Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
comp acting odd
Message
<blockquote data-quote="jc3777" data-source="post: 119553" data-attributes="member: 7812"><p>only got 1 log from OTL</p><p></p><p>OTL logfile created on: 07/05/2013 22:26:06 - Run 2</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop</p><p>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.97% Memory free</p><p>6.17 Gb Paging File | 4.94 Gb Available in Paging File | 79.99% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 288.32 Gb Total Space | 173.75 Gb Free Space | 60.26% Space Free | Partition Type: NTFS</p><p>Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS</p><p>Unable to calculate disk information.</p><p> </p><p>Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Chris\Desktop\otl.exe (OldTimer Tools)</p><p>PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)</p><p>PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)</p><p>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()</p><p>PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)</p><p>PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)</p><p>PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)</p><p>PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</p><p>PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()</p><p>MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()</p><p>MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()</p><p>MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()</p><p>MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()</p><p>MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()</p><p>MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()</p><p>MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)</p><p>SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()</p><p>SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)</p><p>SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)</p><p>SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)</p><p>SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)</p><p>SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found</p><p>DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found</p><p>DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found</p><p>DRV - (gttap1) -- system32\DRIVERS\gttap1.sys File not found</p><p>DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)</p><p>DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)</p><p>DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)</p><p>DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)</p><p>DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)</p><p>DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)</p><p>DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)</p><p>DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)</p><p>DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)</p><p>DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)</p><p>DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)</p><p>DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)</p><p>DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)</p><p>DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)</p><p>DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)</p><p>DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\..\SearchScopes,DefaultScope = </p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A A9 26 C2 78 4A CE 01 [binary data]</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1</p><p>FF - user.js - File not found</p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</p><p>FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/06 13:44:21 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/06 13:44:21 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/06 13:44:08 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/05/06 17:41:26 | 000,000,000 | ---D | M]</p><p> </p><p>[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions</p><p>[2013/04/28 05:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions</p><p>[2013/04/15 16:46:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</p><p>[2013/04/11 23:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2013/04/11 23:12:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</p><p>[2013/04/03 17:01:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</p><p>[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml</p><p>[2013/04/03 17:01:59 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll</p><p>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll</p><p>CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll</p><p>CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll</p><p>CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll</p><p>CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll</p><p>CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll</p><p>CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll</p><p>CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll</p><p>CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</p><p>CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</p><p>CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll</p><p>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</p><p>CHR - Extension: Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\</p><p>CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\</p><p>CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</p><p>CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</p><p>CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\</p><p>CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</p><p> </p><p>O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: ::1 localhost</p><p>O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)</p><p>O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)</p><p>O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)</p><p>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</p><p>O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)</p><p>O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/05/07 18:43:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan</p><p>[2013/05/07 18:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab</p><p>[2013/05/07 09:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe</p><p>[2013/05/07 09:39:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine</p><p>[2013/05/06 18:12:12 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys</p><p>[2013/05/06 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013</p><p>[2013/05/06 17:41:26 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys</p><p>[2013/05/06 17:41:26 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys</p><p>[2013/05/06 17:41:14 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys</p><p>[2013/05/06 17:41:13 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys</p><p>[2013/05/06 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender</p><p>[2013/05/06 17:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender</p><p>[2013/05/06 17:34:45 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys</p><p>[2013/05/06 17:34:44 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys</p><p>[2013/05/06 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging</p><p>[2013/05/06 15:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender</p><p>[2013/05/06 15:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender</p><p>[2013/05/06 14:26:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VS Revo Group</p><p>[2013/05/06 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro</p><p>[2013/05/06 14:26:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys</p><p>[2013/05/06 14:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group</p><p>[2013/05/06 00:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch</p><p>[2013/05/02 22:55:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(16540)</p><p>[2013/05/02 22:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution</p><p>[2013/05/02 22:29:47 | 000,000,000 | ---D | C] -- C:\RegBackup</p><p>[2013/05/02 12:44:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE(171).BIN</p><p>[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp(6708)</p><p>[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp</p><p>[2013/05/02 11:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2013/04/28 11:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com</p><p>[2013/04/28 05:15:21 | 000,000,000 | ---D | C] -- C:\_OTL</p><p>[2013/04/26 21:44:24 | 000,000,000 | ---D | C] -- C:\Casino</p><p>[2013/04/16 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\cache</p><p>[2013/04/16 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FullTiltPoker</p><p>[2013/04/16 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker</p><p>[2013/04/16 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker</p><p>[2013/04/16 13:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP</p><p>[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses</p><p>[2013/04/15 16:40:40 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX</p><p>[2013/04/15 16:40:40 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL</p><p>[2013/04/15 16:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Open Command Window Here (Administrator)</p><p>[2013/04/14 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro</p><p>[2013/04/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox</p><p>[2013/04/11 22:27:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe</p><p>[2013/04/10 10:04:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</p><p>[2013/04/10 10:04:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll</p><p>[2013/04/10 10:04:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll</p><p>[2013/04/10 10:04:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe</p><p>[2013/04/10 10:04:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll</p><p>[2013/04/10 10:04:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll</p><p>[2013/04/10 10:04:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll</p><p>[2013/04/10 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl</p><p>[2013/04/10 06:00:36 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe</p><p>[2013/04/10 06:00:35 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe</p><p>[2013/04/10 06:00:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll</p><p>[2013/04/10 06:00:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll</p><p>[2013/04/10 06:00:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</p><p>[2013/04/09 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT</p><p>[2013/04/09 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT</p><p>[2013/04/09 04:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps</p><p>[2013/04/08 22:10:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll</p><p>[2013/04/08 22:10:08 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll</p><p>[2013/04/08 22:10:04 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys</p><p>[2013/04/08 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan</p><p>[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/05/07 22:30:08 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/05/07 22:30:08 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/05/07 22:22:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/05/07 22:22:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/05/07 22:21:55 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml</p><p>[2013/05/07 22:21:18 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/05/07 22:21:17 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/05/07 22:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/05/07 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/05/07 18:42:41 | 000,000,954 | ---- | M] () -- C:\Users\Chris\Desktop\Kaspersky Security Scan.lnk</p><p>[2013/05/07 09:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe</p><p>[2013/05/07 09:39:12 | 000,816,128 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe</p><p>[2013/05/06 18:12:12 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys</p><p>[2013/05/06 17:46:22 | 000,513,291 | ---- | M] () -- C:\ProgramData\1367858076.bdinstall.bin</p><p>[2013/05/06 17:43:15 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02</p><p>[2013/05/06 17:43:15 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr</p><p>[2013/05/06 17:43:15 | 000,000,308 | -H-- | M] () -- C:\bdr-cf02</p><p>[2013/05/06 17:41:56 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk</p><p>[2013/05/06 17:41:56 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk</p><p>[2013/05/06 17:13:49 | 000,231,810 | ---- | M] () -- C:\ProgramData\1367856608.bdinstall.bin</p><p>[2013/05/06 15:15:46 | 000,589,989 | ---- | M] () -- C:\ProgramData\1367848954.bdinstall.bin</p><p>[2013/05/06 14:50:20 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367848219.bdinstall.bin</p><p>[2013/05/06 14:46:26 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847986.bdinstall.bin</p><p>[2013/05/06 14:46:25 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847985.bdinstall.bin</p><p>[2013/05/06 14:46:24 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847984.bdinstall.bin</p><p>[2013/05/06 14:46:22 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847982.bdinstall.bin</p><p>[2013/05/06 14:45:11 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847911.bdinstall.bin</p><p>[2013/05/06 14:45:07 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847907.bdinstall.bin</p><p>[2013/05/06 14:45:00 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847900.bdinstall.bin</p><p>[2013/05/06 14:44:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847896.bdinstall.bin</p><p>[2013/05/06 14:44:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847892.bdinstall.bin</p><p>[2013/05/06 14:43:57 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847837.bdinstall.bin</p><p>[2013/05/06 14:42:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini</p><p>[2013/05/06 14:42:31 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat</p><p>[2013/05/06 14:39:39 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847579.bdinstall.bin</p><p>[2013/05/06 14:38:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847512.bdinstall.bin</p><p>[2013/05/06 14:37:44 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847464.bdinstall.bin</p><p>[2013/05/06 14:37:27 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847447.bdinstall.bin</p><p>[2013/05/06 14:32:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847172.bdinstall.bin</p><p>[2013/05/06 14:32:02 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847122.bdinstall.bin</p><p>[2013/05/06 14:29:07 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846947.bdinstall.bin</p><p>[2013/05/06 14:28:38 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846918.bdinstall.bin</p><p>[2013/05/06 14:26:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846816.bdinstall.bin</p><p>[2013/05/06 14:26:22 | 000,001,089 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk</p><p>[2013/05/06 14:26:22 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk</p><p>[2013/05/06 14:20:40 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846439.bdinstall.bin</p><p>[2013/05/06 14:19:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846392.bdinstall.bin</p><p>[2013/05/06 14:17:26 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846246.bdinstall.bin</p><p>[2013/05/06 14:17:09 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846229.bdinstall.bin</p><p>[2013/05/06 14:13:38 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe</p><p>[2013/05/06 14:13:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>[2013/05/06 14:10:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845832.bdinstall.bin</p><p>[2013/05/06 14:10:06 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845806.bdinstall.bin</p><p>[2013/05/06 14:09:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845792.bdinstall.bin</p><p>[2013/05/02 13:22:27 | 000,527,431 | ---- | M] () -- C:\ProgramData\1367496592.bdinstall.bin</p><p>[2013/05/02 13:19:20 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01</p><p>[2013/05/02 13:19:20 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr</p><p>[2013/05/02 13:19:20 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01</p><p>[2013/05/01 15:32:32 | 000,019,644 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg</p><p>[2013/05/01 15:30:42 | 000,018,901 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg</p><p>[2013/05/01 15:29:08 | 000,032,167 | ---- | M] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg</p><p>[2013/05/01 15:26:57 | 000,017,887 | ---- | M] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg</p><p>[2013/04/30 19:08:46 | 000,000,190 | ---- | M] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg</p><p>[2013/04/28 22:18:47 | 000,910,996 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache</p><p>[2013/04/28 22:18:33 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache</p><p>[2013/04/27 11:29:17 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat</p><p>[2013/04/24 12:56:34 | 003,459,204 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf</p><p>[2013/04/24 09:53:28 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk</p><p>[2013/04/18 19:03:14 | 000,355,527 | ---- | M] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png</p><p>[2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys</p><p>[2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys</p><p>[2013/04/17 12:28:31 | 000,023,753 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg</p><p>[2013/04/17 12:28:29 | 000,024,335 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg</p><p>[2013/04/16 20:47:08 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk</p><p>[2013/04/16 13:25:20 | 000,001,995 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</p><p>[2013/04/16 13:17:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2013/04/15 16:52:55 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk</p><p>[2013/04/14 18:23:55 | 000,000,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP</p><p>[2013/04/14 16:53:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt</p><p>[2013/04/11 22:27:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe</p><p>[2013/04/10 12:09:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/04/10 10:11:44 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2013/04/10 09:23:25 | 008,963,961 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf</p><p>[2013/04/09 22:58:54 | 000,000,913 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk</p><p>[2013/04/09 22:58:48 | 000,000,733 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk</p><p>[2013/04/09 22:58:48 | 000,000,714 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk</p><p>[2013/04/08 22:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/05/07 22:21:55 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml</p><p>[2013/05/07 18:43:17 | 000,000,954 | ---- | C] () -- C:\Users\Chris\Desktop\Kaspersky Security Scan.lnk</p><p>[2013/05/07 09:39:11 | 000,816,128 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe</p><p>[2013/05/06 17:46:21 | 000,513,291 | ---- | C] () -- C:\ProgramData\1367858076.bdinstall.bin</p><p>[2013/05/06 17:43:15 | 000,000,308 | -H-- | C] () -- C:\bdr-cf02</p><p>[2013/05/06 17:41:56 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk</p><p>[2013/05/06 17:41:56 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk</p><p>[2013/05/06 17:36:31 | 002,294,848 | -H-- | C] () -- C:\bdr-bz02</p><p>[2013/05/06 17:36:31 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr</p><p>[2013/05/06 17:36:30 | 036,573,121 | -H-- | C] () -- C:\bdr-im02.gz</p><p>[2013/05/06 17:36:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02</p><p>[2013/05/06 17:13:49 | 000,231,810 | ---- | C] () -- C:\ProgramData\1367856608.bdinstall.bin</p><p>[2013/05/06 15:15:46 | 000,589,989 | ---- | C] () -- C:\ProgramData\1367848954.bdinstall.bin</p><p>[2013/05/06 14:50:19 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367848219.bdinstall.bin</p><p>[2013/05/06 14:46:26 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847986.bdinstall.bin</p><p>[2013/05/06 14:46:25 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847985.bdinstall.bin</p><p>[2013/05/06 14:46:24 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847984.bdinstall.bin</p><p>[2013/05/06 14:46:22 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847982.bdinstall.bin</p><p>[2013/05/06 14:45:11 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847911.bdinstall.bin</p><p>[2013/05/06 14:45:07 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847907.bdinstall.bin</p><p>[2013/05/06 14:45:00 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847900.bdinstall.bin</p><p>[2013/05/06 14:44:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847896.bdinstall.bin</p><p>[2013/05/06 14:44:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847892.bdinstall.bin</p><p>[2013/05/06 14:43:57 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847837.bdinstall.bin</p><p>[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini</p><p>[2013/05/06 14:39:39 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847579.bdinstall.bin</p><p>[2013/05/06 14:38:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847512.bdinstall.bin</p><p>[2013/05/06 14:37:44 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847464.bdinstall.bin</p><p>[2013/05/06 14:37:27 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847447.bdinstall.bin</p><p>[2013/05/06 14:32:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847172.bdinstall.bin</p><p>[2013/05/06 14:32:02 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847122.bdinstall.bin</p><p>[2013/05/06 14:29:07 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846947.bdinstall.bin</p><p>[2013/05/06 14:28:38 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846918.bdinstall.bin</p><p>[2013/05/06 14:26:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846816.bdinstall.bin</p><p>[2013/05/06 14:26:22 | 000,001,089 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk</p><p>[2013/05/06 14:26:22 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk</p><p>[2013/05/06 14:20:40 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846439.bdinstall.bin</p><p>[2013/05/06 14:19:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846392.bdinstall.bin</p><p>[2013/05/06 14:17:26 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846246.bdinstall.bin</p><p>[2013/05/06 14:17:09 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846229.bdinstall.bin</p><p>[2013/05/06 14:10:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845832.bdinstall.bin</p><p>[2013/05/06 14:10:06 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845806.bdinstall.bin</p><p>[2013/05/06 14:09:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845792.bdinstall.bin</p><p>[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat</p><p>[2013/05/02 13:22:27 | 000,527,431 | ---- | C] () -- C:\ProgramData\1367496592.bdinstall.bin</p><p>[2013/05/02 13:19:20 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01</p><p>[2013/05/02 13:11:09 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01</p><p>[2013/05/02 13:11:09 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr</p><p>[2013/05/02 13:11:08 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz</p><p>[2013/05/02 13:11:08 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01</p><p>[2013/05/01 15:30:42 | 000,018,901 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg</p><p>[2013/05/01 15:29:07 | 000,032,167 | ---- | C] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg</p><p>[2013/05/01 15:26:56 | 000,017,887 | ---- | C] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg</p><p>[2013/05/01 15:26:48 | 000,019,644 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg</p><p>[2013/04/30 19:08:44 | 000,000,190 | ---- | C] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg</p><p>[2013/04/27 11:29:17 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat</p><p>[2013/04/24 12:56:33 | 003,459,204 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf</p><p>[2013/04/18 19:03:07 | 000,355,527 | ---- | C] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png</p><p>[2013/04/17 12:07:57 | 000,024,335 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg</p><p>[2013/04/17 12:03:25 | 000,023,753 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg</p><p>[2013/04/16 20:47:08 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk</p><p>[2013/04/16 13:17:59 | 000,001,995 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</p><p>[2013/04/16 13:17:59 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2013/04/16 13:17:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/04/16 13:17:03 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/04/15 16:52:55 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk</p><p>[2013/04/15 16:52:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk</p><p>[2013/04/14 13:57:16 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk</p><p>[2013/04/10 09:23:24 | 008,963,961 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf</p><p>[2013/04/09 22:58:54 | 000,000,913 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk</p><p>[2013/04/09 22:58:48 | 000,000,733 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk</p><p>[2013/04/09 22:58:48 | 000,000,714 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk</p><p>[2013/04/08 22:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf</p><p>[2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe</p><p>[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe</p><p>[2012/06/03 09:55:32 | 000,033,792 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2012/04/11 11:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol</p><p>[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll</p><p>[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache</p><p>[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache</p><p>[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache</p><p>[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat</p><p>[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf</p><p>[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll</p><p>[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll</p><p>[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll</p><p>[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/05/06 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bitdefender</p><p>[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant</p><p>[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo</p><p>[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org</p><p>[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera</p><p>[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan</p><p>[2012/09/12 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung</p><p>[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp</p><p>[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k</p><p>[2013/02/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent</p><p>[2013/03/28 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso</p><p>[2012/04/17 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV</p><p>@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="jc3777, post: 119553, member: 7812"] only got 1 log from OTL OTL logfile created on: 07/05/2013 22:26:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.97% Memory free 6.17 Gb Paging File | 4.94 Gb Available in Paging File | 79.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.32 Gb Total Space | 173.75 Gb Free Space | 60.26% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Chris\Desktop\otl.exe (OldTimer Tools) PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender) PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll () MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender) SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (gttap1) -- system32\DRIVERS\gttap1.sys File not found DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender) DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL) DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender) DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.) DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC) DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group) DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A A9 26 C2 78 4A CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/06 13:44:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/06 13:44:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/06 13:44:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/05/06 17:41:26 | 000,000,000 | ---D | M] [2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions [2013/04/28 05:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions [2013/04/15 16:46:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013/04/11 23:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/04/11 23:12:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/04/03 17:01:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013/04/03 17:01:59 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/05/07 18:43:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013/05/07 18:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013/05/07 09:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2013/05/07 09:39:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine [2013/05/06 18:12:12 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013/05/06 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2013/05/06 17:41:26 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys [2013/05/06 17:41:26 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys [2013/05/06 17:41:14 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys [2013/05/06 17:41:13 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys [2013/05/06 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender [2013/05/06 17:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013/05/06 17:34:45 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys [2013/05/06 17:34:44 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013/05/06 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013/05/06 15:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013/05/06 15:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013/05/06 14:26:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VS Revo Group [2013/05/06 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2013/05/06 14:26:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys [2013/05/06 14:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group [2013/05/06 00:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch [2013/05/02 22:55:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(16540) [2013/05/02 22:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/05/02 22:29:47 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/05/02 12:44:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE(171).BIN [2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp(6708) [2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/02 11:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/28 11:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2013/04/28 05:15:21 | 000,000,000 | ---D | C] -- C:\_OTL [2013/04/26 21:44:24 | 000,000,000 | ---D | C] -- C:\Casino [2013/04/16 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\cache [2013/04/16 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FullTiltPoker [2013/04/16 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [2013/04/16 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker [2013/04/16 13:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2013/04/15 16:40:40 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX [2013/04/15 16:40:40 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL [2013/04/15 16:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Open Command Window Here (Administrator) [2013/04/14 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/04/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/11 22:27:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe [2013/04/10 10:04:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/04/10 10:04:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/04/10 10:04:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/04/10 10:04:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/04/10 10:04:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/04/10 10:04:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/04/10 10:04:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/04/10 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/04/10 06:00:36 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/04/10 06:00:35 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/04/10 06:00:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/04/10 06:00:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/04/10 06:00:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/04/09 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/04/09 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2013/04/09 04:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps [2013/04/08 22:10:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll [2013/04/08 22:10:08 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll [2013/04/08 22:10:04 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys [2013/04/08 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan [2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/05/07 22:30:08 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/07 22:30:08 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/07 22:22:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/07 22:22:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/07 22:21:55 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml [2013/05/07 22:21:18 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/07 22:21:17 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/07 22:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/07 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/07 18:42:41 | 000,000,954 | ---- | M] () -- C:\Users\Chris\Desktop\Kaspersky Security Scan.lnk [2013/05/07 09:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2013/05/07 09:39:12 | 000,816,128 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe [2013/05/06 18:12:12 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013/05/06 17:46:22 | 000,513,291 | ---- | M] () -- C:\ProgramData\1367858076.bdinstall.bin [2013/05/06 17:43:15 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02 [2013/05/06 17:43:15 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr [2013/05/06 17:43:15 | 000,000,308 | -H-- | M] () -- C:\bdr-cf02 [2013/05/06 17:41:56 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk [2013/05/06 17:41:56 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013/05/06 17:13:49 | 000,231,810 | ---- | M] () -- C:\ProgramData\1367856608.bdinstall.bin [2013/05/06 15:15:46 | 000,589,989 | ---- | M] () -- C:\ProgramData\1367848954.bdinstall.bin [2013/05/06 14:50:20 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367848219.bdinstall.bin [2013/05/06 14:46:26 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847986.bdinstall.bin [2013/05/06 14:46:25 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847985.bdinstall.bin [2013/05/06 14:46:24 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847984.bdinstall.bin [2013/05/06 14:46:22 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847982.bdinstall.bin [2013/05/06 14:45:11 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847911.bdinstall.bin [2013/05/06 14:45:07 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847907.bdinstall.bin [2013/05/06 14:45:00 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847900.bdinstall.bin [2013/05/06 14:44:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847896.bdinstall.bin [2013/05/06 14:44:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847892.bdinstall.bin [2013/05/06 14:43:57 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847837.bdinstall.bin [2013/05/06 14:42:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013/05/06 14:42:31 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat [2013/05/06 14:39:39 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847579.bdinstall.bin [2013/05/06 14:38:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847512.bdinstall.bin [2013/05/06 14:37:44 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847464.bdinstall.bin [2013/05/06 14:37:27 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847447.bdinstall.bin [2013/05/06 14:32:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847172.bdinstall.bin [2013/05/06 14:32:02 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847122.bdinstall.bin [2013/05/06 14:29:07 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846947.bdinstall.bin [2013/05/06 14:28:38 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846918.bdinstall.bin [2013/05/06 14:26:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846816.bdinstall.bin [2013/05/06 14:26:22 | 000,001,089 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2013/05/06 14:26:22 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2013/05/06 14:20:40 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846439.bdinstall.bin [2013/05/06 14:19:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846392.bdinstall.bin [2013/05/06 14:17:26 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846246.bdinstall.bin [2013/05/06 14:17:09 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846229.bdinstall.bin [2013/05/06 14:13:38 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/05/06 14:13:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/05/06 14:10:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845832.bdinstall.bin [2013/05/06 14:10:06 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845806.bdinstall.bin [2013/05/06 14:09:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845792.bdinstall.bin [2013/05/02 13:22:27 | 000,527,431 | ---- | M] () -- C:\ProgramData\1367496592.bdinstall.bin [2013/05/02 13:19:20 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013/05/02 13:19:20 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013/05/02 13:19:20 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01 [2013/05/01 15:32:32 | 000,019,644 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg [2013/05/01 15:30:42 | 000,018,901 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg [2013/05/01 15:29:08 | 000,032,167 | ---- | M] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg [2013/05/01 15:26:57 | 000,017,887 | ---- | M] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg [2013/04/30 19:08:46 | 000,000,190 | ---- | M] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg [2013/04/28 22:18:47 | 000,910,996 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache [2013/04/28 22:18:33 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache [2013/04/27 11:29:17 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat [2013/04/24 12:56:34 | 003,459,204 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf [2013/04/24 09:53:28 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/18 19:03:14 | 000,355,527 | ---- | M] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png [2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys [2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys [2013/04/17 12:28:31 | 000,023,753 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg [2013/04/17 12:28:29 | 000,024,335 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg [2013/04/16 20:47:08 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk [2013/04/16 13:25:20 | 000,001,995 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/16 13:17:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/15 16:52:55 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/04/14 18:23:55 | 000,000,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP [2013/04/14 16:53:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013/04/11 22:27:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe [2013/04/10 12:09:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/10 10:11:44 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/10 09:23:25 | 008,963,961 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf [2013/04/09 22:58:54 | 000,000,913 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2013/04/09 22:58:48 | 000,000,733 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk [2013/04/09 22:58:48 | 000,000,714 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk [2013/04/08 22:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/05/07 22:21:55 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml [2013/05/07 18:43:17 | 000,000,954 | ---- | C] () -- C:\Users\Chris\Desktop\Kaspersky Security Scan.lnk [2013/05/07 09:39:11 | 000,816,128 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe [2013/05/06 17:46:21 | 000,513,291 | ---- | C] () -- C:\ProgramData\1367858076.bdinstall.bin [2013/05/06 17:43:15 | 000,000,308 | -H-- | C] () -- C:\bdr-cf02 [2013/05/06 17:41:56 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk [2013/05/06 17:41:56 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013/05/06 17:36:31 | 002,294,848 | -H-- | C] () -- C:\bdr-bz02 [2013/05/06 17:36:31 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr [2013/05/06 17:36:30 | 036,573,121 | -H-- | C] () -- C:\bdr-im02.gz [2013/05/06 17:36:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02 [2013/05/06 17:13:49 | 000,231,810 | ---- | C] () -- C:\ProgramData\1367856608.bdinstall.bin [2013/05/06 15:15:46 | 000,589,989 | ---- | C] () -- C:\ProgramData\1367848954.bdinstall.bin [2013/05/06 14:50:19 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367848219.bdinstall.bin [2013/05/06 14:46:26 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847986.bdinstall.bin [2013/05/06 14:46:25 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847985.bdinstall.bin [2013/05/06 14:46:24 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847984.bdinstall.bin [2013/05/06 14:46:22 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847982.bdinstall.bin [2013/05/06 14:45:11 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847911.bdinstall.bin [2013/05/06 14:45:07 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847907.bdinstall.bin [2013/05/06 14:45:00 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847900.bdinstall.bin [2013/05/06 14:44:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847896.bdinstall.bin [2013/05/06 14:44:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847892.bdinstall.bin [2013/05/06 14:43:57 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847837.bdinstall.bin [2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2013/05/06 14:39:39 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847579.bdinstall.bin [2013/05/06 14:38:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847512.bdinstall.bin [2013/05/06 14:37:44 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847464.bdinstall.bin [2013/05/06 14:37:27 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847447.bdinstall.bin [2013/05/06 14:32:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847172.bdinstall.bin [2013/05/06 14:32:02 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847122.bdinstall.bin [2013/05/06 14:29:07 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846947.bdinstall.bin [2013/05/06 14:28:38 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846918.bdinstall.bin [2013/05/06 14:26:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846816.bdinstall.bin [2013/05/06 14:26:22 | 000,001,089 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2013/05/06 14:26:22 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2013/05/06 14:20:40 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846439.bdinstall.bin [2013/05/06 14:19:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846392.bdinstall.bin [2013/05/06 14:17:26 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846246.bdinstall.bin [2013/05/06 14:17:09 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846229.bdinstall.bin [2013/05/06 14:10:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845832.bdinstall.bin [2013/05/06 14:10:06 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845806.bdinstall.bin [2013/05/06 14:09:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845792.bdinstall.bin [2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat [2013/05/02 13:22:27 | 000,527,431 | ---- | C] () -- C:\ProgramData\1367496592.bdinstall.bin [2013/05/02 13:19:20 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01 [2013/05/02 13:11:09 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01 [2013/05/02 13:11:09 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013/05/02 13:11:08 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz [2013/05/02 13:11:08 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013/05/01 15:30:42 | 000,018,901 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg [2013/05/01 15:29:07 | 000,032,167 | ---- | C] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg [2013/05/01 15:26:56 | 000,017,887 | ---- | C] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg [2013/05/01 15:26:48 | 000,019,644 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg [2013/04/30 19:08:44 | 000,000,190 | ---- | C] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg [2013/04/27 11:29:17 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat [2013/04/24 12:56:33 | 003,459,204 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf [2013/04/18 19:03:07 | 000,355,527 | ---- | C] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png [2013/04/17 12:07:57 | 000,024,335 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg [2013/04/17 12:03:25 | 000,023,753 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg [2013/04/16 20:47:08 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk [2013/04/16 13:17:59 | 000,001,995 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/16 13:17:59 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/16 13:17:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/16 13:17:03 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/15 16:52:55 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/04/15 16:52:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/04/14 13:57:16 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013/04/10 09:23:24 | 008,963,961 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf [2013/04/09 22:58:54 | 000,000,913 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2013/04/09 22:58:48 | 000,000,733 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk [2013/04/09 22:58:48 | 000,000,714 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk [2013/04/08 22:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe [2012/06/03 09:55:32 | 000,033,792 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/11 11:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol [2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache [2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache [2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache [2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat [2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf [2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/05/06 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bitdefender [2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo [2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org [2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera [2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan [2012/09/12 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung [2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp [2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k [2013/02/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent [2013/03/28 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso [2012/04/17 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top