Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet secuirty keeeps stopping..OTL wont work [Solved]

Started by Harry44 , Jun 16 2013 04:26 AM

  • This topic is locked This topic is locked

#1
Harry44
Posted 16 June 2013 - 04:26 AM

Harry44

    Member

  • Member
  • PipPip
  • 45 posts
have got bitdefender internet security and it keeps not responding can someone check the logs and see if its malware causing it to stop please?

I ran OTL and for a long time I got not responding on that as well so had to close it and start again but everytime it gets to scanning firefox settings it doesnt respond hence no logs

Edited by Harry44, 16 June 2013 - 05:00 AM.

  • 0

Advertisements

#2
godawgs
Posted 19 June 2013 - 12:27 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Harry44, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

If you still need assistance let's work on getting some logs. Let's remove the copy of OTL that you have now and download a fresh copy to the desktop.

NOTE: When OTL gets hung on scanning Firefox settings running it multiple times has allowed it to work. So if it gets hung stop it and then try running it again. If it gets hung again stop it and try running it a third time. If it gets hung again we'll go to Plan-B.


Step-1.

Please re-open Posted Image .
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

Step-2.

Download OTL to the Desktop. It is important that it is download to the Desktop.

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Plan-B.

If OTL won't run in the normal Windows mod, boot the computer into Safe Mode and see if OTL will run from there.


Step-2.
1. The OTL.txt log
2. The Extras.txt log
  • 0

#3
Harry44
Posted 19 June 2013 - 08:08 AM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
wont run in normal or safe mode. Gets to firefox settings and freezes both
have run OTL before and not had this problem
this mean I am infected?
  • 0

#4
godawgs
Posted 19 June 2013 - 08:33 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
It means that OTL hangs when checking Firefox settings. Something in FF is causing it to hang. I won't know if it is a malicious setting until I can see some logs.

Please tell me which version of Windows you are running, ie; XP, Vista, Windows 7 or Windows 8 and whether it is 64bit or 32bit.
  • 0

#5
Harry44
Posted 19 June 2013 - 09:22 AM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
vista 32 I think

Edited by Harry44, 19 June 2013 - 09:24 AM.

  • 0

#6
godawgs
Posted 19 June 2013 - 09:49 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Click the Start Orb Posted Image and right click Computer.
Click Properties. A Basic Information window will open.
Under the Windows edition section it will tell you which version of Windows is running and if it is a 64bit version it will say 64bit.

Let me know if you you see 64bit.
Alos please tell me what anti-virus program you have running, like AVAST or AVG or McAfee or Microsoft Security Essentials etc;
  • 0

#7
Harry44
Posted 19 June 2013 - 09:55 AM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
should I have 4 users in properties?
autheniticated users
system
admin
users

No dont see 64 bit
I have bitdefender internet security and also MBAM pro
  • 0

#8
godawgs
Posted 19 June 2013 - 10:19 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

should I have 4 users in properties?
autheniticated users
system
admin
users

Those users should be on the system but what section of the system information page did you see that in? The page should look like this. I don't see users anywhere on that screen shot or my actual System page.

Posted Image
  • 0

#9
Harry44
Posted 19 June 2013 - 10:29 AM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
pic

Attached Thumbnails

  • Untitled.jpg

  • 0

#10
godawgs
Posted 19 June 2013 - 11:00 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
What you show should be there....but that's not what I was looking for. Let's try this a different way.

  • Click the Start Orb Posted Image.
  • In the list that comes up, in the right column click Control Panel. The control Panel window will open.
  • Click System and Maintenance. The System and Maintenance window will open.
  • Click System. The System window will open. It will look like the sccreenshot I posted in post #8
  • Look under the System section. Beside System type: it will tell you whether it is a 32bit operating system or a 64bit operating system.

  • 0

Advertisements

#11
Harry44
Posted 19 June 2013 - 11:01 AM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
32 bit
  • 0

#12
godawgs
Posted 19 June 2013 - 11:44 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. Let's disable MBAM and BitDefender and see if that will allow OTL to run. If it doesn't we will try another tool. :)

It would be a good idea to print these instructions or save them to a text file before you begin. You might also want to download all of the tools at one time and then close the browser and refer to the instructions to run them :thumbsup:


Step-1.

Disable MBAM and Bit defender

For MBAM

Right click the MBAM icon on the desktop and click Run as Administrator
Click the Protection tab and uncheck Start with Windows under General Settings.
NOTE: We will need to leave this disabled for the duration of the cleaning process as it has been known to interfere with the fixes.

For Bit Defender

Double click on the system icon for Bit Defender.
When the Bit Defender window appears, move mouse arrow to the left side and click >> Virus Shield.
Move mouse arrow to the black check by Virus Shield is enabled and click.
The black works will change to red, >> Virus Shield is disabled.
Move mouse arrow to the top right corner and click the down arrows.
Bit Defender is now inactive.

Now see if OTL will run. If it still won't run let's try a different tool.


Step-2.

Fabar Recovery Scan

Step-A.

Download the Tool
  • Please click here to go to the Farbar Recovery Scan Tool download page.
  • Click the Download Now(32bit Version) button and save it to your desktop.
Step-B.

Run the Tool
Close all open Windows and browsers
  • Right click the FRST.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Step-3.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Do Not delete anything at this time.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
If OTL ran to completion:
1. the OTL.txt log
2. The Extras.txt log
3. The RKreport.txt log
4. The AdwCleaner[R1].txt log

If OTL still wouldn't run:
1. The FRST.txt log
2. The Addition.txt log
3. The RKreport.txt log
4. The AdwCleaner[R1].txt log

Don't forget to re-enable the Bit Defender anti-virus program
  • 0

#13
Harry44
Posted 19 June 2013 - 01:07 PM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Chris (administrator) on 19-06-2013 19:57:02
Running from C:\Users\Chris\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [295512 2013-06-11] (RealNetworks, Inc.)
HKLM\...\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe" [1611784 2013-04-24] (Bitdefender)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: trafficlight - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\Extensions\[email protected]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-02-26] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [55984 2013-02-26] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1345008 2013-05-27] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66392 2012-11-12] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [134136 2012-10-02] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [162976 2012-10-04] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
U3 TrueSight; C:\Windows\system32\drivers\TrueSight.sys [15616 2013-06-02] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 gttap1; system32\DRIVERS\gttap1.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-19 19:56 - 2013-06-19 19:56 - 01367073 ____A (Farbar) C:\Users\Chris\Downloads\FRST.exe
2013-06-19 19:56 - 2013-06-19 19:56 - 00000000 ____D C:\FRST
2013-06-19 14:50 - 2013-06-19 14:50 - 00602112 ____A (OldTimer Tools) C:\Users\Chris\Desktop\OTL.exe
2013-06-19 14:36 - 2013-06-19 14:36 - 00000796 ____A C:\Windows\PFRO.log
2013-06-16 11:34 - 2013-06-16 11:34 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-06-16 11:06 - 2013-06-16 11:06 - 01409998 ____A C:\ProgramData\1371376538.bdinstall.bin
2013-06-16 11:04 - 2013-06-16 11:04 - 00000308 ___AH C:\bdr-cf02
2013-06-16 11:03 - 2013-06-16 11:03 - 00001957 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2013-06-16 11:03 - 2013-06-16 11:03 - 00001909 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-06-16 11:03 - 2013-06-16 11:03 - 00000818 ____A C:\Windows\setupact.log
2013-06-16 11:03 - 2013-06-16 11:03 - 00000000 ____A C:\Windows\setuperr.log
2013-06-16 11:02 - 2013-04-17 14:59 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-06-16 11:02 - 2013-04-17 14:59 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-06-16 11:02 - 2013-02-22 19:46 - 00078144 ____A (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
2013-06-16 11:02 - 2012-11-12 18:11 - 00066392 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2013-06-16 10:58 - 2013-06-16 11:05 - 00000000 ____D C:\ProgramData\Bitdefender
2013-06-16 10:58 - 2013-06-16 11:04 - 00253404 ___AH C:\bdr-ld02
2013-06-16 10:58 - 2013-06-16 11:04 - 00009216 ___AH C:\bdr-ld02.mbr
2013-06-16 10:58 - 2013-06-16 10:58 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Bitdefender
2013-06-16 10:58 - 2012-12-12 17:38 - 36573121 ___AH C:\bdr-im02.gz
2013-06-16 10:58 - 2012-08-15 15:28 - 02294848 ___AH C:\bdr-bz02
2013-06-16 10:56 - 2013-06-16 10:56 - 00000000 ____D C:\Program Files\Bitdefender
2013-06-16 10:56 - 2013-05-28 12:11 - 00355744 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-06-16 10:56 - 2012-10-04 14:30 - 00162976 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2013-06-16 10:51 - 2013-06-16 10:51 - 00228291 ____A C:\ProgramData\1371376249.bdinstall.bin
2013-06-12 13:07 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 13:07 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 13:07 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 13:07 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 13:07 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 13:07 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 13:07 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 13:07 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 13:07 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 13:07 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 13:07 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 13:07 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 13:07 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 13:07 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 13:07 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 13:07 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 12:55 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:55 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 12:55 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 12:55 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:55 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 12:55 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:55 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:55 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:55 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:55 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:54 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 23:17 - 2013-06-12 09:25 - 00001041 ____A C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2013-06-11 08:56 - 2013-06-11 08:56 - 00001069 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-11 08:56 - 2013-06-11 08:56 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-11 08:56 - 2013-06-11 08:56 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-11 08:55 - 2013-06-11 08:55 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-10 22:01 - 2013-06-10 22:06 - 41404760 ____A (Apple Inc.) C:\Users\Chris\Downloads\QuickTimeInstaller(1).exe
2013-06-10 22:01 - 2013-06-10 22:02 - 38428064 ____A (RealNetworks, Inc.) C:\Users\Chris\Downloads\RealPlayer(1).exe
2013-06-10 20:37 - 2013-06-10 20:37 - 00000000 ____D C:\Program Files\ESET
2013-06-10 20:35 - 2013-06-10 20:35 - 02347384 ____A (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe
2013-06-10 19:39 - 2013-06-10 19:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\PeerNetworking
2013-06-05 23:53 - 2013-06-05 23:53 - 00318904 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wmpfirefoxplugin (2).exe
2013-06-05 23:48 - 2013-06-05 23:48 - 00318904 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wmpfirefoxplugin (1).exe
2013-06-05 23:46 - 2013-06-05 23:46 - 00118149 ____A C:\Users\Chris\Downloads\wmpChrome (1).crx
2013-06-05 23:45 - 2013-06-05 23:46 - 00118149 ____A C:\Users\Chris\Downloads\wmpChrome.crx
2013-06-05 23:13 - 2013-06-05 23:13 - 00000244 ____A C:\Users\Chris\Downloads\defogger_enable.log
2013-06-05 23:12 - 2013-06-05 23:12 - 00050477 ____A C:\Users\Chris\Downloads\Defogger.exe
2013-06-04 07:45 - 2013-06-04 07:45 - 04378864 ____A (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup402.exe
2013-06-02 13:26 - 2013-06-02 13:26 - 00503681 ____A C:\ProgramData\1370175395.bdinstall.bin
2013-06-02 13:13 - 2013-06-02 13:13 - 00228064 ____A C:\ProgramData\1370175092.bdinstall.bin
2013-06-02 12:56 - 2013-06-08 17:45 - 00001576 ____A C:\Windows\System32\spsys.log
2013-06-02 12:53 - 2013-06-02 12:53 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-02 12:48 - 2013-06-02 12:48 - 00001406 ____A C:\Users\Chris\Desktop\HitmanPro_20130602_1248.log
2013-06-02 12:48 - 2013-06-02 12:48 - 00000000 _RASH C:\MSDOS.SYS
2013-06-02 12:48 - 2013-06-02 12:48 - 00000000 _RASH C:\IO.SYS
2013-05-28 22:05 - 2013-05-28 22:05 - 02423648 ____A C:\Users\Chris\Downloads\bitdefender_tsecurity.exe
2013-05-26 08:36 - 2013-03-28 15:16 - 71571170 ____N C:\Users\Chris\Desktop\20130328_151606.mp4
2013-05-26 08:36 - 2013-03-28 15:16 - 04542346 ____N C:\Users\Chris\Desktop\20130328_151644.mp4
2013-05-26 08:35 - 2013-03-28 15:18 - 70039279 ____N C:\Users\Chris\Desktop\20130328_151820.mp4
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\Users\Chris\Desktop\233

==================== One Month Modified Files and Folders ========

2013-06-19 19:56 - 2013-06-19 19:56 - 01367073 ____A (Farbar) C:\Users\Chris\Downloads\FRST.exe
2013-06-19 19:56 - 2013-06-19 19:56 - 00000000 ____D C:\FRST
2013-06-19 19:53 - 2012-06-09 17:42 - 01798765 ____A C:\Windows\WindowsUpdate.log
2013-06-19 19:47 - 2012-12-13 20:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 19:27 - 2013-04-16 13:17 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 19:06 - 2006-11-02 13:47 - 00005184 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-19 19:06 - 2006-11-02 13:47 - 00005184 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-19 18:01 - 2013-01-13 21:28 - 00056088 ____A C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-19 15:06 - 2013-04-16 13:17 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 15:06 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 15:04 - 2013-05-06 14:42 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-06-19 15:04 - 2013-05-06 12:27 - 00000680 ____A C:\Users\Chris\AppData\Local\d3d9caps.dat
2013-06-19 15:01 - 2006-11-02 14:01 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-19 14:50 - 2013-06-19 14:50 - 00602112 ____A (OldTimer Tools) C:\Users\Chris\Desktop\OTL.exe
2013-06-19 14:38 - 2013-01-13 18:03 - 03610720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-19 14:36 - 2013-06-19 14:36 - 00000796 ____A C:\Windows\PFRO.log
2013-06-16 11:34 - 2013-06-16 11:34 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-06-16 11:06 - 2013-06-16 11:06 - 01409998 ____A C:\ProgramData\1371376538.bdinstall.bin
2013-06-16 11:05 - 2013-06-16 10:58 - 00000000 ____D C:\ProgramData\Bitdefender
2013-06-16 11:04 - 2013-06-16 11:04 - 00000308 ___AH C:\bdr-cf02
2013-06-16 11:04 - 2013-06-16 10:58 - 00253404 ___AH C:\bdr-ld02
2013-06-16 11:04 - 2013-06-16 10:58 - 00009216 ___AH C:\bdr-ld02.mbr
2013-06-16 11:04 - 2011-02-04 13:24 - 00000000 ____D C:\users\Chris
2013-06-16 11:03 - 2013-06-16 11:03 - 00001957 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2013-06-16 11:03 - 2013-06-16 11:03 - 00001909 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-06-16 11:03 - 2013-06-16 11:03 - 00000818 ____A C:\Windows\setupact.log
2013-06-16 11:03 - 2013-06-16 11:03 - 00000000 ____A C:\Windows\setuperr.log
2013-06-16 10:58 - 2013-06-16 10:58 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Bitdefender
2013-06-16 10:56 - 2013-06-16 10:56 - 00000000 ____D C:\Program Files\Bitdefender
2013-06-16 10:56 - 2013-05-06 15:02 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-06-16 10:51 - 2013-06-16 10:51 - 00228291 ____A C:\ProgramData\1371376249.bdinstall.bin
2013-06-15 22:15 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-15 22:10 - 2006-11-02 11:33 - 00709578 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 14:41 - 2012-08-16 12:01 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2013-06-12 13:37 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-12 13:29 - 2011-12-28 15:52 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Vso
2013-06-12 13:26 - 2011-12-31 14:09 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2013-06-12 12:58 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 09:25 - 2013-06-11 23:17 - 00001041 ____A C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2013-06-12 00:48 - 2011-12-28 15:53 - 00000000 ____D C:\Users\Chris\Documents\ConvertXToDVD
2013-06-11 21:47 - 2012-12-13 20:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 21:47 - 2012-12-13 20:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 09:06 - 2012-03-25 04:14 - 00000000 ____D C:\Users\Chris\AppData\Roaming\RealNetworks
2013-06-11 08:56 - 2013-06-11 08:56 - 00001069 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-11 08:56 - 2013-06-11 08:56 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-11 08:56 - 2013-06-11 08:56 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-11 08:55 - 2013-06-11 08:55 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-11 08:55 - 2011-12-26 23:09 - 00000000 ____D C:\ProgramData\Real
2013-06-11 08:55 - 2008-10-23 13:52 - 00000000 ____D C:\Program Files\Real
2013-06-11 08:54 - 2013-03-03 20:50 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-11 08:54 - 2013-03-03 20:50 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-11 08:54 - 2013-03-03 20:50 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-11 08:54 - 2008-10-23 13:52 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-11 08:54 - 2008-10-23 13:05 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2013-06-10 22:06 - 2013-06-10 22:01 - 41404760 ____A (Apple Inc.) C:\Users\Chris\Downloads\QuickTimeInstaller(1).exe
2013-06-10 22:02 - 2013-06-10 22:01 - 38428064 ____A (RealNetworks, Inc.) C:\Users\Chris\Downloads\RealPlayer(1).exe
2013-06-10 20:37 - 2013-06-10 20:37 - 00000000 ____D C:\Program Files\ESET
2013-06-10 20:35 - 2013-06-10 20:35 - 02347384 ____A (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe
2013-06-10 19:39 - 2013-06-10 19:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\PeerNetworking
2013-06-08 17:45 - 2013-06-02 12:56 - 00001576 ____A C:\Windows\System32\spsys.log
2013-06-05 23:53 - 2013-06-05 23:53 - 00318904 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wmpfirefoxplugin (2).exe
2013-06-05 23:49 - 2013-04-11 23:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-05 23:48 - 2013-06-05 23:48 - 00318904 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wmpfirefoxplugin (1).exe
2013-06-05 23:46 - 2013-06-05 23:46 - 00118149 ____A C:\Users\Chris\Downloads\wmpChrome (1).crx
2013-06-05 23:46 - 2013-06-05 23:45 - 00118149 ____A C:\Users\Chris\Downloads\wmpChrome.crx
2013-06-05 23:13 - 2013-06-05 23:13 - 00000244 ____A C:\Users\Chris\Downloads\defogger_enable.log
2013-06-05 23:12 - 2013-06-05 23:12 - 00050477 ____A C:\Users\Chris\Downloads\Defogger.exe
2013-06-05 21:30 - 2013-04-16 13:17 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-04 07:45 - 2013-06-04 07:45 - 04378864 ____A (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup402.exe
2013-06-04 07:45 - 2013-01-14 22:58 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-04 07:45 - 2013-01-14 22:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-03 23:44 - 2013-04-26 21:44 - 00000000 ____D C:\Casino
2013-06-02 13:26 - 2013-06-02 13:26 - 00503681 ____A C:\ProgramData\1370175395.bdinstall.bin
2013-06-02 13:13 - 2013-06-02 13:13 - 00228064 ____A C:\ProgramData\1370175092.bdinstall.bin
2013-06-02 12:53 - 2013-06-02 12:53 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-02 12:48 - 2013-06-02 12:48 - 00001406 ____A C:\Users\Chris\Desktop\HitmanPro_20130602_1248.log
2013-06-02 12:48 - 2013-06-02 12:48 - 00000000 _RASH C:\MSDOS.SYS
2013-06-02 12:48 - 2013-06-02 12:48 - 00000000 _RASH C:\IO.SYS
2013-06-02 12:37 - 2006-11-02 11:23 - 00000215 ____A C:\Windows\system.ini
2013-05-31 02:25 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-31 02:20 - 2012-04-16 21:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-28 22:05 - 2013-05-28 22:05 - 02423648 ____A C:\Users\Chris\Downloads\bitdefender_tsecurity.exe
2013-05-28 21:34 - 2012-01-11 04:46 - 00000000 ____D C:\Windows\ERDNT
2013-05-28 12:11 - 2013-06-16 10:56 - 00355744 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-05-27 05:56 - 2012-04-11 11:10 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\Users\Chris\Desktop\233

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-19 15:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013
Ran by Chris at 2013-06-19 19:57:40 Run:
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Leawo Video Converter version 5.1.0.0
Adobe AIR (Version: 3.7.0.1860)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Bitdefender Internet Security 2013 (Version: 16.30.0.1843)
CCleaner (Version: 4.02)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
EasyBCD 1.7 (Version: 1.7)
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04] (Version: 1.0)
FileHippo.com Update Checker
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyFreeCodec
Nero 7 Lite 7.10.1.2 (Version: 7.10.1.2)
neroxml (Version: 1.0.0)
Opera 12.15 (Version: 12.15.1748)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
Skitch (Version: 1.0.2.0)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
YouTube Downloader App 3.00 (Version: 3.00)

==================== Restore Points =========================

28-05-2013 18:00:06 Scheduled Checkpoint
28-05-2013 21:13:31 Device Driver Package Install: BitDefender LLC Network Service
30-05-2013 05:15:23 Scheduled Checkpoint
30-05-2013 19:27:23 Scheduled Checkpoint
31-05-2013 01:19:28 Removed Apple Application Support
31-05-2013 01:21:05 Removed Apple Mobile Device Support
31-05-2013 01:22:10 Windows Live Essentials
31-05-2013 22:58:17 Windows Update
02-06-2013 12:22:58 Device Driver Package Install: BitDefender LLC Network Service
03-06-2013 16:24:25 Scheduled Checkpoint
04-06-2013 15:56:55 Windows Update
05-06-2013 23:35:14 Scheduled Checkpoint
07-06-2013 03:29:56 Scheduled Checkpoint
08-06-2013 04:02:34 Scheduled Checkpoint
08-06-2013 11:30:43 Installed Kaspersky Security Scan.
09-06-2013 21:28:51 First Restore Point
10-06-2013 18:40:09 Removed Apple Software Update
12-06-2013 00:44:06 Scheduled Checkpoint
12-06-2013 11:56:02 Windows Update
13-06-2013 16:42:54 Scheduled Checkpoint
14-06-2013 15:27:49 Scheduled Checkpoint
15-06-2013 21:06:33 Windows Update
16-06-2013 10:03:34 Device Driver Package Install: BitDefender LLC Network Service
16-06-2013 23:02:17 Scheduled Checkpoint
17-06-2013 23:00:06 Scheduled Checkpoint
19-06-2013 01:14:37 Scheduled Checkpoint
19-06-2013 17:44:54 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0945E1CB-16D0-411C-8521-E36129FC4CAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {0C8C107F-6F4F-486F-9E02-C08A5FE5A315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {0E85FA89-016D-4346-B9F7-05F4D0C132EE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\rundll32 No File
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55BCF811-A564-4112-86D0-CE9A15394CF0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] ()
Task: {60AB6ED2-5351-4312-8C56-7508ACA6E8FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {65085157-1668-426A-B6F0-F1E76EE83AB2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {6AB10674-89F8-4900-9832-2CF880C72577} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6C5C9EEA-EC42-4744-A580-5F1AAA0C40B7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {6CF8EE34-6EE2-4E64-AA5A-E3899409B671} - System32\Tasks\User_Feed_Synchronization-{890E34AE-B7D2-4C9D-B64B-88DB364A18E6} => C:\Windows\system32\msfeedssync.exe [2011-12-26] (Microsoft Corporation)
Task: {709FD123-0434-4B25-9F09-F77D694C65B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {71739981-C277-4982-8733-0F5E16065D1E} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {745733FA-3BB1-409F-9D9C-36EC6FD46BDF} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {8214B684-CA5F-4C69-89AA-C1D18ACA5CB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\rundll32 No File

==================== Faulty Device Manager Devices =============

Name: GoTrusted TAP Adapter
Description: GoTrusted TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: GoTrusted TAP Provider
Service: gttap1
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2013 07:56:01 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 15fc
Start Time: 01ce6d1e5eb4d40f
Termination Time: 3

Error: (06/19/2013 03:06:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:06:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:04:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:04:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:03:31 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/19/2013 03:01:23 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17e8
Start Time: 01ce6cf522f973da
Termination Time: 0

Error: (06/19/2013 02:47:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 02:47:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2013 04:24:00 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 19ec
Start Time: 01ce6aa4f6c0b537
Termination Time: 11
  • 0

#14
Harry44
Posted 19 June 2013 - 01:08 PM

Harry44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
RogueKiller V8.6.1 [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 06/19/2013 20:04:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM
x:\Windows\system32

-> D:\windows\system32\config\SOFTWARE
x:\Windows\system32

-> D:\windows\system32\config\SECURITY
x:\Windows\system32

-> D:\windows\system32\config\SAM
x:\Windows\system32

-> D:\windows\system32\config\DEFAULT
x:\Windows\system32

-> D:\Users\Default\NTUSER.DAT
x:\Windows\system32


¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06192013_200401.txt >>



# AdwCleaner v2.303 - Logfile created 06/19/2013 at 20:06:02
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Chris - DELL-530
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Chris\AppData\Roaming\Wondershare

***** [Registry] *****

Key Found : HKLM\Software\InstallIQ

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Chris\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R19].txt - [1046 octets] - [19/06/2013 20:06:02]

########## EOF - C:\AdwCleaner[R19].txt - [1107 octets] ##########
  • 0

#15
godawgs
Posted 19 June 2013 - 08:33 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

I don't really see anything in the Farbar scan or the RogueKiller scan. AdwCleaner only found one folder on this scan. Why did you run it 19 times?

AdwCleaner[R19].txt - [1046 octets] - [19/06/2013 20:06:02]

Windows is complaining about a driver belonging to the GoTrusted Secure Tunnel VPN program not loading because it can't be found. I can't see the GoTrusted program in the list of installed programs so I'm assuming that maybe you downloaded the free trial and installed it and then at some point uninstalled it and it left some bits and pieces that we can remove. There are also a couple of three Windows drivers that we need to check.


Step-1.

Fabar Recovery Scan

Close all open Windows and browsers
  • Right click the FRST.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • In the Search: box type or copy and paste the following:
    ipinip.sys;nwlnkflt.sys;nwlnkfwd.sys
  • Press the Search button.
  • You will see a progress bar, then a message pops up indicating that the search is completed and the Search.txt log is saved in the same location where FRST.exe is located.
  • Please copy and paste it to your reply.

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know about the GoTrusted VPN program and the 19 runs of AdwCleaner.
2. The Search.txt log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP