Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

removing google rediect virus: OTL.TEXT REPORT


  • Please log in to reply

#1
Gedidrum

Gedidrum

    New Member

  • Member
  • Pip
  • 3 posts
OTL logfile created on 15122013 230510 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = CDocuments and SettingsUserMy DocumentsDownloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale 00000809 Country United Kingdom Language ENG Date Format ddMMyyyy

1023.47 Mb Total Physical Memory 338.48 Mb Available Physical Memory 33.07% Memory free
1.65 Gb Paging File 0.54 Gb Available in Paging File 32.50% Paging File free
Paging file location(s) Cpagefile.sys 768 1536 [binary data]

%SystemDrive% = C %SystemRoot% = CWINDOWS %ProgramFiles% = CProgram Files
Drive C 233.80 Gb Total Space 177.72 Gb Free Space 76.01% Space Free Partition Type NTFS

Computer Name USER-E47CBF54B3 User Name User Logged in as Administrator.
Boot Mode Normal Scan Mode Current user Quick Scan
Company Name Whitelist On Skip Microsoft Files On No Company Name Whitelist On File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[color]

PRC - [20131215 225530 000,602,112 ---- M] (OldTimer Tools) -- CDocuments and SettingsUserMy DocumentsDownloadsOTL.scr
PRC - [20131212 232600 000,182,696 ---- M] (Oracle Corporation) -- CProgram FilesJavajre7binjqs.exe
PRC - [20131206 235359 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopsched.exe
PRC - [20131206 235317 000,431,672 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopavshadow.exe
PRC - [20131206 235308 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopavguard.exe
PRC - [20131206 235306 000,683,576 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopavgnt.exe
PRC - [20131206 145123 000,295,512 ---- M] (RealNetworks, Inc.) -- CProgram FilesRealRealPlayerUpdaterealsched.exe
PRC - [20131202 185950 002,484,504 ---- M] (Trusteer Ltd.) -- CProgram FilesTrusteerRapportbinRapportService.exe
PRC - [20131202 185950 001,444,120 ---- M] (Trusteer Ltd.) -- CProgram FilesTrusteerRapportbinRapportMgmtService.exe
PRC - [20131118 215936 000,590,352 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgcsrvx.exe
PRC - [20131116 001237 000,275,568 ---- M] (Mozilla Corporation) -- CProgram FilesMozilla Firefoxfirefox.exe
PRC - [20131111 220214 003,478,544 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgidsagent.exe
PRC - [20131109 005125 000,166,352 ---- M] (APN LLC.) -- CProgram FilesAskPartnerNetworkToolbarapnmcp.exe
PRC - [20131109 005117 001,707,472 ---- M] (APN) -- CProgram FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe
PRC - [20131107 220350 004,956,176 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgui.exe
PRC - [20131107 220048 000,680,976 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgemcx.exe
PRC - [20131028 232402 000,729,648 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgrsx.exe
PRC - [20131028 231736 000,892,976 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgnsx.exe
PRC - [20131023 150110 000,022,208 ---- M] (Microsoft Corporation) -- cProgram FilesMicrosoft Security ClientMsMpEng.exe
PRC - [20131023 145528 000,948,440 ---- M] (Microsoft Corporation) -- CProgram FilesMicrosoft Security Clientmsseces.exe
PRC - [20130924 013544 001,358,944 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgfws.exe
PRC - [20130924 013308 000,348,008 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgwdsvc.exe
PRC - [20130814 151922 000,039,056 ---- M] () -- CProgram FilesRealNetworksRealDownloaderrndlresolversvc.exe
PRC - [20130122 145128 002,011,824 ---- M] (Alcatel-Lucent) -- CProgram FilesBT Broadband Desktop HelpbtbbBTHelpNotifier.exe
PRC - [20121127 105324 000,376,144 ---- M] (Alcatel-Lucent) -- CProgram FilesCommon FilesMotivepcCMService.exe
PRC - [20110117 190858 011,322,880 ---- M] (OpenOffice.org) -- CProgram FilesOpenOffice.org 3programsoffice.exe
PRC - [20110117 190858 011,314,688 ---- M] (OpenOffice.org) -- CProgram FilesOpenOffice.org 3programsoffice.bin
PRC - [20080414 120000 001,033,728 ---- M] (Microsoft Corporation) -- CWINDOWSexplorer.exe
PRC - [20030610 111228 000,055,296 ---- M] (Realtek Semiconductor Corp.) -- CWINDOWSSOUNDMAN.EXE
PRC - [19981223 215154 000,045,568 ---- M] (Microsoft Corporation) -- CProgram FilesMicrosoft OfficeOffice1033OLFSNT40.EXE


[color=#E56717]========== Modules (No Company Name) ==========[color]

MOD - [20131206 235404 000,394,808 ---- M] () -- CProgram FilesAviraAntiVir Desktopsqlite3.dll
MOD - [20131116 001138 003,363,952 ---- M] () -- CProgram FilesMozilla Firefoxmozjs.dll
MOD - [20131102 222925 001,127,152 ---- M] () -- CDocuments and SettingsAll UsersApplication DataTrusteerRapportstoreextsRapportMSbaselineRapportMS.dll
MOD - [20130814 151922 000,039,056 ---- M] () -- CProgram FilesRealNetworksRealDownloaderrndlresolversvc.exe
MOD - [20120627 140906 000,557,056 ---- M] () -- CProgram FilesTrusteerRapportbinjs32.dll
MOD - [20120214 191341 000,985,088 ---- M] () -- CProgram FilesOpenOffice.org 3programlibxml2.dll
MOD - [20061022 112200 000,212,992 ---- M] () -- CWINDOWSsystem32nvapi.dll


[color=#E56717]========== Services (SafeList) ==========[color]

SRV - File not found [Disabled Stopped] -- %SystemRoot%System32hidserv.dll -- (HidServ)
SRV - [20131212 232600 000,182,696 ---- M] (Oracle Corporation) [Auto Running] -- CProgram FilesJavajre7binjqs.exe -- (JavaQuickStarterService)
SRV - [20131211 173446 000,257,416 ---- M] (Adobe Systems Incorporated) [On_Demand Stopped] -- CWINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [20131206 235359 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) [Auto Running] -- CProgram FilesAviraAntiVir Desktopsched.exe -- (AntiVirSchedulerService)
SRV - [20131206 235319 001,164,360 ---- M] (Avira Operations GmbH & Co. KG) [Disabled Stopped] -- CProgram FilesAviraAntiVir Desktopavwebgrd.exe -- (AntiVirWebService)
SRV - [20131206 235308 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) [Auto Running] -- CProgram FilesAviraAntiVir Desktopavguard.exe -- (AntiVirService)
SRV - [20131202 185950 001,444,120 ---- M] (Trusteer Ltd.) [Auto Running] -- CProgram FilesTrusteerRapportbinRapportMgmtService.exe -- (RapportMgmtService)
SRV - [20131116 001232 000,119,408 ---- M] (Mozilla Foundation) [On_Demand Stopped] -- CProgram FilesMozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)
SRV - [20131111 220214 003,478,544 ---- M] (AVG Technologies CZ, s.r.o.) [Auto Running] -- CProgram FilesAVGAVG2014avgidsagent.exe -- (AVGIDSAgent)
SRV - [20131109 005125 000,166,352 ---- M] (APN LLC.) [Auto Running] -- CProgram FilesAskPartnerNetworkToolbarapnmcp.exe -- (APNMCP)
SRV - [20131023 150110 000,022,208 ---- M] (Microsoft Corporation) [Auto Running] -- cProgram FilesMicrosoft Security ClientMsMpEng.exe -- (MsMpSvc)
SRV - [20130924 013544 001,358,944 ---- M] (AVG Technologies CZ, s.r.o.) [Auto Running] -- CProgram FilesAVGAVG2014avgfws.exe -- (avgfws)
SRV - [20130924 013308 000,348,008 ---- M] (AVG Technologies CZ, s.r.o.) [Auto Running] -- CProgram FilesAVGAVG2014avgwdsvc.exe -- (avgwd)
SRV - [20130814 151922 000,039,056 ---- M] () [Auto Running] -- CProgram FilesRealNetworksRealDownloaderrndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [20121127 105324 000,376,144 ---- M] (Alcatel-Lucent) [Auto Running] -- CProgram FilesCommon FilesMotivepcCMService.exe -- (pcCMService)


[color=#E56717]========== Driver Services (SafeList) ==========[color]

DRV - File not found [Kernel On_Demand Stopped] -- -- (WDICA)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDRELI)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel System Stopped] -- -- (PCIDump)
DRV - File not found [Kernel On_Demand Stopped] -- CPROGRA~1COMMON~1MotiveMRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel On_Demand Stopped] -- CPROGRA~1COMMON~1MotiveMREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel System Stopped] -- cDocuments and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6F15797E-A17F-46F3-8B0B-65B988D21E45}MpKsl1256b5a0.sys -- (MpKsl1256b5a0)
DRV - File not found [Kernel System Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel System Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel System Stopped] -- -- (Changer)
DRV - [20131206 235420 000,028,520 ---- M] (Avira GmbH) [Kernel System Running] -- CWINDOWSsystem32driversssmdrv.sys -- (ssmdrv)
DRV - [20131206 235419 000,137,208 ---- M] (Avira Operations GmbH & Co. KG) [Kernel System Running] -- CWINDOWSsystem32driversavipbb.sys -- (avipbb)
DRV - [20131206 235419 000,090,400 ---- M] (Avira Operations GmbH & Co. KG) [File_System Auto Running] -- CWINDOWSsystem32driversavgntflt.sys -- (avgntflt)
DRV - [20131206 235419 000,037,352 ---- M] (Avira Operations GmbH & Co. KG) [Kernel System Running] -- CWINDOWSsystem32driversavkmgr.sys -- (avkmgr)
DRV - [20131202 190004 000,155,704 ---- M] (Trusteer Ltd.) [Kernel System Running] -- CProgram FilesTrusteerRapportbinRapportEI.sys -- (RapportEI)
DRV - [20131202 190004 000,107,256 ---- M] (Trusteer Ltd.) [Kernel On_Demand Stopped] -- CWINDOWSsystem32driversRapportKELL.sys -- (RapportKELL)
DRV - [20131202 190002 000,228,888 ---- M] (Trusteer Ltd.) [Kernel System Running] -- CProgram FilesTrusteerRapportbinRapportPG.sys -- (RapportPG)
DRV - [20131105 215048 000,120,600 ---- M] (AVG Technologies CZ, s.r.o.) [File_System System Running] -- CWINDOWSsystem32driversavgdiskx.sys -- (Avgdiskx)
DRV - [20131104 215730 000,209,176 ---- M] (AVG Technologies CZ, s.r.o.) [File_System System Running] -- CWINDOWSsystem32driversavgidsdriverx.sys -- (AVGIDSDriver)
DRV - [20131102 222917 000,340,432 ---- M] () [Kernel System Running] -- CDocuments and SettingsAll UsersApplication DataTrusteerRapportstoreextsRapportCerberusbaselineRapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [20131031 230028 000,176,952 ---- M] (AVG Technologies CZ, s.r.o.) [File_System System Running] -- CWINDOWSsystem32driversavgldx86.sys -- (Avgldx86)
DRV - [20131031 223008 000,222,520 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavglogx.sys -- (Avglogx)
DRV - [20131024 222832 000,147,768 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavgidshx.sys -- (AVGIDSHX)
DRV - [20131001 004938 000,102,712 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavgmfx86.sys -- (Avgmfx86)
DRV - [20130917 005726 000,022,840 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel System Running] -- CWINDOWSsystem32driversavgidsshimx.sys -- (AVGIDSShim)
DRV - [20130910 004320 000,027,448 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavgrkx86.sys -- (Avgrkx86)
DRV - [20130801 160852 000,193,848 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel System Running] -- CWINDOWSsystem32driversavgtdix.sys -- (Avgtdix)
DRV - [20130122 145126 000,021,248 ---- M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel On_Demand Stopped] -- CProgram FilesCommon FilesMotiveMREMP50.sys -- (MREMP50)
DRV - [20130122 145126 000,020,096 ---- M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel On_Demand Running] -- CProgram FilesCommon FilesMotiveMRESP50.sys -- (MRESP50)
DRV - [20120112 195206 000,030,944 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel On_Demand Stopped] -- CWINDOWSsystem32driversavgfwdx.sys -- (Avgfwfd)
DRV - [20120112 195206 000,030,944 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel On_Demand Running] -- CWINDOWSsystem32driversavgfwdx.sys -- (Avgfwdx)
DRV - [20120105 133528 000,066,944 ---- M] (TOSHIBA Corporation) [File_System Auto Running] -- CWINDOWSsystem32driversthdudf.sys -- (thdudf)
DRV - [20080414 001530 000,010,624 ---- M] (Microsoft Corporation) [Kernel On_Demand Running] -- CWINDOWSsystem32driversgameenum.sys -- (gameenum)
DRV - [20030619 073018 000,752,764 ---- M] (Realtek Semiconductor Corp.) [Kernel On_Demand Running] -- CWINDOWSsystem32driversALCXWDM.SYS -- (ALCXWDM)
DRV - [20030619 064136 000,064,512 R--- M] (Realtek Semiconductor Corporation ) [Kernel On_Demand Running] -- CWINDOWSsystem32driversRtlnic51.sys -- (RTL8023)
DRV - [20030612 103146 000,075,904 ---- M] (VIA Technologies inc,.ltd) [Kernel Boot Running] -- CWINDOWSsystem32driversviasraid.sys -- (viasraid)
DRV - [20021227 044100 000,026,880 ---- M] (VIA Technologies, Inc.) [Kernel Boot Running] -- CWINDOWSsystem32driversVIAAGP1.SYS -- (viaagp1)
DRV - [20010817 140004 000,002,944 ---- M] (Microsoft Corporation) [Kernel On_Demand Running] -- CWINDOWSsystem32driversmsmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[color]


[color=#E56717]========== Internet Explorer ==========[color]

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = httpsearch.live.comresults.aspxq={searchTerms}&src={referrersource}

IE - HKCU..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = httpwww.bing.comsearchq={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = httpsearch.conduit.comResultsExt.aspxq={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings ProxyEnable = 0

[color=#E56717]========== FireFox ==========[color]

FF - prefs.js..browser.search.defaultenginename Yahoo.co.uk
FF - prefs.js..browser.search.selectedEngine Yahoo.co.uk
FF - prefs.js..browser.search.suggest.enabled false
FF - prefs.js..extensions.enabledAddons %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D25.0.1
FF - prefs.js..extensions.enabledItems {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}6.0.22
FF - prefs.js..extensions.enabledItems jqs@sun.com1.0
FF - prefs.js..extensions.enabledItems {ABDE892B-13A8-4d1b-88E6-365A6E755758}15.0.2
FF - prefs.js..extensions.enabledItems plugin@yontoo.com1.20.00
FF - prefs.js..extensions.enabledItems {687578b9-7132-4a7a-80e4-30ee31099e03}3.12.0.8


FF - HKLMSoftwareMozillaPlugins@adobe.comFlashPlayer CWINDOWSsystem32MacromedFlashNPSWF32_11_9_900_170.dll ()
FF - HKLMSoftwareMozillaPlugins@java.comDTPlugin,version=10.45.2 CProgram FilesJavajre7bindtpluginnpDeployJava1.dll (Oracle Corporation)
FF - HKLMSoftwareMozillaPlugins@java.comJavaPlugin,version=10.45.2 CProgram FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.comWPF,version=3.5 cWINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@Motive.comNpMotive,version=1.0 CProgram FilesCommon FilesMotivenpMotive.dll (Alcatel-Lucent)
FF - HKLMSoftwareMozillaPlugins@Motive.comnpMotiveRequest,version=1.0 CProgram FilesCommon FilesMotivenpMotiveRequest.dll (Alcatel-Lucent)
FF - HKLMSoftwareMozillaPlugins@real.comnppl3260;version=16.0.3.51 cprogram filesrealrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprndlchromebrowserrecordext;version=1.3.3 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsMozillaPluginsnprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprndlhtml5videoshim;version=1.3.3 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsMozillaPluginsnprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprndlpepperflashvideoshim;version=1.3.3 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsMozillaPluginsnprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprpplugin;version=16.0.3.51 cprogram filesrealrealplayerNetscape6nprpplugin.dll (RealPlayer)
FF - HKLMSoftwareMozillaPlugins@realnetworks.comnpdlplugin;version=1 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsnpdlplugin.dll (RealDownloader)
FF - HKLMSoftwareMozillaPlugins@tools.google.comGoogle Update;version=3 CProgram FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.comGoogle Update;version=9 CProgram FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader CProgram FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt [20131206 145348 000,000,000 ---D M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{ABDE892B-13A8-4d1b-88E6-365A6E755758} CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt [20131206 145348 000,000,000 ---D M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0.1extensionsComponents CProgram FilesMozilla Firefoxcomponents [20131116 001117 000,000,000 ---D M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0.1extensionsPlugins CProgram FilesMozilla Firefoxplugins [20131212 232707 000,000,000 ---D M]

[20101123 130840 000,000,000 ---D M] (No name found) -- CDocuments and SettingsUserApplication DataMozillaExtensions
[20131211 191300 000,000,000 ---D M] (No name found) -- CDocuments and SettingsUserApplication DataMozillaFirefoxProfilesg7p9ierk.defaultextensions
[20131107 183113 000,000,000 ---D M] (uTorrentControl2) -- CDocuments and SettingsUserApplication DataMozillaFirefoxProfilesg7p9ierk.defaultextensions{687578b9-7132-4a7a-80e4-30ee31099e03}
[20131116 001117 000,000,000 ---D M] (No name found) -- CProgram FilesMozilla Firefoxextensions
[20131116 001116 000,000,000 ---D M] (No name found) -- CProgram FilesMozilla Firefoxbrowserextensions
[20131116 001239 000,000,000 ---D M] (Default) -- CProgram FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[20131206 145148 000,124,504 ---- M] (RealPlayer) -- CProgram Filesmozilla firefoxpluginsnprpplugin.dll

[color=#E56717]========== Chrome ==========[color]

CHR - default_search_provider Google (Enabled)
CHR - default_search_provider search_url = {googlebaseURL}searchq={searchTerms}&{googleRLZ}{googleoriginalQueryForSuggestion}{googleassistedQueryStats}{googlesearchFieldtrialParameter}{googlebookmarkBarPinned}{googlesearchClient}{googlesourceId}{googleinstantExtendedEnabledParameter}{googleomniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider suggest_url = {googlebaseSuggestURL}search{googlesearchFieldtrialParameter}client={googlesuggestClient}&q={searchTerms}&{googlecursorPosition}{googlezeroPrefixUrl}{googlepageClassification}sugkey={googlesuggestAPIKeyParameter},
CHR - homepage httpwww.google.com
CHR - plugin Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin Native Client (Enabled) = CProgram FilesGoogleChromeApplication31.0.1650.63ppGoogleNaClPluginChrome.dll
CHR - plugin Chrome PDF Viewer (Enabled) = CProgram FilesGoogleChromeApplication31.0.1650.63pdf.dll
CHR - plugin Shockwave Flash (Enabled) = CProgram FilesGoogleChromeApplication31.0.1650.63gcswf32.dll
CHR - plugin Shockwave Flash (Enabled) = CWINDOWSsystem32MacromedFlashNPSWF32.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin2.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin3.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin4.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin5.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin6.dll
CHR - plugin Java Deployment Toolkit 6.0.220.4 (Enabled) = CProgram FilesJavajre6binnew_pluginnpdeployJava1.dll
CHR - plugin Java™ Platform SE 6 U22 (Enabled) = CProgram FilesJavajre6binnew_pluginnpjp2.dll
CHR - plugin RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = CProgram FilesMozilla Firefoxpluginsnppl3260.dll
CHR - plugin RealPlayer Version Plugin (Enabled) = CProgram FilesMozilla Firefoxpluginsnprpjplug.dll
CHR - plugin RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll
CHR - plugin RealJukebox NS Plugin (Enabled) = CProgram FilesMozilla Firefoxpluginsnprjplug.dll
CHR - plugin Microsoftu00AE DRM (Enabled) = CProgram FilesWindows Media Playernpdrmv2.dll
CHR - plugin Microsoftu00AE DRM (Enabled) = CProgram FilesWindows Media Playernpwmsdrm.dll
CHR - plugin Windows Media Player Plug-in Dynamic Link Library (Enabled) = CProgram FilesWindows Media Playernpdsplay.dll
CHR - plugin RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll
CHR - plugin Motive Plugin (Enabled) = CProgram FilesCommon FilesMotivenpMotive.dll
CHR - plugin Google Update (Enabled) = CProgram FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll
CHR - Extension Motive Extension = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsedmgmpmklgfbohogafcfobonnkogchec1.0_0
CHR - Extension RealDownloader = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsidhngdhcfkoamngbedgpaokgjbnpdiji1.3.3_0
CHR - Extension Google Wallet = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.5.0_0
CHR - Extension uTorrentControl2 = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspacgpkgadgmibnhpdidcnfafllnmeomc10.22.3.518_0
CHR - Extension uTorrentControl2 = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspacgpkgadgmibnhpdidcnfafllnmeomc10.22.3.518_0nativeMessagingnmHost

O1 HOSTS File ([20080414 120000 000,000,734 ---- M]) - CWINDOWSsystem32driversetchosts
O1 - Hosts 127.0.0.1 localhost
O2 - BHO (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsIErndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre7binssv.dll (Oracle Corporation)
O2 - BHO (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgram FilesJavajre7binjp2ssv.dll (Oracle Corporation)
O4 - HKLM..Run [ApnTBMon] CProgram FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe (APN)
O4 - HKLM..Run [AVG_UI] CProgram FilesAVGAVG2014avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..Run [avgnt] CProgram FilesAviraAntiVir Desktopavgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..Run [btbb_McciTrayApp] CProgram FilesBT Broadband Desktop HelpbtbbBTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..Run [MSC] cProgram FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4 - HKLM..Run [NeroFilterCheck] CWINDOWSsystem32NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..Run [NvCplDaemon] CWINDOWSSystem32NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..Run [NvMediaCenter] CWINDOWSSystem32NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..Run [nwiz] CWINDOWSSystem32nwiz.exe ()
O4 - HKLM..Run [SoundMan] CWINDOWSSOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..Run [TkBellExe] Cprogram filesrealrealplayerupdaterealsched.exe (RealNetworks, Inc.)
O4 - HKCU..Run [TBHostSupport] CDocuments and SettingsUserLocal SettingsApplication DataTBHostSupportTBHostSupport.dll (Conduit Ltd.)
O4 - HKCU..Run [uTorrent] CProgram FilesuTorrentuTorrent.exe MINIMIZED File not found
O4 - Startup CDocuments and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk = CProgram FilesMicrosoft OfficeOfficeOSA9.EXE (Microsoft Corporation)
O4 - Startup CDocuments and SettingsAll UsersStart MenuProgramsStartupSymantec Fax Starter Edition Port.lnk = CProgram FilesMicrosoft OfficeOffice1033OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup CDocuments and SettingsUserStart MenuProgramsStartupOpenOffice.org 3.3.lnk = CProgram FilesOpenOffice.org 3programquickstart.exe ()
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer NoCDBurning = 0
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9Catalog_Entries000000000001 - CProgram FilesAviraAntiVir Desktopavsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9Catalog_Entries000000000002 - CProgram FilesAviraAntiVir Desktopavsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9Catalog_Entries000000000014 - CProgram FilesAviraAntiVir Desktopavsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLMSystemCCSServicesTcpipParameters DhcpNameServer = 192.168.1.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{3CA048F0-EAD0-459D-827C-2C7C859AFE40} DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon Shell - (Explorer.exe) - CWINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon UserInit - (CWINDOWSsystem32userinit.exe) - CWINDOWSsystem32userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper CDocuments and SettingsUserLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 - Desktop BackupWallPaper CDocuments and SettingsUserLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O32 - HKLM CDRom AutoRun - 1
O32 - AutoRun File - [20101123 121056 000,000,000 ---- M] () - CAUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute (autocheck autochk )
O34 - HKLM BootExecute (CPROGRA~1AVGAVG2014avgrsx.exe sync restart)
O35 - HKLM..comfile [open] -- %1 %
O35 - HKLM..exefile [open] -- %1 %
O37 - HKLM...com [@ = comfile] -- %1 %
O37 - HKLM...exe [@ = exefile] -- %1 %
O38 - SubSystemsWindows (ServerDll=winsrvUserServerDllInitialization,3)
O38 - SubSystemsWindows (ServerDll=winsrvConServerDllInitialization,2)

NetSvcs 6to4 - File not found
NetSvcs HidServ - %SystemRoot%System32hidserv.dll File not found
NetSvcs Ias - File not found
NetSvcs Iprip - File not found
NetSvcs Irmon - File not found
NetSvcs NWCWorkstation - File not found
NetSvcs Nwsapagent - File not found
NetSvcs WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set OTL Restore Point

[color=#E56717]========== FilesFolders - Created Within 30 Days ==========[color]

[20131214 011914 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataSun
[20131212 232956 000,000,000 ---D C] -- CProgram FilesAskPartnerNetwork
[20131212 232956 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAskPartnerNetwork
[20131212 232927 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAPN
[20131212 232717 000,000,000 ---D C] -- CProgram FilesCommon FilesJava
[20131212 232645 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsJava
[20131212 232539 000,000,000 ---D C] -- CProgram FilesJava
[20131212 230957 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataAVG2014
[20131212 230859 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsAVG
[20131212 230858 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataTuneUp Software
[20131212 230721 000,000,000 -H-D C] -- C$AVG
[20131212 230721 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAVG2014
[20131212 230643 000,000,000 ---D C] -- CProgram FilesAVG
[20131212 230332 000,000,000 -H-D C] -- CDocuments and SettingsAll UsersApplication DataCommon Files
[20131212 230331 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataMFAData
[20131212 230331 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataMFAData
[20131212 230331 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataAvg2014
[20131208 001720 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataSwvUpdater
[20131208 001712 000,000,000 ---D C] -- CProgram FilesRe-markit
[20131207 001849 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataAvira
[20131207 001404 000,000,000 ---D C] -- CDocuments and SettingsLocalServiceApplication DataRealNetworks
[20131207 001119 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsAvira
[20131207 001106 000,028,520 ---- C] (Avira GmbH) -- CWINDOWSSystem32driversssmdrv.sys
[20131207 001056 000,137,208 ---- C] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavipbb.sys
[20131207 001056 000,090,400 ---- C] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavgntflt.sys
[20131207 001056 000,037,352 ---- C] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavkmgr.sys
[20131207 001051 000,000,000 ---D C] -- CProgram FilesAvira
[20131207 001051 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAvira
[20131206 235937 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataNativeMessaging
[20131206 235932 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataWhiteListing
[20131206 235928 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataTBHostSupport
[20131206 150115 000,000,000 ---D C] -- CProgram FilesNosibay
[20131206 145641 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataNosibay
[20131206 145527 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataOpenCandy
[20131206 145345 000,000,000 ---D C] -- CProgram FilesRealNetworks
[20131206 145341 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataRealNetworks
[20131206 145315 000,000,000 ---D C] -- CProgram FilesCommon Filesxing shared
[20131206 145135 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsRealNetworks
[20131206 145134 000,272,896 ---- C] (Progressive Networks) -- CWINDOWSSystem32pncrt.dll
[20131202 190004 000,107,256 ---- C] (Trusteer Ltd.) -- CWINDOWSSystem32driversRapportKELL.sys
[20131127 204621 000,000,000 ---D C] -- CProgram FilesMicrosoft.NET
[20131116 001116 000,000,000 ---D C] -- CProgram FilesMozilla Firefox
[19981209 025354 000,186,368 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRAREG.DLL
[19981209 025354 000,099,840 ---- C] (Symantec Corp.) -- CProgram FilesCommon FilesIRAABOUT.DLL
[19981209 025354 000,070,144 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRAMDMTR.DLL
[19981209 025354 000,048,640 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRALPTTR.DLL
[19981209 025354 000,031,744 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRAWEBTR.DLL
[19981209 025354 000,017,920 ---- C] (Symantec Corp.) -- CProgram FilesCommon FilesIRASRIAL.DLL
[6 CWINDOWSSystem32.tmp files - CWINDOWSSystem32.tmp - ]
[3 CWINDOWS.tmp files - CWINDOWS.tmp - ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[color]

[20131215 223941 000,000,384 -H-- M] () -- CWINDOWStasksMicrosoft Antimalware Scheduled Scan.job
[20131215 223405 000,000,882 ---- M] () -- CWINDOWStasksGoogleUpdateTaskMachineUA.job
[20131215 223305 000,000,830 ---- M] () -- CWINDOWStasksAdobe Flash Player Updater.job
[20131215 223246 000,088,566 ---- M] () -- CWINDOWSSystem32nvapps.xml
[20131215 223233 000,000,392 ---- M] () -- CWINDOWStasksAmiUpdXp.job
[20131215 223152 000,000,276 ---- M] () -- CWINDOWStasksRealUpgradeLogonTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131215 223151 000,000,276 ---- M] () -- CWINDOWStasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131215 223150 000,000,284 ---- M] () -- CWINDOWStasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131215 223148 000,002,206 ---- M] () -- CWINDOWSSystem32wpa.dbl
[20131215 223118 000,000,878 ---- M] () -- CWINDOWStasksGoogleUpdateTaskMachineCore.job
[20131215 222925 000,002,048 --S- M] () -- CWINDOWSbootstat.dat
[20131215 222921 1073,258,496 -HS- M] () -- Chiberfil.sys
[20131212 230859 000,000,702 ---- M] () -- CDocuments and SettingsAll UsersDesktopAVG 2014.lnk
[20131212 224223 000,146,016 ---- M] () -- CWINDOWSSystem32FNTCACHE.DAT
[20131211 194853 000,001,393 ---- M] () -- CWINDOWSimsins.BAK
[20131208 003513 000,000,116 ---- M] () -- CWINDOWSNeroDigital.ini
[20131207 001119 000,001,707 ---- M] () -- CDocuments and SettingsAll UsersDesktopAvira Control Center.lnk
[20131206 235420 000,028,520 ---- M] (Avira GmbH) -- CWINDOWSSystem32driversssmdrv.sys
[20131206 235419 000,137,208 ---- M] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavipbb.sys
[20131206 235419 000,090,400 ---- M] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavgntflt.sys
[20131206 235419 000,037,352 ---- M] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavkmgr.sys
[20131206 145422 000,000,747 ---- M] () -- CDocuments and SettingsAll UsersDesktopRealPlayer.lnk
[20131206 145134 000,272,896 ---- M] (Progressive Networks) -- CWINDOWSSystem32pncrt.dll
[20131206 144145 000,000,284 ---- M] () -- CWINDOWStasksRealUpgradeScheduledTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131202 190004 000,107,256 ---- M] (Trusteer Ltd.) -- CWINDOWSSystem32driversRapportKELL.sys
[20131127 221100 000,472,894 ---- M] () -- CWINDOWSSystem32perfh009.dat
[20131127 221100 000,075,988 ---- M] () -- CWINDOWSSystem32perfc009.dat
[20131119 024413 000,001,945 ---- M] () -- CWINDOWSepplauncher.mif
[6 CWINDOWSSystem32.tmp files - CWINDOWSSystem32.tmp - ]
[3 CWINDOWS.tmp files - CWINDOWS.tmp - ]

[color=#E56717]========== Files Created - No Company Name ==========[color]

[20131212 230859 000,000,702 ---- C] () -- CDocuments and SettingsAll UsersDesktopAVG 2014.lnk
[20131208 001721 000,000,392 ---- C] () -- CWINDOWStasksAmiUpdXp.job
[20131207 001119 000,001,707 ---- C] () -- CDocuments and SettingsAll UsersDesktopAvira Control Center.lnk
[20131206 145602 000,000,284 ---- C] () -- CWINDOWStasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131206 145602 000,000,276 ---- C] () -- CWINDOWStasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131206 145422 000,000,747 ---- C] () -- CDocuments and SettingsAll UsersDesktopRealPlayer.lnk
[20131120 230657 000,000,384 -H-- C] () -- CWINDOWStasksMicrosoft Antimalware Scheduled Scan.job
[20120720 233050 000,000,169 ---- C] () -- CWINDOWSRtlRack.ini
[20120720 224506 000,558,133 ---- C] () -- CWINDOWSSystem32sqlite3.dll
[20120217 010915 000,003,072 ---- C] () -- CWINDOWSSystem32iacenc.dll
[20110713 230256 000,008,192 ---- C] () -- CDocuments and SettingsUserLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[color]

[20131017 230638 000,000,227 RHS- M] () -- CWINDOWSassemblyDesktop.ini

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
= %SystemRoot%system32shdocvw.dll -- [20100909 141630 001,510,400 ---- M] (Microsoft Corporation)
ThreadingModel = Apartment

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
= CWINDOWSsystem32wbemfastprox.dll -- [20090209 121048 000,473,600 ---- M] (Microsoft Corporation)
ThreadingModel = Free

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
= CWINDOWSsystem32wbemwbemess.dll -- [20080414 120000 000,273,920 ---- M] (Microsoft Corporation)
ThreadingModel = Both

[color=#E56717]========== LOP Check ==========[color]

[20131212 232927 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataAPN
[20131212 232956 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataAskPartnerNetwork
[20131212 230925 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataAVG2014
[20131212 230332 000,000,000 -H-D M] -- CDocuments and SettingsAll UsersApplication DataCommon Files
[20131215 225545 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataMFAData
[20131211 191311 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataTarma Installer
[20110912 173028 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataTrusteer
[20120414 231020 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataAunsoft
[20131212 230957 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataAVG2014
[20131206 145534 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataOpenCandy
[20120214 192752 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataOpenOffice.org
[20130305 231937 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataPriceGong
[20131208 001721 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataSwvUpdater
[20131212 230858 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataTuneUp Software

[color=#E56717]========== Purity Check ==========[color]



[color=#E56717]========== Custom Scans ==========[color]

[color=#A23BEC] %SYSTEMDRIVE%.exe [color]
[20071107 070318 000,562,688 ---- M] (Microsoft Corporation) -- Cinstall.exe

[color=#A23BEC] MD5 for EXPLORER.EXE [color]
[20080414 120000 001,033,728 ---- M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- CWINDOWSexplorer.exe
[20080414 120000 001,033,728 ---- M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- CWINDOWSsystem32dllcacheexplorer.exe

[color=#A23BEC] MD5 for SVCHOST.EXE [color]
[20080414 120000 000,014,336 ---- M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- CWINDOWSsystem32dllcachesvchost.exe
[20080414 120000 000,014,336 ---- M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- CWINDOWSsystem32svchost.exe

[color=#A23BEC] MD5 for USERINIT.EXE [color]
[20080414 120000 000,026,112 ---- M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- CWINDOWSsystem32dllcacheuserinit.exe
[20080414 120000 000,026,112 ---- M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- CWINDOWSsystem32userinit.exe

[color=#A23BEC] MD5 for WINLOGON.EXE [color]
[20080414 120000 000,507,904 ---- M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- CWINDOWSsystem32dllcachewinlogon.exe
[20080414 120000 000,507,904 ---- M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- CWINDOWSsystem32winlogon.exe

[color=#A23BEC] %systemroot%. mp s [color]

End of report
  • 0

Advertisements


#2
Gedidrum

Gedidrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL logfile created on 15122013 230510 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = CDocuments and SettingsUserMy DocumentsDownloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale 00000809 Country United Kingdom Language ENG Date Format ddMMyyyy

1023.47 Mb Total Physical Memory 338.48 Mb Available Physical Memory 33.07% Memory free
1.65 Gb Paging File 0.54 Gb Available in Paging File 32.50% Paging File free
Paging file location(s) Cpagefile.sys 768 1536 [binary data]

%SystemDrive% = C %SystemRoot% = CWINDOWS %ProgramFiles% = CProgram Files
Drive C 233.80 Gb Total Space 177.72 Gb Free Space 76.01% Space Free Partition Type NTFS

Computer Name USER-E47CBF54B3 User Name User Logged in as Administrator.
Boot Mode Normal Scan Mode Current user Quick Scan
Company Name Whitelist On Skip Microsoft Files On No Company Name Whitelist On File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[color]

PRC - [20131215 225530 000,602,112 ---- M] (OldTimer Tools) -- CDocuments and SettingsUserMy DocumentsDownloadsOTL.scr
PRC - [20131212 232600 000,182,696 ---- M] (Oracle Corporation) -- CProgram FilesJavajre7binjqs.exe
PRC - [20131206 235359 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopsched.exe
PRC - [20131206 235317 000,431,672 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopavshadow.exe
PRC - [20131206 235308 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopavguard.exe
PRC - [20131206 235306 000,683,576 ---- M] (Avira Operations GmbH & Co. KG) -- CProgram FilesAviraAntiVir Desktopavgnt.exe
PRC - [20131206 145123 000,295,512 ---- M] (RealNetworks, Inc.) -- CProgram FilesRealRealPlayerUpdaterealsched.exe
PRC - [20131202 185950 002,484,504 ---- M] (Trusteer Ltd.) -- CProgram FilesTrusteerRapportbinRapportService.exe
PRC - [20131202 185950 001,444,120 ---- M] (Trusteer Ltd.) -- CProgram FilesTrusteerRapportbinRapportMgmtService.exe
PRC - [20131118 215936 000,590,352 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgcsrvx.exe
PRC - [20131116 001237 000,275,568 ---- M] (Mozilla Corporation) -- CProgram FilesMozilla Firefoxfirefox.exe
PRC - [20131111 220214 003,478,544 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgidsagent.exe
PRC - [20131109 005125 000,166,352 ---- M] (APN LLC.) -- CProgram FilesAskPartnerNetworkToolbarapnmcp.exe
PRC - [20131109 005117 001,707,472 ---- M] (APN) -- CProgram FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe
PRC - [20131107 220350 004,956,176 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgui.exe
PRC - [20131107 220048 000,680,976 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgemcx.exe
PRC - [20131028 232402 000,729,648 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgrsx.exe
PRC - [20131028 231736 000,892,976 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgnsx.exe
PRC - [20131023 150110 000,022,208 ---- M] (Microsoft Corporation) -- cProgram FilesMicrosoft Security ClientMsMpEng.exe
PRC - [20131023 145528 000,948,440 ---- M] (Microsoft Corporation) -- CProgram FilesMicrosoft Security Clientmsseces.exe
PRC - [20130924 013544 001,358,944 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgfws.exe
PRC - [20130924 013308 000,348,008 ---- M] (AVG Technologies CZ, s.r.o.) -- CProgram FilesAVGAVG2014avgwdsvc.exe
PRC - [20130814 151922 000,039,056 ---- M] () -- CProgram FilesRealNetworksRealDownloaderrndlresolversvc.exe
PRC - [20130122 145128 002,011,824 ---- M] (Alcatel-Lucent) -- CProgram FilesBT Broadband Desktop HelpbtbbBTHelpNotifier.exe
PRC - [20121127 105324 000,376,144 ---- M] (Alcatel-Lucent) -- CProgram FilesCommon FilesMotivepcCMService.exe
PRC - [20110117 190858 011,322,880 ---- M] (OpenOffice.org) -- CProgram FilesOpenOffice.org 3programsoffice.exe
PRC - [20110117 190858 011,314,688 ---- M] (OpenOffice.org) -- CProgram FilesOpenOffice.org 3programsoffice.bin
PRC - [20080414 120000 001,033,728 ---- M] (Microsoft Corporation) -- CWINDOWSexplorer.exe
PRC - [20030610 111228 000,055,296 ---- M] (Realtek Semiconductor Corp.) -- CWINDOWSSOUNDMAN.EXE
PRC - [19981223 215154 000,045,568 ---- M] (Microsoft Corporation) -- CProgram FilesMicrosoft OfficeOffice1033OLFSNT40.EXE


[color=#E56717]========== Modules (No Company Name) ==========[color]

MOD - [20131206 235404 000,394,808 ---- M] () -- CProgram FilesAviraAntiVir Desktopsqlite3.dll
MOD - [20131116 001138 003,363,952 ---- M] () -- CProgram FilesMozilla Firefoxmozjs.dll
MOD - [20131102 222925 001,127,152 ---- M] () -- CDocuments and SettingsAll UsersApplication DataTrusteerRapportstoreextsRapportMSbaselineRapportMS.dll
MOD - [20130814 151922 000,039,056 ---- M] () -- CProgram FilesRealNetworksRealDownloaderrndlresolversvc.exe
MOD - [20120627 140906 000,557,056 ---- M] () -- CProgram FilesTrusteerRapportbinjs32.dll
MOD - [20120214 191341 000,985,088 ---- M] () -- CProgram FilesOpenOffice.org 3programlibxml2.dll
MOD - [20061022 112200 000,212,992 ---- M] () -- CWINDOWSsystem32nvapi.dll


[color=#E56717]========== Services (SafeList) ==========[color]

SRV - File not found [Disabled Stopped] -- %SystemRoot%System32hidserv.dll -- (HidServ)
SRV - [20131212 232600 000,182,696 ---- M] (Oracle Corporation) [Auto Running] -- CProgram FilesJavajre7binjqs.exe -- (JavaQuickStarterService)
SRV - [20131211 173446 000,257,416 ---- M] (Adobe Systems Incorporated) [On_Demand Stopped] -- CWINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [20131206 235359 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) [Auto Running] -- CProgram FilesAviraAntiVir Desktopsched.exe -- (AntiVirSchedulerService)
SRV - [20131206 235319 001,164,360 ---- M] (Avira Operations GmbH & Co. KG) [Disabled Stopped] -- CProgram FilesAviraAntiVir Desktopavwebgrd.exe -- (AntiVirWebService)
SRV - [20131206 235308 000,440,376 ---- M] (Avira Operations GmbH & Co. KG) [Auto Running] -- CProgram FilesAviraAntiVir Desktopavguard.exe -- (AntiVirService)
SRV - [20131202 185950 001,444,120 ---- M] (Trusteer Ltd.) [Auto Running] -- CProgram FilesTrusteerRapportbinRapportMgmtService.exe -- (RapportMgmtService)
SRV - [20131116 001232 000,119,408 ---- M] (Mozilla Foundation) [On_Demand Stopped] -- CProgram FilesMozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)
SRV - [20131111 220214 003,478,544 ---- M] (AVG Technologies CZ, s.r.o.) [Auto Running] -- CProgram FilesAVGAVG2014avgidsagent.exe -- (AVGIDSAgent)
SRV - [20131109 005125 000,166,352 ---- M] (APN LLC.) [Auto Running] -- CProgram FilesAskPartnerNetworkToolbarapnmcp.exe -- (APNMCP)
SRV - [20131023 150110 000,022,208 ---- M] (Microsoft Corporation) [Auto Running] -- cProgram FilesMicrosoft Security ClientMsMpEng.exe -- (MsMpSvc)
SRV - [20130924 013544 001,358,944 ---- M] (AVG Technologies CZ, s.r.o.) [Auto Running] -- CProgram FilesAVGAVG2014avgfws.exe -- (avgfws)
SRV - [20130924 013308 000,348,008 ---- M] (AVG Technologies CZ, s.r.o.) [Auto Running] -- CProgram FilesAVGAVG2014avgwdsvc.exe -- (avgwd)
SRV - [20130814 151922 000,039,056 ---- M] () [Auto Running] -- CProgram FilesRealNetworksRealDownloaderrndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [20121127 105324 000,376,144 ---- M] (Alcatel-Lucent) [Auto Running] -- CProgram FilesCommon FilesMotivepcCMService.exe -- (pcCMService)


[color=#E56717]========== Driver Services (SafeList) ==========[color]

DRV - File not found [Kernel On_Demand Stopped] -- -- (WDICA)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDRELI)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel On_Demand Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel System Stopped] -- -- (PCIDump)
DRV - File not found [Kernel On_Demand Stopped] -- CPROGRA~1COMMON~1MotiveMRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel On_Demand Stopped] -- CPROGRA~1COMMON~1MotiveMREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel System Stopped] -- cDocuments and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{6F15797E-A17F-46F3-8B0B-65B988D21E45}MpKsl1256b5a0.sys -- (MpKsl1256b5a0)
DRV - File not found [Kernel System Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel System Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel System Stopped] -- -- (Changer)
DRV - [20131206 235420 000,028,520 ---- M] (Avira GmbH) [Kernel System Running] -- CWINDOWSsystem32driversssmdrv.sys -- (ssmdrv)
DRV - [20131206 235419 000,137,208 ---- M] (Avira Operations GmbH & Co. KG) [Kernel System Running] -- CWINDOWSsystem32driversavipbb.sys -- (avipbb)
DRV - [20131206 235419 000,090,400 ---- M] (Avira Operations GmbH & Co. KG) [File_System Auto Running] -- CWINDOWSsystem32driversavgntflt.sys -- (avgntflt)
DRV - [20131206 235419 000,037,352 ---- M] (Avira Operations GmbH & Co. KG) [Kernel System Running] -- CWINDOWSsystem32driversavkmgr.sys -- (avkmgr)
DRV - [20131202 190004 000,155,704 ---- M] (Trusteer Ltd.) [Kernel System Running] -- CProgram FilesTrusteerRapportbinRapportEI.sys -- (RapportEI)
DRV - [20131202 190004 000,107,256 ---- M] (Trusteer Ltd.) [Kernel On_Demand Stopped] -- CWINDOWSsystem32driversRapportKELL.sys -- (RapportKELL)
DRV - [20131202 190002 000,228,888 ---- M] (Trusteer Ltd.) [Kernel System Running] -- CProgram FilesTrusteerRapportbinRapportPG.sys -- (RapportPG)
DRV - [20131105 215048 000,120,600 ---- M] (AVG Technologies CZ, s.r.o.) [File_System System Running] -- CWINDOWSsystem32driversavgdiskx.sys -- (Avgdiskx)
DRV - [20131104 215730 000,209,176 ---- M] (AVG Technologies CZ, s.r.o.) [File_System System Running] -- CWINDOWSsystem32driversavgidsdriverx.sys -- (AVGIDSDriver)
DRV - [20131102 222917 000,340,432 ---- M] () [Kernel System Running] -- CDocuments and SettingsAll UsersApplication DataTrusteerRapportstoreextsRapportCerberusbaselineRapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [20131031 230028 000,176,952 ---- M] (AVG Technologies CZ, s.r.o.) [File_System System Running] -- CWINDOWSsystem32driversavgldx86.sys -- (Avgldx86)
DRV - [20131031 223008 000,222,520 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavglogx.sys -- (Avglogx)
DRV - [20131024 222832 000,147,768 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavgidshx.sys -- (AVGIDSHX)
DRV - [20131001 004938 000,102,712 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavgmfx86.sys -- (Avgmfx86)
DRV - [20130917 005726 000,022,840 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel System Running] -- CWINDOWSsystem32driversavgidsshimx.sys -- (AVGIDSShim)
DRV - [20130910 004320 000,027,448 ---- M] (AVG Technologies CZ, s.r.o.) [File_System Boot Running] -- CWINDOWSsystem32driversavgrkx86.sys -- (Avgrkx86)
DRV - [20130801 160852 000,193,848 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel System Running] -- CWINDOWSsystem32driversavgtdix.sys -- (Avgtdix)
DRV - [20130122 145126 000,021,248 ---- M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel On_Demand Stopped] -- CProgram FilesCommon FilesMotiveMREMP50.sys -- (MREMP50)
DRV - [20130122 145126 000,020,096 ---- M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel On_Demand Running] -- CProgram FilesCommon FilesMotiveMRESP50.sys -- (MRESP50)
DRV - [20120112 195206 000,030,944 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel On_Demand Stopped] -- CWINDOWSsystem32driversavgfwdx.sys -- (Avgfwfd)
DRV - [20120112 195206 000,030,944 ---- M] (AVG Technologies CZ, s.r.o.) [Kernel On_Demand Running] -- CWINDOWSsystem32driversavgfwdx.sys -- (Avgfwdx)
DRV - [20120105 133528 000,066,944 ---- M] (TOSHIBA Corporation) [File_System Auto Running] -- CWINDOWSsystem32driversthdudf.sys -- (thdudf)
DRV - [20080414 001530 000,010,624 ---- M] (Microsoft Corporation) [Kernel On_Demand Running] -- CWINDOWSsystem32driversgameenum.sys -- (gameenum)
DRV - [20030619 073018 000,752,764 ---- M] (Realtek Semiconductor Corp.) [Kernel On_Demand Running] -- CWINDOWSsystem32driversALCXWDM.SYS -- (ALCXWDM)
DRV - [20030619 064136 000,064,512 R--- M] (Realtek Semiconductor Corporation ) [Kernel On_Demand Running] -- CWINDOWSsystem32driversRtlnic51.sys -- (RTL8023)
DRV - [20030612 103146 000,075,904 ---- M] (VIA Technologies inc,.ltd) [Kernel Boot Running] -- CWINDOWSsystem32driversviasraid.sys -- (viasraid)
DRV - [20021227 044100 000,026,880 ---- M] (VIA Technologies, Inc.) [Kernel Boot Running] -- CWINDOWSsystem32driversVIAAGP1.SYS -- (viaagp1)
DRV - [20010817 140004 000,002,944 ---- M] (Microsoft Corporation) [Kernel On_Demand Running] -- CWINDOWSsystem32driversmsmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[color]


[color=#E56717]========== Internet Explorer ==========[color]

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = httpsearch.live.comresults.aspxq={searchTerms}&src={referrersource}

IE - HKCU..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = httpwww.bing.comsearchq={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU..SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = httpsearch.conduit.comResultsExt.aspxq={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings ProxyEnable = 0

[color=#E56717]========== FireFox ==========[color]

FF - prefs.js..browser.search.defaultenginename Yahoo.co.uk
FF - prefs.js..browser.search.selectedEngine Yahoo.co.uk
FF - prefs.js..browser.search.suggest.enabled false
FF - prefs.js..extensions.enabledAddons %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D25.0.1
FF - prefs.js..extensions.enabledItems {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}6.0.22
FF - prefs.js..extensions.enabledItems jqs@sun.com1.0
FF - prefs.js..extensions.enabledItems {ABDE892B-13A8-4d1b-88E6-365A6E755758}15.0.2
FF - prefs.js..extensions.enabledItems plugin@yontoo.com1.20.00
FF - prefs.js..extensions.enabledItems {687578b9-7132-4a7a-80e4-30ee31099e03}3.12.0.8


FF - HKLMSoftwareMozillaPlugins@adobe.comFlashPlayer CWINDOWSsystem32MacromedFlashNPSWF32_11_9_900_170.dll ()
FF - HKLMSoftwareMozillaPlugins@java.comDTPlugin,version=10.45.2 CProgram FilesJavajre7bindtpluginnpDeployJava1.dll (Oracle Corporation)
FF - HKLMSoftwareMozillaPlugins@java.comJavaPlugin,version=10.45.2 CProgram FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.comWPF,version=3.5 cWINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@Motive.comNpMotive,version=1.0 CProgram FilesCommon FilesMotivenpMotive.dll (Alcatel-Lucent)
FF - HKLMSoftwareMozillaPlugins@Motive.comnpMotiveRequest,version=1.0 CProgram FilesCommon FilesMotivenpMotiveRequest.dll (Alcatel-Lucent)
FF - HKLMSoftwareMozillaPlugins@real.comnppl3260;version=16.0.3.51 cprogram filesrealrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprndlchromebrowserrecordext;version=1.3.3 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsMozillaPluginsnprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprndlhtml5videoshim;version=1.3.3 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsMozillaPluginsnprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprndlpepperflashvideoshim;version=1.3.3 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsMozillaPluginsnprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.comnprpplugin;version=16.0.3.51 cprogram filesrealrealplayerNetscape6nprpplugin.dll (RealPlayer)
FF - HKLMSoftwareMozillaPlugins@realnetworks.comnpdlplugin;version=1 CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsnpdlplugin.dll (RealDownloader)
FF - HKLMSoftwareMozillaPlugins@tools.google.comGoogle Update;version=3 CProgram FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.comGoogle Update;version=9 CProgram FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader CProgram FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt [20131206 145348 000,000,000 ---D M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{ABDE892B-13A8-4d1b-88E6-365A6E755758} CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt [20131206 145348 000,000,000 ---D M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0.1extensionsComponents CProgram FilesMozilla Firefoxcomponents [20131116 001117 000,000,000 ---D M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0.1extensionsPlugins CProgram FilesMozilla Firefoxplugins [20131212 232707 000,000,000 ---D M]

[20101123 130840 000,000,000 ---D M] (No name found) -- CDocuments and SettingsUserApplication DataMozillaExtensions
[20131211 191300 000,000,000 ---D M] (No name found) -- CDocuments and SettingsUserApplication DataMozillaFirefoxProfilesg7p9ierk.defaultextensions
[20131107 183113 000,000,000 ---D M] (uTorrentControl2) -- CDocuments and SettingsUserApplication DataMozillaFirefoxProfilesg7p9ierk.defaultextensions{687578b9-7132-4a7a-80e4-30ee31099e03}
[20131116 001117 000,000,000 ---D M] (No name found) -- CProgram FilesMozilla Firefoxextensions
[20131116 001116 000,000,000 ---D M] (No name found) -- CProgram FilesMozilla Firefoxbrowserextensions
[20131116 001239 000,000,000 ---D M] (Default) -- CProgram FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[20131206 145148 000,124,504 ---- M] (RealPlayer) -- CProgram Filesmozilla firefoxpluginsnprpplugin.dll

[color=#E56717]========== Chrome ==========[color]

CHR - default_search_provider Google (Enabled)
CHR - default_search_provider search_url = {googlebaseURL}searchq={searchTerms}&{googleRLZ}{googleoriginalQueryForSuggestion}{googleassistedQueryStats}{googlesearchFieldtrialParameter}{googlebookmarkBarPinned}{googlesearchClient}{googlesourceId}{googleinstantExtendedEnabledParameter}{googleomniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider suggest_url = {googlebaseSuggestURL}search{googlesearchFieldtrialParameter}client={googlesuggestClient}&q={searchTerms}&{googlecursorPosition}{googlezeroPrefixUrl}{googlepageClassification}sugkey={googlesuggestAPIKeyParameter},
CHR - homepage httpwww.google.com
CHR - plugin Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin Native Client (Enabled) = CProgram FilesGoogleChromeApplication31.0.1650.63ppGoogleNaClPluginChrome.dll
CHR - plugin Chrome PDF Viewer (Enabled) = CProgram FilesGoogleChromeApplication31.0.1650.63pdf.dll
CHR - plugin Shockwave Flash (Enabled) = CProgram FilesGoogleChromeApplication31.0.1650.63gcswf32.dll
CHR - plugin Shockwave Flash (Enabled) = CWINDOWSsystem32MacromedFlashNPSWF32.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin2.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin3.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin4.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin5.dll
CHR - plugin QuickTime Plug-in 7.6.6 (Enabled) = CProgram FilesGoogleChromeApplicationpluginsnpqtplugin6.dll
CHR - plugin Java Deployment Toolkit 6.0.220.4 (Enabled) = CProgram FilesJavajre6binnew_pluginnpdeployJava1.dll
CHR - plugin Java™ Platform SE 6 U22 (Enabled) = CProgram FilesJavajre6binnew_pluginnpjp2.dll
CHR - plugin RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = CProgram FilesMozilla Firefoxpluginsnppl3260.dll
CHR - plugin RealPlayer Version Plugin (Enabled) = CProgram FilesMozilla Firefoxpluginsnprpjplug.dll
CHR - plugin RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll
CHR - plugin RealJukebox NS Plugin (Enabled) = CProgram FilesMozilla Firefoxpluginsnprjplug.dll
CHR - plugin Microsoftu00AE DRM (Enabled) = CProgram FilesWindows Media Playernpdrmv2.dll
CHR - plugin Microsoftu00AE DRM (Enabled) = CProgram FilesWindows Media Playernpwmsdrm.dll
CHR - plugin Windows Media Player Plug-in Dynamic Link Library (Enabled) = CProgram FilesWindows Media Playernpdsplay.dll
CHR - plugin RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll
CHR - plugin Motive Plugin (Enabled) = CProgram FilesCommon FilesMotivenpMotive.dll
CHR - plugin Google Update (Enabled) = CProgram FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll
CHR - Extension Motive Extension = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsedmgmpmklgfbohogafcfobonnkogchec1.0_0
CHR - Extension RealDownloader = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsidhngdhcfkoamngbedgpaokgjbnpdiji1.3.3_0
CHR - Extension Google Wallet = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.5.0_0
CHR - Extension uTorrentControl2 = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspacgpkgadgmibnhpdidcnfafllnmeomc10.22.3.518_0
CHR - Extension uTorrentControl2 = CDocuments and SettingsUserLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspacgpkgadgmibnhpdidcnfafllnmeomc10.22.3.518_0nativeMessagingnmHost

O1 HOSTS File ([20080414 120000 000,000,734 ---- M]) - CWINDOWSsystem32driversetchosts
O1 - Hosts 127.0.0.1 localhost
O2 - BHO (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - CDocuments and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsIErndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre7binssv.dll (Oracle Corporation)
O2 - BHO (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgram FilesJavajre7binjp2ssv.dll (Oracle Corporation)
O4 - HKLM..Run [ApnTBMon] CProgram FilesAskPartnerNetworkToolbarUpdaterTBNotifier.exe (APN)
O4 - HKLM..Run [AVG_UI] CProgram FilesAVGAVG2014avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..Run [avgnt] CProgram FilesAviraAntiVir Desktopavgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..Run [btbb_McciTrayApp] CProgram FilesBT Broadband Desktop HelpbtbbBTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..Run [MSC] cProgram FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4 - HKLM..Run [NeroFilterCheck] CWINDOWSsystem32NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..Run [NvCplDaemon] CWINDOWSSystem32NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..Run [NvMediaCenter] CWINDOWSSystem32NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..Run [nwiz] CWINDOWSSystem32nwiz.exe ()
O4 - HKLM..Run [SoundMan] CWINDOWSSOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..Run [TkBellExe] Cprogram filesrealrealplayerupdaterealsched.exe (RealNetworks, Inc.)
O4 - HKCU..Run [TBHostSupport] CDocuments and SettingsUserLocal SettingsApplication DataTBHostSupportTBHostSupport.dll (Conduit Ltd.)
O4 - HKCU..Run [uTorrent] CProgram FilesuTorrentuTorrent.exe MINIMIZED File not found
O4 - Startup CDocuments and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk = CProgram FilesMicrosoft OfficeOfficeOSA9.EXE (Microsoft Corporation)
O4 - Startup CDocuments and SettingsAll UsersStart MenuProgramsStartupSymantec Fax Starter Edition Port.lnk = CProgram FilesMicrosoft OfficeOffice1033OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup CDocuments and SettingsUserStart MenuProgramsStartupOpenOffice.org 3.3.lnk = CProgram FilesOpenOffice.org 3programquickstart.exe ()
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer NoCDBurning = 0
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9Catalog_Entries000000000001 - CProgram FilesAviraAntiVir Desktopavsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9Catalog_Entries000000000002 - CProgram FilesAviraAntiVir Desktopavsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9Catalog_Entries000000000014 - CProgram FilesAviraAntiVir Desktopavsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLMSystemCCSServicesTcpipParameters DhcpNameServer = 192.168.1.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{3CA048F0-EAD0-459D-827C-2C7C859AFE40} DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon Shell - (Explorer.exe) - CWINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon UserInit - (CWINDOWSsystem32userinit.exe) - CWINDOWSsystem32userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper CDocuments and SettingsUserLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 - Desktop BackupWallPaper CDocuments and SettingsUserLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O32 - HKLM CDRom AutoRun - 1
O32 - AutoRun File - [20101123 121056 000,000,000 ---- M] () - CAUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute (autocheck autochk )
O34 - HKLM BootExecute (CPROGRA~1AVGAVG2014avgrsx.exe sync restart)
O35 - HKLM..comfile [open] -- %1 %
O35 - HKLM..exefile [open] -- %1 %
O37 - HKLM...com [@ = comfile] -- %1 %
O37 - HKLM...exe [@ = exefile] -- %1 %
O38 - SubSystemsWindows (ServerDll=winsrvUserServerDllInitialization,3)
O38 - SubSystemsWindows (ServerDll=winsrvConServerDllInitialization,2)

NetSvcs 6to4 - File not found
NetSvcs HidServ - %SystemRoot%System32hidserv.dll File not found
NetSvcs Ias - File not found
NetSvcs Iprip - File not found
NetSvcs Irmon - File not found
NetSvcs NWCWorkstation - File not found
NetSvcs Nwsapagent - File not found
NetSvcs WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set OTL Restore Point

[color=#E56717]========== FilesFolders - Created Within 30 Days ==========[color]

[20131214 011914 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataSun
[20131212 232956 000,000,000 ---D C] -- CProgram FilesAskPartnerNetwork
[20131212 232956 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAskPartnerNetwork
[20131212 232927 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAPN
[20131212 232717 000,000,000 ---D C] -- CProgram FilesCommon FilesJava
[20131212 232645 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsJava
[20131212 232539 000,000,000 ---D C] -- CProgram FilesJava
[20131212 230957 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataAVG2014
[20131212 230859 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsAVG
[20131212 230858 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataTuneUp Software
[20131212 230721 000,000,000 -H-D C] -- C$AVG
[20131212 230721 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAVG2014
[20131212 230643 000,000,000 ---D C] -- CProgram FilesAVG
[20131212 230332 000,000,000 -H-D C] -- CDocuments and SettingsAll UsersApplication DataCommon Files
[20131212 230331 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataMFAData
[20131212 230331 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataMFAData
[20131212 230331 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataAvg2014
[20131208 001720 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataSwvUpdater
[20131208 001712 000,000,000 ---D C] -- CProgram FilesRe-markit
[20131207 001849 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataAvira
[20131207 001404 000,000,000 ---D C] -- CDocuments and SettingsLocalServiceApplication DataRealNetworks
[20131207 001119 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsAvira
[20131207 001106 000,028,520 ---- C] (Avira GmbH) -- CWINDOWSSystem32driversssmdrv.sys
[20131207 001056 000,137,208 ---- C] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavipbb.sys
[20131207 001056 000,090,400 ---- C] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavgntflt.sys
[20131207 001056 000,037,352 ---- C] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavkmgr.sys
[20131207 001051 000,000,000 ---D C] -- CProgram FilesAvira
[20131207 001051 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataAvira
[20131206 235937 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataNativeMessaging
[20131206 235932 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataWhiteListing
[20131206 235928 000,000,000 ---D C] -- CDocuments and SettingsUserLocal SettingsApplication DataTBHostSupport
[20131206 150115 000,000,000 ---D C] -- CProgram FilesNosibay
[20131206 145641 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataNosibay
[20131206 145527 000,000,000 ---D C] -- CDocuments and SettingsUserApplication DataOpenCandy
[20131206 145345 000,000,000 ---D C] -- CProgram FilesRealNetworks
[20131206 145341 000,000,000 ---D C] -- CDocuments and SettingsAll UsersApplication DataRealNetworks
[20131206 145315 000,000,000 ---D C] -- CProgram FilesCommon Filesxing shared
[20131206 145135 000,000,000 ---D C] -- CDocuments and SettingsAll UsersStart MenuProgramsRealNetworks
[20131206 145134 000,272,896 ---- C] (Progressive Networks) -- CWINDOWSSystem32pncrt.dll
[20131202 190004 000,107,256 ---- C] (Trusteer Ltd.) -- CWINDOWSSystem32driversRapportKELL.sys
[20131127 204621 000,000,000 ---D C] -- CProgram FilesMicrosoft.NET
[20131116 001116 000,000,000 ---D C] -- CProgram FilesMozilla Firefox
[19981209 025354 000,186,368 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRAREG.DLL
[19981209 025354 000,099,840 ---- C] (Symantec Corp.) -- CProgram FilesCommon FilesIRAABOUT.DLL
[19981209 025354 000,070,144 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRAMDMTR.DLL
[19981209 025354 000,048,640 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRALPTTR.DLL
[19981209 025354 000,031,744 ---- C] (Symantec Corp., Peter Norton Computing Group) -- CProgram FilesCommon FilesIRAWEBTR.DLL
[19981209 025354 000,017,920 ---- C] (Symantec Corp.) -- CProgram FilesCommon FilesIRASRIAL.DLL
[6 CWINDOWSSystem32.tmp files - CWINDOWSSystem32.tmp - ]
[3 CWINDOWS.tmp files - CWINDOWS.tmp - ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[color]

[20131215 223941 000,000,384 -H-- M] () -- CWINDOWStasksMicrosoft Antimalware Scheduled Scan.job
[20131215 223405 000,000,882 ---- M] () -- CWINDOWStasksGoogleUpdateTaskMachineUA.job
[20131215 223305 000,000,830 ---- M] () -- CWINDOWStasksAdobe Flash Player Updater.job
[20131215 223246 000,088,566 ---- M] () -- CWINDOWSSystem32nvapps.xml
[20131215 223233 000,000,392 ---- M] () -- CWINDOWStasksAmiUpdXp.job
[20131215 223152 000,000,276 ---- M] () -- CWINDOWStasksRealUpgradeLogonTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131215 223151 000,000,276 ---- M] () -- CWINDOWStasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131215 223150 000,000,284 ---- M] () -- CWINDOWStasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131215 223148 000,002,206 ---- M] () -- CWINDOWSSystem32wpa.dbl
[20131215 223118 000,000,878 ---- M] () -- CWINDOWStasksGoogleUpdateTaskMachineCore.job
[20131215 222925 000,002,048 --S- M] () -- CWINDOWSbootstat.dat
[20131215 222921 1073,258,496 -HS- M] () -- Chiberfil.sys
[20131212 230859 000,000,702 ---- M] () -- CDocuments and SettingsAll UsersDesktopAVG 2014.lnk
[20131212 224223 000,146,016 ---- M] () -- CWINDOWSSystem32FNTCACHE.DAT
[20131211 194853 000,001,393 ---- M] () -- CWINDOWSimsins.BAK
[20131208 003513 000,000,116 ---- M] () -- CWINDOWSNeroDigital.ini
[20131207 001119 000,001,707 ---- M] () -- CDocuments and SettingsAll UsersDesktopAvira Control Center.lnk
[20131206 235420 000,028,520 ---- M] (Avira GmbH) -- CWINDOWSSystem32driversssmdrv.sys
[20131206 235419 000,137,208 ---- M] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavipbb.sys
[20131206 235419 000,090,400 ---- M] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavgntflt.sys
[20131206 235419 000,037,352 ---- M] (Avira Operations GmbH & Co. KG) -- CWINDOWSSystem32driversavkmgr.sys
[20131206 145422 000,000,747 ---- M] () -- CDocuments and SettingsAll UsersDesktopRealPlayer.lnk
[20131206 145134 000,272,896 ---- M] (Progressive Networks) -- CWINDOWSSystem32pncrt.dll
[20131206 144145 000,000,284 ---- M] () -- CWINDOWStasksRealUpgradeScheduledTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131202 190004 000,107,256 ---- M] (Trusteer Ltd.) -- CWINDOWSSystem32driversRapportKELL.sys
[20131127 221100 000,472,894 ---- M] () -- CWINDOWSSystem32perfh009.dat
[20131127 221100 000,075,988 ---- M] () -- CWINDOWSSystem32perfc009.dat
[20131119 024413 000,001,945 ---- M] () -- CWINDOWSepplauncher.mif
[6 CWINDOWSSystem32.tmp files - CWINDOWSSystem32.tmp - ]
[3 CWINDOWS.tmp files - CWINDOWS.tmp - ]

[color=#E56717]========== Files Created - No Company Name ==========[color]

[20131212 230859 000,000,702 ---- C] () -- CDocuments and SettingsAll UsersDesktopAVG 2014.lnk
[20131208 001721 000,000,392 ---- C] () -- CWINDOWStasksAmiUpdXp.job
[20131207 001119 000,001,707 ---- C] () -- CDocuments and SettingsAll UsersDesktopAvira Control Center.lnk
[20131206 145602 000,000,284 ---- C] () -- CWINDOWStasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131206 145602 000,000,276 ---- C] () -- CWINDOWStasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-854245398-1801674531-1003.job
[20131206 145422 000,000,747 ---- C] () -- CDocuments and SettingsAll UsersDesktopRealPlayer.lnk
[20131120 230657 000,000,384 -H-- C] () -- CWINDOWStasksMicrosoft Antimalware Scheduled Scan.job
[20120720 233050 000,000,169 ---- C] () -- CWINDOWSRtlRack.ini
[20120720 224506 000,558,133 ---- C] () -- CWINDOWSSystem32sqlite3.dll
[20120217 010915 000,003,072 ---- C] () -- CWINDOWSSystem32iacenc.dll
[20110713 230256 000,008,192 ---- C] () -- CDocuments and SettingsUserLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[color]

[20131017 230638 000,000,227 RHS- M] () -- CWINDOWSassemblyDesktop.ini

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
= %SystemRoot%system32shdocvw.dll -- [20100909 141630 001,510,400 ---- M] (Microsoft Corporation)
ThreadingModel = Apartment

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
= CWINDOWSsystem32wbemfastprox.dll -- [20090209 121048 000,473,600 ---- M] (Microsoft Corporation)
ThreadingModel = Free

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
= CWINDOWSsystem32wbemwbemess.dll -- [20080414 120000 000,273,920 ---- M] (Microsoft Corporation)
ThreadingModel = Both

[color=#E56717]========== LOP Check ==========[color]

[20131212 232927 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataAPN
[20131212 232956 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataAskPartnerNetwork
[20131212 230925 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataAVG2014
[20131212 230332 000,000,000 -H-D M] -- CDocuments and SettingsAll UsersApplication DataCommon Files
[20131215 225545 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataMFAData
[20131211 191311 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataTarma Installer
[20110912 173028 000,000,000 ---D M] -- CDocuments and SettingsAll UsersApplication DataTrusteer
[20120414 231020 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataAunsoft
[20131212 230957 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataAVG2014
[20131206 145534 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataOpenCandy
[20120214 192752 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataOpenOffice.org
[20130305 231937 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataPriceGong
[20131208 001721 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataSwvUpdater
[20131212 230858 000,000,000 ---D M] -- CDocuments and SettingsUserApplication DataTuneUp Software

[color=#E56717]========== Purity Check ==========[color]



[color=#E56717]========== Custom Scans ==========[color]

[color=#A23BEC] %SYSTEMDRIVE%.exe [color]
[20071107 070318 000,562,688 ---- M] (Microsoft Corporation) -- Cinstall.exe

[color=#A23BEC] MD5 for EXPLORER.EXE [color]
[20080414 120000 001,033,728 ---- M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- CWINDOWSexplorer.exe
[20080414 120000 001,033,728 ---- M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- CWINDOWSsystem32dllcacheexplorer.exe

[color=#A23BEC] MD5 for SVCHOST.EXE [color]
[20080414 120000 000,014,336 ---- M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- CWINDOWSsystem32dllcachesvchost.exe
[20080414 120000 000,014,336 ---- M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- CWINDOWSsystem32svchost.exe

[color=#A23BEC] MD5 for USERINIT.EXE [color]
[20080414 120000 000,026,112 ---- M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- CWINDOWSsystem32dllcacheuserinit.exe
[20080414 120000 000,026,112 ---- M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- CWINDOWSsystem32userinit.exe

[color=#A23BEC] MD5 for WINLOGON.EXE [color]
[20080414 120000 000,507,904 ---- M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- CWINDOWSsystem32dllcachewinlogon.exe
[20080414 120000 000,507,904 ---- M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- CWINDOWSsystem32winlogon.exe

[color=#A23BEC] %systemroot%. mp s [color]

End of report
  • 0

#3
Gedidrum

Gedidrum

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
sORRY, BUT i'M NEW TO HERE AND TRYING TO FOLLOW WHAT TO DO, BUT FINDING IT HARD. i'VE POSTED FIRST...oops, caps lock...first post is OTL.Text...second post is Extras.Txt

I hope someone can help. I've had this virus for at least 6 weeks and AVG, microsoft essentials and Avira have all falled.

Thanks in advance,
Gedidrum.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP