Desktop\BDRemovalTool_TDSS-Clones_x64.exe
[2011/12/08 16:10:47 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/08 09:06:13 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/06 22:33:13 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/06 21:47:09 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/12/06 08:44:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/06 08:44:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 16:05:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 15:24:14 | 000,001,750 | ---- | M] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/12/05 12:05:03 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/05 10:37:06 | 000,007,635 | ---- | M] () -- C:\Users\*****\Desktop\Nat Turner.rtf
[2011/12/05 08:52:21 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/05 08:31:28 | 000,001,288 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/04 06:35:29 | 000,000,046 | ---- | M] () -- C:\Users\*****\jagex_runescape_preferences.dat
[2011/12/04 06:35:28 | 000,000,040 | ---- | M] () -- C:\Users\*****\jagex_cl_runescape_LIVE.dat
[2011/12/04 04:45:07 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/04 04:45:07 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/04 04:45:07 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/03 12:58:22 | 000,000,099 | ---- | M] () -- C:\Users\*****\jagex_runescape_preferences2.dat
[2011/11/30 16:18:42 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/30 16:18:42 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/30 16:18:22 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/30 13:44:50 | 000,328,041 | ---- | M] () -- C:\Users\*****\Desktop\CampusMapPHC.pdf
[2011/11/29 21:41:21 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/29 21:40:43 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/21 17:54:28 | 000,003,729 | ---- | M] () -- C:\Users\*****\Desktop\Yue.rtf
[2011/11/18 22:47:33 | 000,000,725 | ---- | M] () -- C:\Users\*****\Desktop\Battlefield 3.lnk
[2011/11/14 11:13:52 | 000,036,131 | ---- | M] () -- C:\Users\*****\Desktop\premonly.php
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 15:48:33 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/12/09 15:06:30 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/09 15:06:30 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/09 13:06:31 | 000,236,455 | ---- | C] () -- C:\Users\*****\Desktop\diskmanagement.jpg
[2011/12/08 19:53:30 | 000,302,592 | ---- | C] () -- C:\Users\*****\Desktop\tpttg2bx.exe
[2011/12/08 19:04:54 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/12/08 19:00:49 | 000,731,136 | ---- | C] () -- C:\Users\*****\Desktop\avenger.exe
[2011/12/08 19:00:25 | 000,724,952 | ---- | C] () -- C:\Users\*****\Desktop\avenger.zip
[2011/12/08 18:51:29 | 000,684,297 | ---- | C] () -- C:\Users\*****\Desktop\unhide.exe
[2011/12/08 18:33:40 | 000,568,832 | ---- | C] () -- C:\Users\*****\Desktop\BTKR_RunBox.exe
[2011/12/08 16:10:47 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/06 22:33:13 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/06 21:47:29 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/06 21:47:28 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job
[2011/12/06 21:47:09 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/12/05 16:05:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 15:24:14 | 000,001,750 | ---- | C] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/12/05 15:24:13 | 000,001,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/12/05 10:36:07 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/05 10:36:07 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/05 08:22:53 | 000,001,288 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/03 12:55:42 | 000,000,040 | ---- | C] () -- C:\Users\*****\jagex_cl_runescape_LIVE.dat
[2011/11/30 13:44:36 | 000,328,041 | ---- | C] () -- C:\Users\*****\Desktop\CampusMapPHC.pdf
[2011/11/20 17:37:13 | 000,003,729 | ---- | C] () -- C:\Users\*****\Desktop\Yue.rtf
[2011/11/18 22:47:33 | 000,000,725 | ---- | C] () -- C:\Users\*****\Desktop\Battlefield 3.lnk
[2011/11/14 11:13:49 | 000,036,131 | ---- | C] () -- C:\Users\*****\Desktop\premonly.php
[2011/11/07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/02 06:00:21 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/20 19:22:37 | 000,007,598 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/26 11:29:18 | 000,000,084 | ---- | C] () -- C:\Windows\netdet.ini
[2011/01/26 09:48:25 | 000,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2010/10/11 23:14:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/10 10:00:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/27 21:10:52 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/27 21:10:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/04 01:13:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/08 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Azureus
[2011/05/17 06:24:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CheckPoint
[2011/03/22 01:25:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Darkfall
[2010/09/05 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Darkfall US
[2011/01/23 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Elluminate
[2010/12/19 02:51:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2011/12/09 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2010/11/24 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mumble
[2011/08/07 08:12:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy
[2011/11/04 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2011/08/27 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RIFT
[2011/01/26 09:53:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Smith Micro
[2011/11/11 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2010/09/06 02:12:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sytexis Software
[2011/12/08 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011/12/05 15:35:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wireshark
[2011/12/09 23:48:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\XBMC
[2011/10/09 13:02:35 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/10 05:47:00 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 54d67361-03e2-49ad-bcf6-aded24f7238d.job
[2011/12/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 885acdd6-d46e-4414-89e8-cdb211f0eb01.job

========== Purity Check ==========

 

< End of report >

Attached Files

  • Attached File  OTL.Txt   90.28KB   25 downloads

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent - lets do a final sweep for orphans

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#14
Flotsaf

Flotsaf

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8348

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/10/2011 1:27:19 PM
mbam-log-2011-12-10 (13-27-19).txt

Scan type: Quick scan
Objects scanned: 178763
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP