comp acting odd

[jc3777]

I left it running and it rebooted but told me system restore didnt work due to an error.

have I got any malware?

how do I reformat? I dont have a disk

 

[jc3777]

I did system restore in safe mode and got a message saying system restore had worked

what now?

 

[jc3777]

managed to reinstall a/v software but comop stil slow

any way I can get the malware sorted without formatting#/

 

[Fiery]

It may not be malware issue as there's no malware showing up in all the scans.


Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

Next, please do a fresh OTL scan

 

[jc3777]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 05/07/2013 09:45:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05072013_02d0945.txt >>
RKreport[1]_S_05072013_02d0941.txt ; RKreport[2]_D_05072013_02d0945.txt

 

[jc3777]

OTL logfile created on: 07/05/2013 09:48:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 44.95% Memory free
6.21 Gb Paging File | 4.23 Gb Available in Paging File | 68.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 172.95 Gb Free Space | 59.98% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Chris\Desktop\RogueKiller.exe ()
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe (Bitdefender)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Bitdefender\Bitdefender 2013\ui\bdidntconp.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdidntconp.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gttap1) -- system32\DRIVERS\gttap1.sys File not found
DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys ()
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A A9 26 C2 78 4A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/06 13:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/06 13:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/06 13:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/05/06 17:41:26 | 000,000,000 | ---D | M]

[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/04/28 05:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions
[2013/04/15 16:46:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/04/11 23:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/11 23:12:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/03 17:01:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/04/03 17:01:59 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 09:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/05/07 09:39:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2013/05/06 18:12:12 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/05/06 17:42:37 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/05/06 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/05/06 17:41:26 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013/05/06 17:41:26 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013/05/06 17:41:14 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/05/06 17:41:13 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/05/06 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2013/05/06 17:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/05/06 17:34:45 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/05/06 17:34:44 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/05/06 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/05/06 15:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/05/06 15:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/05/06 14:26:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VS Revo Group
[2013/05/06 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/05/06 14:26:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/05/06 14:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/05/06 00:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2013/05/02 22:55:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(16540)
[2013/05/02 22:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/02 22:29:47 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/05/02 12:44:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE(171).BIN
[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp(6708)
[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/02 11:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/28 11:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/04/28 05:15:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/26 21:44:24 | 000,000,000 | ---D | C] -- C:\Casino
[2013/04/16 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\cache
[2013/04/16 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FullTiltPoker
[2013/04/16 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2013/04/16 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2013/04/16 13:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/15 16:40:40 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2013/04/15 16:40:40 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/04/15 16:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Open Command Window Here (Administrator)
[2013/04/14 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013/04/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/11 22:27:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe
[2013/04/10 10:04:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 10:04:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 10:04:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 10:04:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/10 10:04:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 10:04:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/10 10:04:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/10 06:00:36 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 06:00:35 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 06:00:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 06:00:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/10 06:00:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/09 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/09 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/09 04:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2013/04/08 22:10:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2013/04/08 22:10:08 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2013/04/08 22:10:04 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/04/08 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/05/07 09:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 09:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/05/07 09:40:15 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/07 09:39:12 | 000,816,128 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/05/07 09:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 09:15:30 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 09:15:30 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 18:12:12 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/05/06 17:46:22 | 000,513,291 | ---- | M] () -- C:\ProgramData\1367858076.bdinstall.bin
[2013/05/06 17:43:15 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02
[2013/05/06 17:43:15 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr
[2013/05/06 17:43:15 | 000,000,308 | -H-- | M] () -- C:\bdr-cf02
[2013/05/06 17:41:56 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/05/06 17:41:56 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/05/06 17:31:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/06 17:23:04 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/06 17:23:04 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/06 17:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/06 17:13:49 | 000,231,810 | ---- | M] () -- C:\ProgramData\1367856608.bdinstall.bin
[2013/05/06 15:15:46 | 000,589,989 | ---- | M] () -- C:\ProgramData\1367848954.bdinstall.bin
[2013/05/06 14:50:20 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367848219.bdinstall.bin
[2013/05/06 14:46:26 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847986.bdinstall.bin
[2013/05/06 14:46:25 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847985.bdinstall.bin
[2013/05/06 14:46:24 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847984.bdinstall.bin
[2013/05/06 14:46:22 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847982.bdinstall.bin
[2013/05/06 14:45:11 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847911.bdinstall.bin
[2013/05/06 14:45:07 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847907.bdinstall.bin
[2013/05/06 14:45:00 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847900.bdinstall.bin
[2013/05/06 14:44:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847896.bdinstall.bin
[2013/05/06 14:44:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847892.bdinstall.bin
[2013/05/06 14:43:57 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847837.bdinstall.bin
[2013/05/06 14:42:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/05/06 14:42:31 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/05/06 14:39:39 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847579.bdinstall.bin
[2013/05/06 14:38:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847512.bdinstall.bin
[2013/05/06 14:37:44 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847464.bdinstall.bin
[2013/05/06 14:37:27 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847447.bdinstall.bin
[2013/05/06 14:32:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847172.bdinstall.bin
[2013/05/06 14:32:02 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847122.bdinstall.bin
[2013/05/06 14:29:07 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846947.bdinstall.bin
[2013/05/06 14:28:38 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846918.bdinstall.bin
[2013/05/06 14:26:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846816.bdinstall.bin
[2013/05/06 14:26:22 | 000,001,089 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/06 14:26:22 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/05/06 14:20:40 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846439.bdinstall.bin
[2013/05/06 14:19:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846392.bdinstall.bin
[2013/05/06 14:17:26 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846246.bdinstall.bin
[2013/05/06 14:17:09 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846229.bdinstall.bin
[2013/05/06 14:13:38 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/06 14:13:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/06 14:10:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845832.bdinstall.bin
[2013/05/06 14:10:06 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845806.bdinstall.bin
[2013/05/06 14:09:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845792.bdinstall.bin
[2013/05/02 18:43:02 | 000,008,555 | ---- | M] () -- C:\Users\Chris\Desktop\index.jpg
[2013/05/02 18:32:25 | 000,009,460 | ---- | M] () -- C:\Users\Chris\Desktop\images.jpg
[2013/05/02 13:22:27 | 000,527,431 | ---- | M] () -- C:\ProgramData\1367496592.bdinstall.bin
[2013/05/02 13:19:20 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013/05/02 13:19:20 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013/05/02 13:19:20 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01
[2013/05/01 15:32:32 | 000,019,644 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg
[2013/05/01 15:30:42 | 000,018,901 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg
[2013/05/01 15:29:08 | 000,032,167 | ---- | M] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg
[2013/05/01 15:26:57 | 000,017,887 | ---- | M] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg
[2013/04/30 19:08:46 | 000,000,190 | ---- | M] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg
[2013/04/28 22:18:47 | 000,910,996 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2013/04/28 22:18:33 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2013/04/27 11:29:17 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/04/24 12:56:34 | 003,459,204 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/04/24 09:53:28 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/18 19:03:14 | 000,355,527 | ---- | M] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png
[2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/04/17 12:28:31 | 000,023,753 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg
[2013/04/17 12:28:29 | 000,024,335 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg
[2013/04/16 20:47:08 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013/04/16 13:25:20 | 000,001,995 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 13:17:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/15 16:52:55 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/04/14 18:23:55 | 000,000,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2013/04/14 16:53:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/11 22:27:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe
[2013/04/10 12:09:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 10:11:44 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 09:23:25 | 008,963,961 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/04/09 22:58:54 | 000,000,913 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/09 22:58:48 | 000,000,733 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2013/04/09 22:58:48 | 000,000,714 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/04/08 22:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf

========== Files Created - No Company Name ==========

[2013/05/07 09:40:15 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/07 09:39:11 | 000,816,128 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/05/06 17:46:21 | 000,513,291 | ---- | C] () -- C:\ProgramData\1367858076.bdinstall.bin
[2013/05/06 17:43:15 | 000,000,308 | -H-- | C] () -- C:\bdr-cf02
[2013/05/06 17:41:56 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/05/06 17:41:56 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/05/06 17:36:31 | 002,294,848 | -H-- | C] () -- C:\bdr-bz02
[2013/05/06 17:36:31 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr
[2013/05/06 17:36:30 | 036,573,121 | -H-- | C] () -- C:\bdr-im02.gz
[2013/05/06 17:36:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02
[2013/05/06 17:13:49 | 000,231,810 | ---- | C] () -- C:\ProgramData\1367856608.bdinstall.bin
[2013/05/06 15:15:46 | 000,589,989 | ---- | C] () -- C:\ProgramData\1367848954.bdinstall.bin
[2013/05/06 14:50:19 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367848219.bdinstall.bin
[2013/05/06 14:46:26 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847986.bdinstall.bin
[2013/05/06 14:46:25 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847985.bdinstall.bin
[2013/05/06 14:46:24 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847984.bdinstall.bin
[2013/05/06 14:46:22 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847982.bdinstall.bin
[2013/05/06 14:45:11 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847911.bdinstall.bin
[2013/05/06 14:45:07 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847907.bdinstall.bin
[2013/05/06 14:45:00 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847900.bdinstall.bin
[2013/05/06 14:44:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847896.bdinstall.bin
[2013/05/06 14:44:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847892.bdinstall.bin
[2013/05/06 14:43:57 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847837.bdinstall.bin
[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 14:39:39 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847579.bdinstall.bin
[2013/05/06 14:38:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847512.bdinstall.bin
[2013/05/06 14:37:44 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847464.bdinstall.bin
[2013/05/06 14:37:27 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847447.bdinstall.bin
[2013/05/06 14:32:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847172.bdinstall.bin
[2013/05/06 14:32:02 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847122.bdinstall.bin
[2013/05/06 14:29:07 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846947.bdinstall.bin
[2013/05/06 14:28:38 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846918.bdinstall.bin
[2013/05/06 14:26:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846816.bdinstall.bin
[2013/05/06 14:26:22 | 000,001,089 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/06 14:26:22 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/05/06 14:20:40 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846439.bdinstall.bin
[2013/05/06 14:19:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846392.bdinstall.bin
[2013/05/06 14:17:26 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846246.bdinstall.bin
[2013/05/06 14:17:09 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846229.bdinstall.bin
[2013/05/06 14:10:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845832.bdinstall.bin
[2013/05/06 14:10:06 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845806.bdinstall.bin
[2013/05/06 14:09:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845792.bdinstall.bin
[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/05/02 18:43:02 | 000,008,555 | ---- | C] () -- C:\Users\Chris\Desktop\index.jpg
[2013/05/02 18:32:23 | 000,009,460 | ---- | C] () -- C:\Users\Chris\Desktop\images.jpg
[2013/05/02 13:22:27 | 000,527,431 | ---- | C] () -- C:\ProgramData\1367496592.bdinstall.bin
[2013/05/02 13:19:20 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01
[2013/05/02 13:11:09 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2013/05/02 13:11:09 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013/05/02 13:11:08 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz
[2013/05/02 13:11:08 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013/05/01 15:30:42 | 000,018,901 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg
[2013/05/01 15:29:07 | 000,032,167 | ---- | C] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg
[2013/05/01 15:26:56 | 000,017,887 | ---- | C] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg
[2013/05/01 15:26:48 | 000,019,644 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg
[2013/04/30 19:08:44 | 000,000,190 | ---- | C] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg
[2013/04/27 11:29:17 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/04/24 12:56:33 | 003,459,204 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/04/18 19:03:07 | 000,355,527 | ---- | C] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png
[2013/04/17 12:07:57 | 000,024,335 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg
[2013/04/17 12:03:25 | 000,023,753 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg
[2013/04/16 20:47:08 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013/04/16 13:17:59 | 000,001,995 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 13:17:59 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/16 13:17:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 13:17:03 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 16:52:55 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/04/15 16:52:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/04/15 16:22:12 | 000,575,742 | ---- | C] () -- C:\Users\Chris\Desktop\HOSTS
[2013/04/14 13:57:16 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/04/10 09:23:24 | 008,963,961 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/04/09 22:58:54 | 000,000,913 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/09 22:58:48 | 000,000,733 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2013/04/09 22:58:48 | 000,000,714 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/04/08 22:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 09:55:32 | 000,033,792 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/06 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2012/09/12 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/02/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/03/28 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2012/04/17 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

---

OTL Extras logfile created on: 07/05/2013 09:48:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 44.95% Memory free
6.21 Gb Paging File | 4.23 Gb Available in Paging File | 68.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 172.95 Gb Free Space | 59.98% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95C5F95E-62D7-4526-9C15-BCE6ABA4F874}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E666F7E6-14C7-46A7-AEBB-325E67946372}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version 5.1.0.0
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBCD" = EasyBCD 1.7
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2180] [2008-10-04]
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero7Lite_is1" = Nero 7 Lite 7.10.1.2
"Opera 12.15.1748" = Opera 12.15
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"Skitch 1.0.2.0" = Skitch
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2013 09:48:59 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2013 09:49:57 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 06/05/2013 09:49:57 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 06/05/2013 09:54:19 | Computer Name = DELL-530 | Source = Perflib | ID = 1010
Description =

Error - 06/05/2013 09:54:20 | Computer Name = DELL-530 | Source = Perflib | ID = 1005
Description =

Error - 06/05/2013 09:54:20 | Computer Name = DELL-530 | Source = Perflib | ID = 1017
Description =

Error - 06/05/2013 09:59:47 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2013 11:06:17 | Computer Name = DELL-530 | Source = MsiInstaller | ID = 10005
Description =

Error - 06/05/2013 12:17:08 | Computer Name = DELL-530 | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2013 12:31:27 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 06/05/2013 09:42:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 09:42:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 09:42:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7026
Description =

Error - 06/05/2013 09:42:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 09:42:17 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 09:42:33 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 09:42:38 | Computer Name = DELL-530 | Source = DCOM | ID = 10005
Description =

Error - 06/05/2013 09:42:40 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =

Error - 06/05/2013 12:10:35 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7006
Description =

Error - 06/05/2013 12:13:07 | Computer Name = DELL-530 | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.149.884.0 Loading engine version: 1.1.4005.0


< End of report >

 

[jc3777]

only got 1 log from OTL

OTL logfile created on: 07/05/2013 22:26:06 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.97% Memory free
6.17 Gb Paging File | 4.94 Gb Available in Paging File | 79.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 173.75 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Desktop\otl.exe (OldTimer Tools)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (gttap1) -- system32\DRIVERS\gttap1.sys File not found
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (MOSUMAC) -- C:\Windows\System32\drivers\MOSUMAC.SYS (--)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A A9 26 C2 78 4A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/06 13:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/06 13:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/06 13:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/05/06 17:41:26 | 000,000,000 | ---D | M]

[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/04/28 05:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions
[2013/04/15 16:46:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/04/11 23:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/11 23:12:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/03 17:01:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/04/03 17:01:59 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 18:43:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013/05/07 18:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/05/07 09:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/05/07 09:39:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2013/05/06 18:12:12 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/05/06 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/05/06 17:41:26 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2013/05/06 17:41:26 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2013/05/06 17:41:14 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/05/06 17:41:13 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/05/06 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2013/05/06 17:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/05/06 17:34:45 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/05/06 17:34:44 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/05/06 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/05/06 15:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/05/06 15:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/05/06 14:26:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VS Revo Group
[2013/05/06 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/05/06 14:26:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/05/06 14:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/05/06 00:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2013/05/02 22:55:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(16540)
[2013/05/02 22:53:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/02 22:29:47 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/05/02 12:44:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE(171).BIN
[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp(6708)
[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/02 11:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/28 11:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/04/28 05:15:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/26 21:44:24 | 000,000,000 | ---D | C] -- C:\Casino
[2013/04/16 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\cache
[2013/04/16 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FullTiltPoker
[2013/04/16 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2013/04/16 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2013/04/16 13:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/04/15 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/15 16:40:40 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2013/04/15 16:40:40 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/04/15 16:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Open Command Window Here (Administrator)
[2013/04/14 19:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013/04/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/11 22:27:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe
[2013/04/10 10:04:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 10:04:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 10:04:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 10:04:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/10 10:04:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 10:04:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/10 10:04:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 10:04:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/10 06:00:36 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 06:00:35 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 06:00:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 06:00:33 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/10 06:00:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/09 22:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/04/09 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/09 04:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Dumps
[2013/04/08 22:10:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2013/04/08 22:10:08 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2013/04/08 22:10:04 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/04/08 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/05/07 22:30:08 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/07 22:30:08 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/07 22:22:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/07 22:22:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 22:21:55 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2013/05/07 22:21:18 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 22:21:17 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 22:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/07 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 18:42:41 | 000,000,954 | ---- | M] () -- C:\Users\Chris\Desktop\Kaspersky Security Scan.lnk
[2013/05/07 09:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/05/07 09:39:12 | 000,816,128 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/05/06 18:12:12 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2013/05/06 17:46:22 | 000,513,291 | ---- | M] () -- C:\ProgramData\1367858076.bdinstall.bin
[2013/05/06 17:43:15 | 000,253,404 | -H-- | M] () -- C:\bdr-ld02
[2013/05/06 17:43:15 | 000,009,216 | -H-- | M] () -- C:\bdr-ld02.mbr
[2013/05/06 17:43:15 | 000,000,308 | -H-- | M] () -- C:\bdr-cf02
[2013/05/06 17:41:56 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/05/06 17:41:56 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/05/06 17:13:49 | 000,231,810 | ---- | M] () -- C:\ProgramData\1367856608.bdinstall.bin
[2013/05/06 15:15:46 | 000,589,989 | ---- | M] () -- C:\ProgramData\1367848954.bdinstall.bin
[2013/05/06 14:50:20 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367848219.bdinstall.bin
[2013/05/06 14:46:26 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847986.bdinstall.bin
[2013/05/06 14:46:25 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847985.bdinstall.bin
[2013/05/06 14:46:24 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847984.bdinstall.bin
[2013/05/06 14:46:22 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847982.bdinstall.bin
[2013/05/06 14:45:11 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847911.bdinstall.bin
[2013/05/06 14:45:07 | 000,001,397 | ---- | M] () -- C:\ProgramData\1367847907.bdinstall.bin
[2013/05/06 14:45:00 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847900.bdinstall.bin
[2013/05/06 14:44:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847896.bdinstall.bin
[2013/05/06 14:44:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847892.bdinstall.bin
[2013/05/06 14:43:57 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847837.bdinstall.bin
[2013/05/06 14:42:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/05/06 14:42:31 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/05/06 14:39:39 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847579.bdinstall.bin
[2013/05/06 14:38:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847512.bdinstall.bin
[2013/05/06 14:37:44 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847464.bdinstall.bin
[2013/05/06 14:37:27 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847447.bdinstall.bin
[2013/05/06 14:32:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847172.bdinstall.bin
[2013/05/06 14:32:02 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367847122.bdinstall.bin
[2013/05/06 14:29:07 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846947.bdinstall.bin
[2013/05/06 14:28:38 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846918.bdinstall.bin
[2013/05/06 14:26:56 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846816.bdinstall.bin
[2013/05/06 14:26:22 | 000,001,089 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/06 14:26:22 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/05/06 14:20:40 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846439.bdinstall.bin
[2013/05/06 14:19:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846392.bdinstall.bin
[2013/05/06 14:17:26 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846246.bdinstall.bin
[2013/05/06 14:17:09 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367846229.bdinstall.bin
[2013/05/06 14:13:38 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/06 14:13:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/06 14:10:32 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845832.bdinstall.bin
[2013/05/06 14:10:06 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845806.bdinstall.bin
[2013/05/06 14:09:52 | 000,001,398 | ---- | M] () -- C:\ProgramData\1367845792.bdinstall.bin
[2013/05/02 13:22:27 | 000,527,431 | ---- | M] () -- C:\ProgramData\1367496592.bdinstall.bin
[2013/05/02 13:19:20 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013/05/02 13:19:20 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013/05/02 13:19:20 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01
[2013/05/01 15:32:32 | 000,019,644 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg
[2013/05/01 15:30:42 | 000,018,901 | ---- | M] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg
[2013/05/01 15:29:08 | 000,032,167 | ---- | M] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg
[2013/05/01 15:26:57 | 000,017,887 | ---- | M] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg
[2013/04/30 19:08:46 | 000,000,190 | ---- | M] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg
[2013/04/28 22:18:47 | 000,910,996 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2013/04/28 22:18:33 | 000,163,945 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2013/04/27 11:29:17 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/04/24 12:56:34 | 003,459,204 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/04/24 09:53:28 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/18 19:03:14 | 000,355,527 | ---- | M] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png
[2013/04/17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/04/17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/04/17 12:28:31 | 000,023,753 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg
[2013/04/17 12:28:29 | 000,024,335 | ---- | M] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg
[2013/04/16 20:47:08 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013/04/16 13:25:20 | 000,001,995 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 13:17:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/15 16:52:55 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/04/14 18:23:55 | 000,000,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2013/04/14 16:53:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/11 22:27:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller(1).exe
[2013/04/10 12:09:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 10:11:44 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 09:23:25 | 008,963,961 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/04/09 22:58:54 | 000,000,913 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/09 22:58:48 | 000,000,733 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2013/04/09 22:58:48 | 000,000,714 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/04/08 22:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf

========== Files Created - No Company Name ==========

[2013/05/07 22:21:55 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2013/05/07 18:43:17 | 000,000,954 | ---- | C] () -- C:\Users\Chris\Desktop\Kaspersky Security Scan.lnk
[2013/05/07 09:39:11 | 000,816,128 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2013/05/06 17:46:21 | 000,513,291 | ---- | C] () -- C:\ProgramData\1367858076.bdinstall.bin
[2013/05/06 17:43:15 | 000,000,308 | -H-- | C] () -- C:\bdr-cf02
[2013/05/06 17:41:56 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/05/06 17:41:56 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/05/06 17:36:31 | 002,294,848 | -H-- | C] () -- C:\bdr-bz02
[2013/05/06 17:36:31 | 000,009,216 | -H-- | C] () -- C:\bdr-ld02.mbr
[2013/05/06 17:36:30 | 036,573,121 | -H-- | C] () -- C:\bdr-im02.gz
[2013/05/06 17:36:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld02
[2013/05/06 17:13:49 | 000,231,810 | ---- | C] () -- C:\ProgramData\1367856608.bdinstall.bin
[2013/05/06 15:15:46 | 000,589,989 | ---- | C] () -- C:\ProgramData\1367848954.bdinstall.bin
[2013/05/06 14:50:19 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367848219.bdinstall.bin
[2013/05/06 14:46:26 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847986.bdinstall.bin
[2013/05/06 14:46:25 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847985.bdinstall.bin
[2013/05/06 14:46:24 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847984.bdinstall.bin
[2013/05/06 14:46:22 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847982.bdinstall.bin
[2013/05/06 14:45:11 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847911.bdinstall.bin
[2013/05/06 14:45:07 | 000,001,397 | ---- | C] () -- C:\ProgramData\1367847907.bdinstall.bin
[2013/05/06 14:45:00 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847900.bdinstall.bin
[2013/05/06 14:44:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847896.bdinstall.bin
[2013/05/06 14:44:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847892.bdinstall.bin
[2013/05/06 14:43:57 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847837.bdinstall.bin
[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 14:39:39 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847579.bdinstall.bin
[2013/05/06 14:38:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847512.bdinstall.bin
[2013/05/06 14:37:44 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847464.bdinstall.bin
[2013/05/06 14:37:27 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847447.bdinstall.bin
[2013/05/06 14:32:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847172.bdinstall.bin
[2013/05/06 14:32:02 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367847122.bdinstall.bin
[2013/05/06 14:29:07 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846947.bdinstall.bin
[2013/05/06 14:28:38 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846918.bdinstall.bin
[2013/05/06 14:26:56 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846816.bdinstall.bin
[2013/05/06 14:26:22 | 000,001,089 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/05/06 14:26:22 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/05/06 14:20:40 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846439.bdinstall.bin
[2013/05/06 14:19:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846392.bdinstall.bin
[2013/05/06 14:17:26 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846246.bdinstall.bin
[2013/05/06 14:17:09 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367846229.bdinstall.bin
[2013/05/06 14:10:32 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845832.bdinstall.bin
[2013/05/06 14:10:06 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845806.bdinstall.bin
[2013/05/06 14:09:52 | 000,001,398 | ---- | C] () -- C:\ProgramData\1367845792.bdinstall.bin
[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/05/02 13:22:27 | 000,527,431 | ---- | C] () -- C:\ProgramData\1367496592.bdinstall.bin
[2013/05/02 13:19:20 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01
[2013/05/02 13:11:09 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2013/05/02 13:11:09 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013/05/02 13:11:08 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz
[2013/05/02 13:11:08 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013/05/01 15:30:42 | 000,018,901 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707712.jpg
[2013/05/01 15:29:07 | 000,032,167 | ---- | C] () -- C:\Users\Chris\Desktop\4fwnlib2skfjtxxmdkcdcw4ft285783399.jpg
[2013/05/01 15:26:56 | 000,017,887 | ---- | C] () -- C:\Users\Chris\Desktop\450vkfryyxncg0ilincivyckh280344306.jpg
[2013/05/01 15:26:48 | 000,019,644 | ---- | C] () -- C:\Users\Chris\Desktop\3wzadew14s1hxb4sf04o2m1tc262707902.jpg
[2013/04/30 19:08:44 | 000,000,190 | ---- | C] () -- C:\Users\Chris\Desktop\000080_Navy_Blue_Square.svg
[2013/04/27 11:29:17 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/04/24 12:56:33 | 003,459,204 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/04/18 19:03:07 | 000,355,527 | ---- | C] () -- C:\Users\Chris\Desktop\X-Circle-Green-icon.png
[2013/04/17 12:07:57 | 000,024,335 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_7CEC0EE9-73AF-447F-86C5-83556E3322C6.jpg
[2013/04/17 12:03:25 | 000,023,753 | ---- | C] () -- C:\Users\Chris\Desktop\!cid_C9073919-AA59-4316-97E3-07918038E309.jpg
[2013/04/16 20:47:08 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2013/04/16 13:17:59 | 000,001,995 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 13:17:59 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/16 13:17:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 13:17:03 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 16:52:55 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/04/15 16:52:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/04/14 13:57:16 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/04/10 09:23:24 | 008,963,961 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/04/09 22:58:54 | 000,000,913 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/04/09 22:58:48 | 000,000,733 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk
[2013/04/09 22:58:48 | 000,000,714 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk
[2013/04/08 22:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 09:55:32 | 000,033,792 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/06 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bitdefender
[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2012/09/12 14:33:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/02/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/03/28 23:24:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2012/04/17 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

 

[jc3777]

got this error message when tried to run karperkskey

 

[Fiery]

Hi,

Did the slowdown start after installing bitdefender?

Also, there are some files like 3wzadew14s1hxb4sf04o2m1tc262707712.jpg and !cid_C9073919-AA59-4316-97E3-07918038E309.jpg on your Desktop. Are these yours?

 

[jc3777]

not really not that I'd noticed

yeah the jpg are just photos of cricket i`ve taken from my camera, do they need to go?

 

[Fiery]

Hi,

After the fix below, try disabling all the bitdefender firewalls and virus engines. See if your PC performance gets better or not.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2013/05/02 12:44:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE(171).BIN
[2013/05/02 12:44:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp(6708)

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

 

[jc3777]

cool did that, did that get rid of malware or I am clean, still slow and freezing

I am such a fool, I deleted the log but what it did was delete a lot of temp files

disabled bitdefender but no diffencer

 

[Fiery]

Your logs aren't showing any malware.. when did the slowness start?

And let's take a different look at your system.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[jc3777]

slownless started earlier on today

dont have flash drive sorry

 

[Fiery]

Please download a new version of combofix and run it.

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>

 

[jc3777]

ComboFix 13-05-08.02 - Chris 08/05/2013 22:04:19.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1895 [GMT 1:00]
Running from: c:\users\Chris\Desktop\combofix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1367496592.bdinstall.bin
c:\programdata\1367845792.bdinstall.bin
c:\programdata\1367845806.bdinstall.bin
c:\programdata\1367845832.bdinstall.bin
c:\programdata\1367846229.bdinstall.bin
c:\programdata\1367846246.bdinstall.bin
c:\programdata\1367846392.bdinstall.bin
c:\programdata\1367846439.bdinstall.bin
c:\programdata\1367846816.bdinstall.bin
c:\programdata\1367846918.bdinstall.bin
c:\programdata\1367846947.bdinstall.bin
c:\programdata\1367847122.bdinstall.bin
c:\programdata\1367847172.bdinstall.bin
c:\programdata\1367847447.bdinstall.bin
c:\programdata\1367847464.bdinstall.bin
c:\programdata\1367847512.bdinstall.bin
c:\programdata\1367847579.bdinstall.bin
c:\programdata\1367847837.bdinstall.bin
c:\programdata\1367847892.bdinstall.bin
c:\programdata\1367847896.bdinstall.bin
c:\programdata\1367847900.bdinstall.bin
c:\programdata\1367847907.bdinstall.bin
c:\programdata\1367847911.bdinstall.bin
c:\programdata\1367847982.bdinstall.bin
c:\programdata\1367847984.bdinstall.bin
c:\programdata\1367847985.bdinstall.bin
c:\programdata\1367847986.bdinstall.bin
c:\programdata\1367848219.bdinstall.bin
c:\programdata\1367848954.bdinstall.bin
c:\programdata\1367856608.bdinstall.bin
c:\programdata\1367858076.bdinstall.bin
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))
.
.
2013-05-08 21:12 . 2013-05-08 21:13 -------- d-----w- c:\users\Chris\AppData\Local\temp
2013-05-08 21:12 . 2013-05-08 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-08 21:12 . 2013-05-08 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-08 15:51 . 2013-05-08 15:51 -------- d-----w- c:\program files\Microsoft Silverlight
2013-05-07 23:45 . 2013-05-07 23:45 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CACBFF0-FA88-45E8-B103-E97C92898D7E}\offreg.dll
2013-05-07 22:42 . 2013-04-17 05:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CACBFF0-FA88-45E8-B103-E97C92898D7E}\mpengine.dll
2013-05-07 17:42 . 2013-05-07 17:42 -------- d-----w- c:\program files\Kaspersky Lab
2013-05-06 17:12 . 2013-05-06 17:12 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-05-06 16:41 . 2013-02-22 18:46 78144 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2013-05-06 16:41 . 2012-11-12 17:11 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-05-06 16:41 . 2013-04-17 13:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-05-06 16:41 . 2013-04-17 13:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-05-06 16:36 . 2013-05-06 16:36 -------- d-----w- c:\users\Chris\AppData\Roaming\Bitdefender
2013-05-06 16:36 . 2013-05-06 16:45 -------- d-----w- c:\programdata\Bitdefender
2013-05-06 16:34 . 2012-10-04 13:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-05-06 16:34 . 2012-10-31 12:13 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-06 14:09 . 2013-05-06 15:10 -------- d-----w- c:\programdata\BDLogging
2013-05-06 14:02 . 2013-05-06 16:34 -------- d-----w- c:\program files\Bitdefender
2013-05-06 14:02 . 2013-05-06 16:34 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-05-06 13:26 . 2013-05-06 13:26 -------- d-----w- c:\users\Chris\AppData\Local\VS Revo Group
2013-05-06 13:26 . 2013-05-06 13:26 -------- d-----w- c:\programdata\VS Revo Group
2013-05-06 13:26 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-05-05 23:26 . 2013-05-05 23:26 -------- d-----w- c:\programdata\bdch
2013-05-02 21:55 . 2013-05-06 11:27 -------- d-----w- c:\windows\system32\catroot2(16540)
2013-05-02 21:29 . 2013-05-02 21:29 -------- d-----w- C:\RegBackup
2013-04-28 10:49 . 2013-04-28 10:49 -------- d-----w- c:\program files\Tweaking.com
2013-04-28 04:15 . 2013-04-28 04:15 -------- d-----w- C:\_OTL
2013-04-26 20:44 . 2013-04-29 19:44 -------- d-----w- C:\Casino
2013-04-16 19:50 . 2013-04-16 19:50 -------- d-----w- c:\users\Chris\AppData\Local\cache
2013-04-16 19:47 . 2013-04-16 21:42 -------- d-----w- c:\users\Chris\AppData\Local\FullTiltPoker
2013-04-16 19:46 . 2013-05-06 12:44 -------- d-----w- c:\program files\Full Tilt Poker
2013-04-15 15:40 . 2013-05-06 12:44 -------- d-----w- c:\programdata\Licenses
2013-04-15 15:40 . 2011-11-04 04:13 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-04-15 15:40 . 2009-03-24 11:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-04-14 18:11 . 2013-05-06 12:44 -------- d-----w- c:\program files\trend micro
2013-04-10 05:00 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:00 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:00 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 05:00 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 05:00 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 05:00 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 05:00 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 05:00 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 21:58 . 2013-05-06 12:44 -------- d-----w- c:\program files\ERUNT
2013-04-09 03:39 . 2013-04-09 03:50 -------- d-----w- c:\programdata\Dumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-06 13:13 . 2012-12-13 19:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 13:13 . 2012-12-13 19:48 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 01:06 . 2011-02-04 13:29 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 13:50 . 2013-03-22 23:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 22:23 . 2011-12-26 22:04 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-22 22:23 . 2011-12-26 22:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:32 . 2012-09-23 23:33 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-03 19:50 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-12 01:57 . 2013-03-17 23:23 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-11 22:12 . 2013-04-11 22:12 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-04-24 1611784]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-16 12:17 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 13:13]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
.
------- Supplementary Scan -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\
FF - ExtSQL: 2013-05-06 13:44; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-05-06 13:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-05-08 21:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzo7gk9z.default-1368028199828\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-08 22:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-05-08 22:15:21
ComboFix-quarantined-files.txt 2013-05-08 21:15
ComboFix2.txt 2013-05-02 11:44
.
Pre-Run: 185,837,391,872 bytes free
Post-Run: 185,978,257,408 bytes free
.
- - End Of File - - E55A91A53A08CBE88B3C632FA1D5E649

 

[jc3777]

I get an error on FF telling me about scripts again

Script: http://serve.a-widget.com/kickFlash/scripts/swfobject2.js?2:4

 

[Fiery]

I get an error on FF telling me about scripts again

Script: http://serve.a-widget.com/kickFlash/scripts/swfobject2.js?2:4

What exactly does the error say?

You PC seems to be clean, none of the tools detect any malware. My guess is that bitdefender may be the cause for slowing down your PC. Do you have the product key? If do, you could try to uninstall bitdefender entirely and see if performance increases.

With the product key, you can always reinstall it.

 

[jc3777]

it tells me that unresponsive script again has stopped. This time Flash I think?

Yes I have the key I will try and uninstall it and do it again

does bit defender take a lot of memory?

 

[Fiery]

I'm not sure, but bitdefender has alot of processes and drivers running so I assume yes. Plus, Vista consumes quite abit of memory so that can cause further slowdowns.