Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet secuirty keeeps stopping..OTL wont work [Solved]


  • This topic is locked This topic is locked

#16
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I had vpn as a thing you could go on the internet anonymous. not used it for months so must be leftovers
19 runs is probably the amount of times I have used it every now and then over months as I got told it would delete all adware if I did that every now and again

Farbar Recovery Scan Tool (x86) Version: 20-06-2013
Ran by Chris at 2013-06-20 10:27:25
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

================== Search: "ipinip.sys;nwlnkflt.sys;nwlnkfwd.sys" ===================

=== End Of Search ===
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks you for the update and log.


SystemLook

For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following Quote box into the main text field (Do Not copy the word Quote):

    :filefind
    ipinip.sys
    nwlnkflt.sys
    nwlnkfwd.sys

  • Click the Look button to start the scan.
    NOTE: Scan times are usually very fast. But some scans increase the scan time so don't be concerned if it takes a while.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#18
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
do you need to run combofix or is it ok? any idea why OTL wont run?

SystemLook 30.07.11 by jpshortstuff
Log created at 17:54 on 20/06/2013 by Chris
Administrator - Elevation successful

========== filefind ==========

Searching for "ipinip.sys"
No files found.

Searching for "nwlnkflt.sys"
No files found.

Searching for "nwlnkfwd.sys"
No files found.

-= EOF =-
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

do you need to run combofix or is it ok? any idea why OTL wont run?

I don't see anything on the system that would warrant running ComboFix. Why do you ask?
OTL is hanging at the Firefox settings so I assume there is a setting that is causing it to hang. And there are just some systems that OTL won't run on....we don't know why. Let's remove the driver entries that we discussed above. Then scan the system for any residual malware files. And finally we can try OTL again and see if it will run. If it is really hanging on Firefox settings you could try uninstalling Firefox and then see it it will run but I don't see the need for that.

Are you still having the original issue with Bit Defender? If you are, see if it is resolved after his run.
Please make sure you run the steps below in the order they are given. Before running Steps 3 and 4 please disable any screen saver you might have running.


Step-1.

Program Uninstall

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET Online Scanner

3. Click on each program to highlight it and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Download the attached fixlist.txt file and save it to the same location where the program is. (It should be the desktop)
  • Please re-open the Farbar Scan tool. To do that:
  • Right click the FRST.exe file to run the program.
  • Press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Please post it in your next reply.
    The Fixlog.txt file can also be found in the same location that the program was run from.

Step-3.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window.) You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-4.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

NOTE: Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Step-5.

Go to Step 2 in post #2 and run OTL according to the instructions.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The Fixlog.txt log
3. The MalwareBytes log
4. The ESET log (IF it found anything). If it didn't just tell me.
5. The OTL.txt log and Extras.txt log if OTL ran successfully.
  • 0

#20
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I just assumed combofix was the best one out there
I still have problems when I am loading pages, it hangs
bitdefender seems okay
eset didnt find anything
OTL stopped again when it got to firefox settings

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-06-2013
Ran by Chris at 2013-06-21 12:56:40 Run:1
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

==============================================

tap0901 => Service deleted successfully.
gttap1 => Service deleted successfully.
C:\Windows\System32\DRIVERS\tap0901.sys => Moved successfully.
C:\Windows\System32\DRIVERS\gttap1.sys => File/Directory not found.
C:\Users\Chris\AppData\Roaming\Wondershare => Moved successfully.
C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe => Moved successfully.
C:\Program Files\Eset => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

Protection: Enabled

21/06/2013 12:57:25
mbam-log-2013-06-21 (12-57-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198199
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I just assumed combofix was the best one out there

ComboFix is a very powerful tool. But I don't like to run it unless I see a need for it or if a system is heavily infected. We may run it here just to be sure...but I don't think we're there yet.

I still have problems when I am loading pages, it hangs

That's a new issue. First time I've heard of that. When did it start and does it happen with all browsers or just certain ones? Please describe exactly what happens.

bitdefender seems okay

This was the original issue you listed. I'm glad it seems to be resolved.

Thanks for the info on ESET and the MBAM log.

For the OTL problem...Have you installed any custom themes in FF or customized any settings? We can try disabling all add-ons and extensions and then see if OTL will run. If that doesn't work we can reset FF back to it's defaults and see it OTL will run. A last resort would be to completely uninstall FF and see if OTL will run.


Disable FF extensions/add-ons

Click the down arrow on the Firefox button and click Add-ons. The add-ons page will open.
Click Extensions in the left column. The Extensions page will open. Click the Disable button at the end of each extension to disable it.
Disable all plugins.
Click Plugins in the left column. The Plugins page will open. Click the Disable button at the end of each plugin to disable it.
Disable all plugins.

Now see if OTL will run.

If it doesn't we can reset FF back to the original settings. This will remove any themes other than the default theme. It will also remove any customizations made to things like toolbars and any profile customizations. You can go to the Firefox page here for a complete description of the reset will do and instructions on hoe to do it. If you decide to reset FF then run OTL again and see if it will complete.

The final option would be to completely uninstall FF and then run OTL.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
Answer my questions and let me know what you want to do about FF and running OTL.
  • 0

#22
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Firefox was normal apart from no script and ad block plus
tried OTL with plugins disabled but still wouldnt work
reset FF and I was able to run it, do you want to see the logs? does this mean my old FF had a virus in it?
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
No, I don't think it had a virus in it. I think that something like a plugin or extension or someone set a customized setting that wasn't compatible with OTL.

Please post the OTL.txt log and the Extras.txt log :)
  • 0

#24
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTL logfile created on: 21/06/2013 18:28:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.24% Memory free
6.21 Gb Paging File | 4.36 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 165.66 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/19 14:50:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013/06/11 20:47:18 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 08:54:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2013/05/11 23:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/24 17:17:38 | 001,611,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2013/04/24 07:43:33 | 001,124,088 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/11/02 13:34:50 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/28 12:43:25 | 000,163,840 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\ui\bdidntconp.ui
MOD - [2013/05/11 23:26:24 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/23 09:21:00 | 000,396,360 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdidntconp.dll
MOD - [2013/02/26 17:13:13 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2012/04/27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll


========== Services (SafeList) ==========

SRV - [2013/06/11 21:47:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2013/05/11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2013/02/26 17:20:55 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 19:46:48 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/11/12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2012/11/02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2012/10/04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/10/02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2011/11/14 20:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/12/10 21:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F4 51 2E 49 4E CE 01 [binary data]
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/15 16:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/11 08:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/06/16 11:02:50 | 000,000,000 | ---D | M]

[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/05/15 16:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/15 16:02:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/11 08:54:46 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/02 12:37:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/21 18:27:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data-2
[2013/06/21 13:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/21 13:04:51 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2013/06/20 10:26:04 | 001,368,263 | ---- | C] (Farbar) -- C:\Users\Chris\Desktop\FRST(1).exe
[2013/06/19 20:02:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2013/06/19 19:56:34 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/19 14:50:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/06/16 11:34:02 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/06/16 11:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/06/16 11:02:49 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013/06/16 11:02:49 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013/06/16 11:02:41 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/06/16 11:02:40 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/06/16 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2013/06/16 10:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/06/16 10:56:55 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/06/16 10:56:52 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/06/16 10:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/06/12 13:07:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/12 13:07:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 13:07:09 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/12 13:07:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/12 13:07:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/12 13:07:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/12 13:07:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/12 13:07:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/12 12:55:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/12 12:55:47 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 12:55:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 12:55:31 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/12 12:55:31 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/12 12:54:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/06/11 08:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/06/10 19:39:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2013/06/02 12:41:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 12:41:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2013/05/28 22:02:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/23 22:02:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\233
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/06/21 18:27:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/21 18:20:00 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 18:20:00 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 17:47:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/21 15:55:30 | 000,287,381 | ---- | M] () -- C:\Users\Chris\Desktop\left.png
[2013/06/21 15:46:59 | 000,236,467 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-21-15-18-35.png
[2013/06/21 13:04:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2013/06/21 12:20:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/21 12:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/20 21:31:12 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 17:54:18 | 000,139,264 | ---- | M] () -- C:\Users\Chris\Desktop\SystemLook.exe
[2013/06/20 10:26:06 | 001,368,263 | ---- | M] (Farbar) -- C:\Users\Chris\Desktop\FRST(1).exe
[2013/06/19 20:05:40 | 000,648,201 | ---- | M] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2013/06/19 20:01:36 | 000,910,848 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/06/19 16:58:39 | 001,813,367 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/06/19 15:04:27 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/06/19 15:04:27 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/06/19 14:50:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/06/19 14:38:25 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/16 11:34:02 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/06/16 11:06:03 | 001,409,998 | ---- | M] () -- C:\ProgramData\1371376538.bdinstall.bin
[2013/06/16 11:04:28 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02
[2013/06/16 11:04:28 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr
[2013/06/16 11:04:28 | 000,000,308 | -H-- | M] () -- C:\bdr-cf02
[2013/06/16 11:03:18 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/06/16 11:03:18 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/06/16 10:51:55 | 000,228,291 | ---- | M] () -- C:\ProgramData\1371376249.bdinstall.bin
[2013/06/15 22:10:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/15 22:10:05 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/12 13:27:32 | 005,137,139 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/06/12 09:25:09 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/11 21:47:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 21:47:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/11 08:56:12 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/06/11 08:54:59 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/06/11 08:54:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/06/11 08:54:40 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/06/11 08:54:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/06/10 19:39:44 | 000,029,239 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/04 07:45:48 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 13:26:15 | 000,503,681 | ---- | M] () -- C:\ProgramData\1370175395.bdinstall.bin
[2013/06/02 13:13:34 | 000,228,064 | ---- | M] () -- C:\ProgramData\1370175092.bdinstall.bin
[2013/06/02 12:53:21 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/06/02 12:48:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/06/02 12:48:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/06/02 12:37:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/05/27 05:56:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

========== Files Created - No Company Name ==========

[2013/06/21 15:50:48 | 000,287,381 | ---- | C] () -- C:\Users\Chris\Desktop\left.png
[2013/06/21 15:47:09 | 000,236,467 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-21-15-18-35.png
[2013/06/20 17:54:16 | 000,139,264 | ---- | C] () -- C:\Users\Chris\Desktop\SystemLook.exe
[2013/06/19 20:05:37 | 000,648,201 | ---- | C] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2013/06/19 20:01:35 | 000,910,848 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/06/19 16:58:39 | 001,813,367 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/06/16 11:06:03 | 001,409,998 | ---- | C] () -- C:\ProgramData\1371376538.bdinstall.bin
[2013/06/16 11:04:28 | 000,000,308 | -H-- | C] () -- C:\bdr-cf02
[2013/06/16 11:03:18 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/06/16 11:03:18 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/06/16 10:58:38 | 002,294,848 | -H-- | C] () -- C:\bdr-bz02
[2013/06/16 10:58:37 | 036,573,121 | -H-- | C] () -- C:\bdr-im02.gz
[2013/06/16 10:58:37 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02
[2013/06/16 10:58:37 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr
[2013/06/16 10:51:55 | 000,228,291 | ---- | C] () -- C:\ProgramData\1371376249.bdinstall.bin
[2013/06/12 13:27:28 | 005,137,139 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/06/11 23:17:34 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/11 08:56:12 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/06/10 19:39:44 | 000,029,239 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/02 13:26:15 | 000,503,681 | ---- | C] () -- C:\ProgramData\1370175395.bdinstall.bin
[2013/06/02 13:13:34 | 000,228,064 | ---- | C] () -- C:\ProgramData\1370175092.bdinstall.bin
[2013/06/02 12:53:21 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/06/02 12:48:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/06/02 12:48:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/05/26 08:36:11 | 071,571,170 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_151606.mp4
[2013/05/26 08:36:00 | 004,542,346 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_151644.mp4
[2013/05/26 08:35:58 | 070,039,279 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_151820.mp4
[2013/05/23 22:06:20 | 003,091,843 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_132606.jpg
[2013/05/23 22:06:18 | 003,086,016 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_131503.jpg
[2013/05/23 22:06:15 | 003,145,792 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_131458.jpg
[2013/05/23 22:06:04 | 003,110,788 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_131455.jpg
[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 09:55:32 | 000,041,472 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/16 10:58:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/06/10 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2013/05/15 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/05/11 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/06/12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 21/06/2013 18:28:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.24% Memory free
6.21 Gb Paging File | 4.36 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 165.66 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95C5F95E-62D7-4526-9C15-BCE6ABA4F874}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E666F7E6-14C7-46A7-AEBB-325E67946372}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version 5.1.0.0
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBCD" = EasyBCD 1.7
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2180] [2008-10-04]
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero7Lite_is1" = Nero 7 Lite 7.10.1.2
"Opera 12.15.1748" = Opera 12.15
"RealPlayer 16.0" = RealPlayer
"Skitch 1.0.2.0" = Skitch
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/06/2013 10:06:51 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/06/2013 14:56:01 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 15fc Start Time: 01ce6d1e5eb4d40f Termination Time: 3

Error - 20/06/2013 19:36:54 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/06/2013 19:36:55 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/06/2013 22:09:57 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/06/2013 22:09:57 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 21/06/2013 07:20:37 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 21/06/2013 07:20:37 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 21/06/2013 10:17:18 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 798 Start Time: 01ce6e89759f1a77 Termination Time: 4

Error - 21/06/2013 13:24:55 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f90 Start Time: 01ce6ea3ebe5b6e0 Termination Time: 4

[ System Events ]
Error - 19/06/2013 10:04:14 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2013 10:04:14 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7026
Description =

Error - 19/06/2013 10:04:14 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2013 10:04:14 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2013 10:04:14 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2013 10:04:14 | Computer Name = DELL-530 | Source = DCOM | ID = 10005
Description =

Error - 19/06/2013 10:04:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 20/06/2013 19:35:07 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:33:14 on 21/06/2013 was unexpected.

Error - 20/06/2013 22:08:13 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 02:54:13 on 21/06/2013 was unexpected.

Error - 21/06/2013 07:19:51 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:49:48 on 21/06/2013 was unexpected.


< End of report >
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Those logs are clean. In fact this is one of the cleanest systems I've seen. You didn't answer my question:

I still have problems when I am loading pages, it hangs

That's a new issue. First time I've heard of that. When did it start and does it happen with all browsers or just certain ones? Please describe exactly what happens.


  • 0

Advertisements


#26
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
sorry it just happens every so often, FF just says not responding and I cant do anything. also IE keeps freezing to

any idea why all my emails from my yahoo get sent back? something about a failure notice
  • 0

#27
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Can I run OTL again please. my computer keeps hanging and its really slow

if I had been hacked since the last OTL log would you know
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Run OTL using the instructions for it in post#2 except you don't need to download the tool again. Please post the OTL.txt log, there won't be an Extras.txt log this time.

And please explain exactly what you mean by "my computer keeps hanging"
  • 0

#29
Harry44

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
It just keeps locking up and freezing and I have to reboot

OTL logfile created on: 24/06/2013 16:40:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.12% Memory free
6.21 Gb Paging File | 4.77 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 166.20 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/19 14:50:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013/06/11 08:54:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/24 17:17:38 | 001,611,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
PRC - [2013/04/24 07:43:33 | 001,124,088 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/11/02 13:34:50 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/28 12:43:25 | 000,163,840 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\ui\bdidntconp.ui
MOD - [2013/04/23 09:21:00 | 000,396,360 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdidntconp.dll
MOD - [2013/02/26 17:13:13 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
MOD - [2012/04/27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll


========== Services (SafeList) ==========

SRV - [2013/06/11 21:47:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV - [2013/05/11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV - [2013/02/26 17:20:55 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 19:46:48 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/11/12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2012/11/02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2012/10/04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/10/02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2011/11/14 20:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/12/10 21:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F4 51 2E 49 4E CE 01 [binary data]
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/05/06 13:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/15 16:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/11 08:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/06/16 11:02:50 | 000,000,000 | ---D | M]

[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/06/22 22:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\bbm4z3v6.default-1371835630502\extensions
[2013/06/22 22:51:40 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\bbm4z3v6.default-1371835630502\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/06/22 22:51:09 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\bbm4z3v6.default-1371835630502\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/15 16:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/15 16:02:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2013/06/11 08:54:59 | 000,153,736 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2013/06/11 08:54:46 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/02 12:37:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/21 18:27:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data-2
[2013/06/21 13:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/21 13:04:51 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2013/06/20 10:26:04 | 001,368,263 | ---- | C] (Farbar) -- C:\Users\Chris\Desktop\FRST(1).exe
[2013/06/19 20:02:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2013/06/19 19:56:34 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/19 14:50:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/06/16 11:34:02 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/06/16 11:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/06/16 11:02:49 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013/06/16 11:02:49 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013/06/16 11:02:41 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/06/16 11:02:40 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/06/16 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2013/06/16 10:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/06/16 10:56:55 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/06/16 10:56:52 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/06/16 10:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/06/12 13:07:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/12 13:07:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 13:07:09 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/12 13:07:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/12 13:07:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/12 13:07:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/12 13:07:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/12 13:07:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/12 12:55:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/12 12:55:47 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 12:55:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 12:55:31 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/12 12:55:31 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/12 12:54:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/11 08:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/06/11 08:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/06/10 19:39:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2013/06/02 12:41:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 12:41:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2013/05/28 22:02:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/06/24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/24 15:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/24 15:19:45 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/24 15:19:45 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/24 06:27:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/23 23:19:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/23 15:56:26 | 000,173,896 | ---- | M] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2013/06/23 13:09:49 | 000,330,209 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-23-13-08-05.png
[2013/06/22 14:38:39 | 000,424,878 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-22-14-37-53.png
[2013/06/21 18:48:07 | 000,172,912 | ---- | M] () -- C:\Users\Chris\Desktop\betfair card.jpg
[2013/06/21 15:46:59 | 000,236,467 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-21-15-18-35.png
[2013/06/21 13:04:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2013/06/20 21:31:12 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 17:54:18 | 000,139,264 | ---- | M] () -- C:\Users\Chris\Desktop\SystemLook.exe
[2013/06/20 10:26:06 | 001,368,263 | ---- | M] (Farbar) -- C:\Users\Chris\Desktop\FRST(1).exe
[2013/06/19 20:05:40 | 000,648,201 | ---- | M] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2013/06/19 20:01:36 | 000,910,848 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/06/19 16:58:39 | 001,813,367 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/06/19 15:04:27 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/06/19 15:04:27 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/06/19 14:50:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/06/19 14:38:25 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/16 11:34:02 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/06/16 11:06:03 | 001,409,998 | ---- | M] () -- C:\ProgramData\1371376538.bdinstall.bin
[2013/06/16 11:04:28 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02
[2013/06/16 11:04:28 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr
[2013/06/16 11:04:28 | 000,000,308 | -H-- | M] () -- C:\bdr-cf02
[2013/06/16 11:03:18 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/06/16 11:03:18 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/06/16 10:51:55 | 000,228,291 | ---- | M] () -- C:\ProgramData\1371376249.bdinstall.bin
[2013/06/15 22:10:05 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/15 22:10:05 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/12 13:27:32 | 005,137,139 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/06/12 09:25:09 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/11 21:47:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 21:47:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/11 08:56:12 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/06/11 08:54:59 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/06/11 08:54:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/06/11 08:54:40 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/06/11 08:54:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/06/10 19:39:44 | 000,029,239 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/04 07:45:48 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 13:26:15 | 000,503,681 | ---- | M] () -- C:\ProgramData\1370175395.bdinstall.bin
[2013/06/02 13:13:34 | 000,228,064 | ---- | M] () -- C:\ProgramData\1370175092.bdinstall.bin
[2013/06/02 12:53:21 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/06/02 12:48:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/06/02 12:48:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/06/02 12:37:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/05/27 05:56:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

========== Files Created - No Company Name ==========

[2013/06/23 15:56:26 | 000,173,896 | ---- | C] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2013/06/23 13:09:53 | 000,330,209 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-23-13-08-05.png
[2013/06/22 14:38:42 | 000,424,878 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-22-14-37-53.png
[2013/06/21 18:45:55 | 000,172,912 | ---- | C] () -- C:\Users\Chris\Desktop\betfair card.jpg
[2013/06/21 15:47:09 | 000,236,467 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-06-21-15-18-35.png
[2013/06/20 17:54:16 | 000,139,264 | ---- | C] () -- C:\Users\Chris\Desktop\SystemLook.exe
[2013/06/19 20:05:37 | 000,648,201 | ---- | C] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2013/06/19 20:01:35 | 000,910,848 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/06/19 16:58:39 | 001,813,367 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/06/16 11:06:03 | 001,409,998 | ---- | C] () -- C:\ProgramData\1371376538.bdinstall.bin
[2013/06/16 11:04:28 | 000,000,308 | -H-- | C] () -- C:\bdr-cf02
[2013/06/16 11:03:18 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/06/16 11:03:18 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/06/16 10:58:38 | 002,294,848 | -H-- | C] () -- C:\bdr-bz02
[2013/06/16 10:58:37 | 036,573,121 | -H-- | C] () -- C:\bdr-im02.gz
[2013/06/16 10:58:37 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02
[2013/06/16 10:58:37 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr
[2013/06/16 10:51:55 | 000,228,291 | ---- | C] () -- C:\ProgramData\1371376249.bdinstall.bin
[2013/06/12 13:27:28 | 005,137,139 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/06/11 23:17:34 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/11 08:56:12 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/06/10 19:39:44 | 000,029,239 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/02 13:26:15 | 000,503,681 | ---- | C] () -- C:\ProgramData\1370175395.bdinstall.bin
[2013/06/02 13:13:34 | 000,228,064 | ---- | C] () -- C:\ProgramData\1370175092.bdinstall.bin
[2013/06/02 12:53:21 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/06/02 12:48:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/06/02 12:48:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/05/26 08:36:11 | 071,571,170 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_151606.mp4
[2013/05/26 08:36:00 | 004,542,346 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_151644.mp4
[2013/05/26 08:35:58 | 070,039,279 | ---- | C] () -- C:\Users\Chris\Desktop\20130328_151820.mp4
[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 09:55:32 | 000,041,472 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/16 10:58:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/06/10 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2013/05/15 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/05/11 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/06/12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

The newest OTL scan still doesn't anything that could cause the lockups and freezing. And just telling me that the pc is locking up and freezing really doesn't give me any information. Locking up and freezing can be the symptom of so many possibilities such as:

Software related issue.
Driver related issue.
Operating system related issue.
Heat related issue.
Hardware issue.
Serious issue with Windows
Hardware failure.

So I need you to be more specific as in:
Does this happen when you are working in a particular program, for example?
Does it happen just when you are using a browser on the internet?
Does it happen when you are playing a particular game?
Or will the pc lock up/freeze when you aren't doing anything?

Do you know what this is on the desktop: VTS_01_1.VOB:TOC.WMV

Let's clear the temp files and program caches and check the MBR and check for rootkits.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Double click on TDSSKiller.exe to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Make sure the boxes under Objects to scan are checked like the image below.
  • In the Additional options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)

    Posted Image
  • Click OK
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions
2. The OTL fixes log
3. The aswMBR.txt log
4. The TDSSKiller log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP