Jump to content

Malwarebytes successfully blocked access to a potentially malicious website.


Recommended Posts

After running that it appears Adobe Flash Player has somehow been removed - and it fails to update each time.

Not by the last fix??

Download, upzip the attached file (flush.zip) from here

This will reboot the computer.

Now right click on flush.bat and choose "Run as Administrator"

(if that doesn't work...just double click on it to run)

Let me know if there's any change, MrC

Link to post
Share on other sites

None have appeared so far! Although it does when I visit a certain site - which has never been reported as malicious in the past.

In other news, the computer froze again and I had to restart it manually. Would you recommend going back to the restore point?

Thanks.

Link to post
Share on other sites

Do a couple of hard reboots (shut the computer off and then restart it) and see if that corrects the problem.

If we restore it, there's a good chance you'll get the problem back again.

We'll leave that as a last resort, use it and let me know, MrC

Link to post
Share on other sites

Thanks, I tried that but it still freezes - and it looks like the message has returned.

Honestly, this laptop hasn't been as good as it was when I first got it, and I was thinking of getting a new soon one anyways, so if the problem persists I'll get a new one. Is there anything else I can do? Because it seems you've given me almost every single tool out there!

Link to post
Share on other sites

Freezing could be caused by a hardware problem or even overheating.

Is it a laptop or desktop?

If you would like to continue...there's a new version of OTL out:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thanks - Extras.txt didn't open up for some reason - there's only OTL.txt

OTL logfile created on: 30/04/2012 10:39:52 - Run 2

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\XLR8\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 48.92% Memory free

8.18 Gb Paging File | 5.58 Gb Available in Paging File | 68.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 312.43 Gb Free Space | 69.26% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 6.62 Gb Free Space | 45.20% Space Free | Partition Type: NTFS

Computer Name: XYZ-XTREMESPEED | User Name: XLR8 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 10:39:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\XLR8\Desktop\OTL.exe

PRC - [2012/04/25 23:14:34 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/04/20 17:08:13 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/23 19:39:53 | 003,715,072 | ---- | M] (Bluelight Developments) -- C:\Program Files\SwiftKit-RS.exe

PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/01/23 20:28:06 | 000,016,624 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\Antispam32\bdimguiaux.exe

PRC - [2012/01/15 16:58:54 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe

PRC - [2011/09/04 16:19:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/02/05 03:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/06/15 12:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/06/15 12:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 18:59:07 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

MOD - [2012/04/25 23:14:34 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/04/20 17:08:10 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/04/20 17:07:55 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/04/20 17:07:55 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/04/20 17:07:55 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/04/20 17:07:55 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/04/13 13:54:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll

MOD - [2012/04/13 13:54:12 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll

MOD - [2012/02/17 23:36:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll

MOD - [2012/02/17 23:18:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll

MOD - [2012/02/17 23:03:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012/02/17 22:53:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012/02/17 22:50:35 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2012/01/23 20:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\Antispam32\connector.dll

MOD - [2012/01/23 20:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\Antispam32\framework.dll

MOD - [2012/01/06 16:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\Antispam32\txmlutil.dll

MOD - [2011/10/13 21:22:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/07/07 16:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/24 18:51:57 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)

SRV:64bit: - [2012/04/24 18:51:51 | 001,957,152 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)

SRV:64bit: - [2012/03/13 18:26:10 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)

SRV:64bit: - [2011/10/14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)

SRV:64bit: - [2009/05/12 14:20:28 | 000,382,464 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\ykx64mpcoinst.dll -- (yksvc)

SRV:64bit: - [2009/05/11 20:21:42 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)

SRV:64bit: - [2009/05/11 20:21:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2009/03/12 16:24:10 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)

SRV:64bit: - [2008/12/21 19:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/27 18:59:07 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/25 23:14:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/20 17:08:13 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/28 15:19:16 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/06/15 12:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/10 20:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:22:46 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avc3.sys -- (avc3)

DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/17 16:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avckf.sys -- (avckf)

DRV:64bit: - [2011/11/25 15:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avchv.sys -- (avchv)

DRV:64bit: - [2011/11/17 17:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)

DRV:64bit: - [2011/11/14 20:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)

DRV:64bit: - [2011/11/14 20:16:36 | 000,119,888 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)

DRV:64bit: - [2011/10/27 15:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\trufos.sys -- (trufos)

DRV:64bit: - [2011/08/16 14:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/31 02:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\bdvedisk.sys -- (BDVEDISK)

DRV:64bit: - [2009/12/01 16:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/12 14:20:28 | 000,406,016 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2009/05/11 20:22:00 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/05/08 01:39:36 | 000,266,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/05/08 01:28:02 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2009/03/12 18:25:56 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2009/03/12 18:25:56 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/03/09 17:00:00 | 000,311,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Vid.sys -- (OA013Vid)

DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Ufd.sys -- (OA013Ufd)

DRV:64bit: - [2009/03/04 17:30:24 | 000,933,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rt2870.sys -- (rt2870)

DRV:64bit: - [2008/12/31 03:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2008/12/26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)

DRV:64bit: - [2008/12/21 19:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)

DRV:64bit: - [2008/12/16 17:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2008/06/14 23:12:08 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/01/21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®

DRV:64bit: - [2007/02/08 14:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dsiarhwprog_x64.sys -- (usbio)

DRV:64bit: - [2007/02/08 14:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 65 B8 80 40 6D CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADRA_en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1b650dc5-1bb6-434d-b15a-03d8a2e77959%7D&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6&ds=AVG&v=9.0.0.18.3〈=us&pr=&d=2012-02-23%2010%3A36%3A05&sap=ku&q="

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\XLR8\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/04/21 18:46:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2012/04/21 17:21:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 23:14:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/28 14:59:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/04/21 18:46:41 | 000,000,000 | ---D | M]

[2010/02/16 12:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Extensions

[2010/02/16 12:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2012/04/28 14:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\extensions

[2010/06/13 16:43:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/04/08 12:06:10 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2012/01/25 22:09:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/04/28 14:21:47 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\extensions\info@djzig.com

[2012/04/28 14:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/12/07 21:04:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/04/28 14:59:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2012/04/25 23:14:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/25 23:14:33 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/03/12 19:57:49 | 000,003,764 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/01/06 15:16:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/25 23:14:33 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/04/25 23:14:33 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/04/25 23:14:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/04/25 23:14:33 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={F5E26185-54BF-447F-81B1-CA3B7039575A}&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6〈=us&ds=AVG&pr=&d=2012-02-23 10:36:05&v=10.0.0.7&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\XLR8\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\XLR8\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\XLR8\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\XLR8\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\XLR8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\XLR8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Skype Click to Call = C:\Users\XLR8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Gmail = C:\Users\XLR8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/04/24 19:36:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Download Video on This Page - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)

O8:64bit: - Extra context menu item: Download Video This Links To - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)

O8 - Extra context menu item: Download Video on This Page - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)

O8 - Extra context menu item: Download Video This Links To - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)

O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)

O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12BE45FF-D7C4-47ED-BA6C-EF3E7037FA4F}: DhcpNameServer = 172.168.1.161

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2CBE3C9-DCCC-4EA3-B6B9-C40CDB4AA8A6}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 00:22:22 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{FA71065B-B097-4DB3-82B0-86C5D524E3D9}

[2012/04/30 00:22:12 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{C71A260E-5DFB-40F2-8D4A-F1E0B7C962A7}

[2012/04/29 12:21:42 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{2EB36685-EAA1-45C2-8AC9-4EECFA7480E0}

[2012/04/29 12:21:31 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{A3A88C0D-2457-403C-9316-AE435BBD1982}

[2012/04/29 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{A824C3DC-0DCB-4C8F-820C-F73EE09A0F84}

[2012/04/29 00:20:46 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{CF9CAE83-2A08-4E4A-988E-1032CA1158C2}

[2012/04/28 12:19:49 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{146632D3-8254-4260-AD99-03E35F3E38DD}

[2012/04/28 12:19:33 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{F89BF489-6808-4E50-A465-BA75E9C52B07}

[2012/04/28 02:00:20 | 000,000,000 | ---D | C] -- C:\1607f00309258d690cab1db32127fe

[2012/04/27 18:31:06 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/27 18:25:40 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{9B4712AE-8938-4016-8D8A-69FC396A19F8}

[2012/04/27 18:24:56 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{041AB36B-172A-48F1-83E7-10468A4C78B1}

[2012/04/26 23:52:34 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\XLR8\Desktop\OTL.exe

[2012/04/26 18:15:22 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E0F76C9A-D705-4C09-A615-5D44F718A16C}

[2012/04/26 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{CB9957F1-F223-48B9-B54E-AF6769E87BE2}

[2012/04/25 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/04/25 23:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/25 23:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/04/25 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{CE2D5800-29E9-48B1-9E7E-F8CE97D4B86D}

[2012/04/25 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{2BCAB330-1D0C-4483-BCEE-EC98436607D6}

[2012/04/25 14:05:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/24 19:40:35 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\temp

[2012/04/24 18:58:05 | 004,474,448 | R--- | C] (Swearware) -- C:\Users\XLR8\Desktop\ComboFix.exe

[2012/04/24 18:25:25 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{78B82910-4276-4BF7-B54B-FBACD1B059E8}

[2012/04/24 18:24:29 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{CAE0D4D4-B445-4741-A998-472075663663}

[2012/04/23 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\XLR8\Desktop\RK_Quarantine

[2012/04/23 18:07:52 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{A9501E60-C0F8-479B-B790-E54B397E0B51}

[2012/04/23 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{ED8A066E-838F-45A1-9C32-A84D2D0D1412}

[2012/04/22 13:49:05 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{0C27F962-3924-4660-B86B-449BFE6BD37B}

[2012/04/22 13:48:55 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{171A3347-E734-4CEA-8441-4DF6E9FDDE28}

[2012/04/22 13:10:08 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/04/22 01:48:27 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{6AE04C79-BF71-402C-9D6F-255EAF43C321}

[2012/04/22 01:48:16 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{31C4D78B-CD92-4DB7-92DB-8DC0D1AABDF5}

[2012/04/21 23:50:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/21 23:50:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/21 23:50:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/21 23:50:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/21 23:49:43 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/21 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012

[2012/04/21 18:46:47 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Roaming\Bitdefender

[2012/04/21 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender

[2012/04/21 18:42:41 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys

[2012/04/21 18:42:40 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys

[2012/04/21 18:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging

[2012/04/21 17:36:51 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Roaming\QuickScan

[2012/04/21 13:47:48 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{A9098E9F-B018-46FE-B911-4DEE784E64C6}

[2012/04/21 13:47:36 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{876608F2-18A5-4309-B83F-F148C4588308}

[2012/04/20 23:50:15 | 000,000,000 | ---D | C] -- C:\Users\XLR8\Desktop\Documents\lolsy pics

[2012/04/20 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E4ACDA7A-CB67-4E14-AFC9-6B828898A9A5}

[2012/04/20 23:41:32 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E6A037D7-3D68-4C23-A503-87844A0D2B52}

[2012/04/20 11:41:00 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{07B16678-BDE3-4F00-BBD0-F22D02DAA4CA}

[2012/04/20 11:40:38 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{7F80CD39-2244-465E-8774-C246410E0889}

[2012/04/19 14:44:03 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{122A47FD-5DB3-4AC4-9521-346D695F07B2}

[2012/04/19 14:43:49 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{A5BDCF36-AD9B-4DDC-9506-0F131ED8471B}

[2012/04/19 02:43:11 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{71307137-CF16-4A81-9E95-61395A53BE8E}

[2012/04/19 02:42:58 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{F0966A4D-A583-4EB3-985C-3DDE39BCD16B}

[2012/04/18 15:17:37 | 000,000,000 | ---D | C] -- C:\Users\XLR8\vocab n questions

[2012/04/18 14:42:23 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{063E9E7C-C099-47DA-A779-70F0105ABA79}

[2012/04/18 14:42:11 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{F0070B79-FA3A-4454-8504-A17A2C0CC713}

[2012/04/18 12:40:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2012/04/18 12:29:17 | 000,000,000 | ---D | C] -- C:\Users\XLR8\jagexcache1

[2012/04/18 00:43:02 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E4B30CC0-D11A-4252-85E7-E67EF3802197}

[2012/04/17 12:42:22 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{8CC01C42-F8CA-4E65-9EA0-26A0E2527673}

[2012/04/17 12:41:30 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{BFE854A0-1F82-4846-A819-E0AC1404A3C0}

[2012/04/17 00:34:57 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{91DB3918-A206-4E12-A01C-A2B6363FD15F}

[2012/04/17 00:34:45 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{ACA2F2C7-D0DC-4DA5-8278-39670763693D}

[2012/04/17 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{9B22DC68-6506-4F1E-B742-A2326836245D}

[2012/04/17 00:30:17 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{79A0D392-7BE1-444C-B2F0-FA05F8478CE5}

[2012/04/16 13:20:41 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Roaming\Malwarebytes

[2012/04/16 13:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/16 13:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/16 13:20:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/16 13:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/16 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E0C0A9B5-2EB6-4570-9CB7-18AF3B34C650}

[2012/04/16 12:29:18 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{7B54AA2C-D645-4FEF-8F93-F96840C8D8BD}

[2012/04/15 16:33:47 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{9C6C72AD-9715-4344-BC0D-6AF3F0F54A3A}

[2012/04/15 16:33:35 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{C1BCF9BA-5B91-40E6-89A2-96672F58A148}

[2012/04/15 16:32:45 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/04/15 16:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/04/15 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{6DF2B946-7FAF-427D-A226-629E1CFB6562}

[2012/04/15 12:44:54 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{8E0CF3F8-49C3-4DCD-86B6-0F23C68C2F15}

[2012/04/14 13:57:41 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{5CDC5E71-4FB1-463D-BD60-F29306D64C83}

[2012/04/14 13:57:12 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{3B0278AF-16C2-4D77-8382-0EDD92171973}

[2012/04/14 00:03:45 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{6C3F4F2E-F458-4F10-9904-1335693C1BC9}

[2012/04/14 00:02:35 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{64C124C1-7D6C-4670-A582-9A633CB09EF5}

[2012/04/13 13:58:09 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{0DF598DA-EA66-4ACE-B255-97C2BE4617D6}

[2012/04/13 13:57:49 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{4D20BF6D-B6E7-4826-A4D2-85658BE2D1E0}

[2012/04/13 13:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/04/13 12:31:05 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{72814770-D4DC-4E22-9EDE-09337A36A8FA}

[2012/04/13 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{A968B1CD-8998-4DED-B704-ADCCDA895D08}

[2012/04/12 12:30:04 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{1CF5C446-9AAB-434E-8532-5F3232ED5E9C}

[2012/04/11 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{350B7571-7CA2-4D9F-A258-906082DB2B07}

[2012/04/11 01:06:25 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{AFB84F7B-D515-4FE4-AB2B-E105914B9133}

[2012/04/10 13:05:56 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{70555140-E934-428E-B381-5A2628896CC7}

[2012/04/10 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{953DF9F5-0B7D-4859-A43F-B69CD461C21D}

[2012/04/09 13:05:20 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{7EB9368C-34D1-4A1F-AA78-C7C1553E6AE4}

[2012/04/09 01:02:57 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E281B1E8-3437-4E08-9FC8-3284D21199CA}

[2012/04/08 13:02:33 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{3084543A-C53B-42B1-9E99-F71D9058ED96}

[2012/04/08 01:01:34 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{1108E181-43A9-4FBE-B394-28AC88DA2EBD}

[2012/04/07 13:01:07 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{F1FC0606-B3F8-4487-BF40-697E1D504325}

[2012/04/06 11:13:09 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{CBF30B67-49F8-4053-A1FA-8625ACB565B9}

[2012/04/05 11:12:35 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{0EEA8435-E304-4B55-8033-3C2F8E2CE7F8}

[2012/04/04 23:12:11 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{E10A0064-A31F-42E8-8DD4-7EDE2789B5C5}

[2012/04/04 11:11:59 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{779CBA27-6ED6-4BD2-9110-CF8196358537}

[2012/04/03 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{C9E2F281-401C-4915-9128-FE3BA3D0F713}

[2012/04/02 23:33:15 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{116F18CB-3EE9-4570-9598-4A2AECC16903}

[2012/04/02 15:21:13 | 000,000,000 | ---D | C] -- C:\Users\XLR8\Biology Exams

[2012/04/02 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{5509FA4D-DEAE-4A6A-AD3F-6419703856CE}

[2012/04/01 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{4BBB8838-EA5F-4945-8639-1070D6AB322D}

[2012/03/31 22:49:54 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{3646BAFF-7C20-41D7-80A7-D849E1C5735A}

[2012/03/31 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\XLR8\AppData\Local\{43CF4385-EF04-4AC3-AD1C-6768EC40C6D2}

[2011/07/21 15:10:32 | 003,715,072 | ---- | C] (Bluelight Developments) -- C:\Program Files\SwiftKit-RS.exe

[2010/11/21 08:20:38 | 000,585,728 | ---- | C] (LaVolpe) -- C:\Program Files\LaVolpeAlphaImg.ocx

========== Files - Modified Within 30 Days ==========

[2012/04/30 10:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/30 10:39:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\XLR8\Desktop\OTL.exe

[2012/04/30 10:35:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2493765699-2932754121-1517478223-1000UA.job

[2012/04/30 10:21:23 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2012/04/30 10:21:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/30 10:21:01 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/30 10:21:00 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/30 10:20:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/30 10:20:28 | 4291,145,728 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/30 01:01:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/29 23:35:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2493765699-2932754121-1517478223-1000Core.job

[2012/04/29 21:32:14 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/04/29 18:32:49 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for XLR8.job

[2012/04/29 12:23:47 | 000,000,032 | ---- | M] () -- C:\Users\XLR8\jagex_cl_runescape_LIVE.dat

[2012/04/28 14:55:50 | 000,600,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/28 14:55:50 | 000,106,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/28 14:54:06 | 000,775,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/28 02:03:58 | 000,799,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/28 00:05:51 | 000,960,025 | ---- | M] () -- C:\Users\XLR8\Desktop\Tlm3P.gif

[2012/04/26 18:42:53 | 000,000,106 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml

[2012/04/26 18:22:31 | 000,000,680 | ---- | M] () -- C:\Users\XLR8\AppData\Local\d3d9caps.dat

[2012/04/25 21:04:33 | 000,000,512 | ---- | M] () -- C:\Users\XLR8\Desktop\Documents\MBR.dat

[2012/04/25 19:54:18 | 589,916,735 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/04/24 19:36:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/24 18:58:34 | 004,474,448 | R--- | M] (Swearware) -- C:\Users\XLR8\Desktop\ComboFix.exe

[2012/04/24 18:56:55 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/22 01:04:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/21 18:53:04 | 000,245,113 | ---- | M] () -- C:\ProgramData\1335030144.bdinstall.bin

[2012/04/21 18:51:45 | 000,000,270 | -H-- | M] () -- C:\bdr-conf

[2012/04/21 18:46:49 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk

[2012/04/21 18:36:29 | 000,022,638 | ---- | M] () -- C:\ProgramData\1335029787.bdinstall.bin

[2012/04/21 18:35:54 | 000,104,594 | ---- | M] () -- C:\ProgramData\1335029638.bdinstall.bin

[2012/04/21 18:17:50 | 000,178,583 | ---- | M] () -- C:\ProgramData\1335027244.bdinstall.bin

[2012/04/21 18:01:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf

[2012/04/21 18:01:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/04/21 17:44:11 | 000,022,632 | ---- | M] () -- C:\ProgramData\1335026645.bdinstall.bin

[2012/04/21 17:43:39 | 000,217,745 | ---- | M] () -- C:\ProgramData\1335025918.bdinstall.bin

[2012/04/21 17:20:32 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv

[2012/04/18 15:17:11 | 000,415,956 | ---- | M] () -- C:\Users\XLR8\vocab n questions.zip

[2012/04/18 14:51:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/18 12:29:50 | 000,000,129 | ---- | M] () -- C:\Users\XLR8\jagex_runescape_preferences2.dat

[2012/04/18 12:29:18 | 000,000,046 | ---- | M] () -- C:\Users\XLR8\jagex_runescape_preferences.dat

[2012/04/18 12:29:17 | 000,000,044 | ---- | M] () -- C:\Users\XLR8\jagex_cl_runescape_LIVE1.dat

[2012/04/13 22:39:53 | 000,002,039 | ---- | M] () -- C:\Users\XLR8\Desktop\Google Chrome.lnk

[2012/04/13 22:39:53 | 000,002,001 | ---- | M] () -- C:\Users\XLR8\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/04/13 13:15:54 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/04 11:16:42 | 000,633,982 | ---- | M] () -- C:\Users\XLR8\kris-gethins-full-diet-plan.pdf

[2012/04/02 14:28:41 | 000,131,072 | ---- | M] () -- C:\Users\XLR8\Pokemon Platinum.sav

========== Files Created - No Company Name ==========

[2012/04/28 00:05:48 | 000,960,025 | ---- | C] () -- C:\Users\XLR8\Desktop\Tlm3P.gif

[2012/04/26 18:42:53 | 000,000,106 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml

[2012/04/25 21:04:33 | 000,000,512 | ---- | C] () -- C:\Users\XLR8\Desktop\Documents\MBR.dat

[2012/04/25 19:54:18 | 589,916,735 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/04/24 18:55:54 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/04/24 18:55:54 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/22 01:37:57 | 016,777,216 | ---- | C] () -- C:\Users\XLR8\Pokemon Platinum_20120227_172845.bak

[2012/04/22 01:37:57 | 016,777,216 | ---- | C] () -- C:\Users\XLR8\Pokemon Platinum.gba

[2012/04/22 01:37:57 | 000,131,072 | ---- | C] () -- C:\Users\XLR8\Pokemon Platinum.sav

[2012/04/22 01:37:56 | 016,777,216 | ---- | C] () -- C:\Users\XLR8\Pokemon Platinum.bak

[2012/04/21 23:50:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/21 23:50:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/21 23:50:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/21 23:50:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/21 23:50:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/21 18:53:04 | 000,245,113 | ---- | C] () -- C:\ProgramData\1335030144.bdinstall.bin

[2012/04/21 18:51:45 | 036,942,680 | -H-- | C] () -- C:\bdrescue.gz

[2012/04/21 18:51:45 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm

[2012/04/21 18:51:45 | 000,217,769 | -H-- | C] () -- C:\bdrescue

[2012/04/21 18:51:45 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr

[2012/04/21 18:51:45 | 000,000,270 | -H-- | C] () -- C:\bdr-conf

[2012/04/21 18:46:49 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk

[2012/04/21 18:36:29 | 000,022,638 | ---- | C] () -- C:\ProgramData\1335029787.bdinstall.bin

[2012/04/21 18:35:54 | 000,104,594 | ---- | C] () -- C:\ProgramData\1335029638.bdinstall.bin

[2012/04/21 18:17:50 | 000,178,583 | ---- | C] () -- C:\ProgramData\1335027244.bdinstall.bin

[2012/04/21 18:01:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf

[2012/04/21 18:01:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/04/21 18:00:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf

[2012/04/21 17:44:11 | 000,022,632 | ---- | C] () -- C:\ProgramData\1335026645.bdinstall.bin

[2012/04/21 17:43:39 | 000,217,745 | ---- | C] () -- C:\ProgramData\1335025918.bdinstall.bin

[2012/04/21 13:55:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/18 15:17:10 | 000,415,956 | ---- | C] () -- C:\Users\XLR8\vocab n questions.zip

[2012/04/18 12:41:29 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/18 12:41:26 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/04/18 12:29:17 | 000,000,044 | ---- | C] () -- C:\Users\XLR8\jagex_cl_runescape_LIVE1.dat

[2012/04/16 13:20:36 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/04 11:16:42 | 000,633,982 | ---- | C] () -- C:\Users\XLR8\kris-gethins-full-diet-plan.pdf

[2012/03/25 20:36:59 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe

[2012/02/04 18:51:12 | 000,187,904 | ---- | C] () -- C:\Windows\SysWow64\imsispd.exe

[2012/02/04 18:51:12 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\imsfchk.dll

[2011/08/16 20:46:53 | 000,195,072 | ---- | C] () -- C:\Windows\SysWow64\imsispd64.exe

[2011/08/16 20:14:21 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\imsispd.dll

[2011/08/05 20:32:36 | 000,034,304 | ---- | C] () -- C:\Windows\SysWow64\imslevel.dll

[2011/08/05 20:22:00 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\imsaiff.dll

[2011/08/05 20:21:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DGRip.dll

[2011/07/21 15:10:36 | 000,130,850 | ---- | C] () -- C:\Program Files\Help.chm

[2011/07/21 14:48:57 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/05/28 21:07:38 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2010/06/26 22:01:09 | 000,000,882 | ---- | C] () -- C:\Users\XLR8\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/02/04 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Audacity

[2012/04/21 18:46:47 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Bitdefender

[2012/02/14 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\BSD

[2010/12/27 17:35:16 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/02/14 22:22:51 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\DiskAid

[2011/03/27 19:58:46 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\eBookPro6

[2010/03/29 00:14:36 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Facebook

[2011/02/10 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\FreeAudioPack

[2010/03/17 09:34:10 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Merscom

[2010/01/23 23:26:56 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\MessengerDiscovery 2

[2011/02/10 14:28:51 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\NCH Swift Sound

[2012/02/27 00:57:41 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Notepad++

[2011/07/23 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\PCDr

[2012/04/21 17:36:51 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\QuickScan

[2010/03/02 16:02:38 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Screaming Bee

[2012/03/21 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Synthesia

[2010/06/26 22:01:18 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Template

[2009/12/06 00:36:12 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Thinstall

[2012/01/14 00:52:00 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Tomato

[2009/12/05 21:30:29 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Uniblue

[2011/02/27 14:06:29 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Windows Live Writer

[2011/02/24 14:31:42 | 000,000,000 | ---D | M] -- C:\Users\XLR8\AppData\Roaming\Xilisoft

[2012/04/18 14:51:59 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/29 02:14:15 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/04/29 21:32:14 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/02/24 21:30:00 | 006,060,649 | ---- | M] ()(C:\Users\XLR8\DYNASTY WARRIORS 7 BGM - Wu Battle ?·???.mp3) -- C:\Users\XLR8\DYNASTY WARRIORS 7 BGM - Wu Battle 吳・戦闘曲.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:91CF76E3

< End of report >

Link to post
Share on other sites

Thanks - Extras.txt didn't open up for some reason - there's only OTL.txt

That's because this is your second run, you would have to click the Cleanup Button (Don't do it yet though) to start fresh.

----------------------

Not much showing....

Can you disable Steam so it doesn't run:

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

------------------------------------

When you get a pop-up, what program or file is listed?

---------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

The program is always firefox.exe. It was avgnsa.exe but I removed that. Regarding Steam, I haven't found a way to disable it fully without uninstalling it.

All processes killed

========== OTL ==========

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: XLR8

->Java cache emptied: 4753882 bytes

Total Java Files Cleaned = 5.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: XLR8

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 51231602 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 211427783 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 8390 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 229055405 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 469.00 mb

OTL by OldTimer - Version 3.2.42.2 log created on 05012012_113217

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\TMP000000290686E8C59B5ECC05 not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Here ya go.

ListParts by Farbar Version: 12-03-2012 03

Ran by XLR8 (administrator) on 04-05-2012 at 12:22:23

Windows Vista (X64)

Running From: C:\Users\XLR8\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 66%

Total physical RAM: 4091.44 MB

Available physical RAM: 1385.87 MB

Total Pagefile: 8376.13 MB

Available Pagefile: 5180.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:313.25 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

2 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.62 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 466 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 32 KB

Partition 2 Primary 15 GB 40 MB

Partition 3 Primary 451 GB 15 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 E RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 451 GB Healthy System (partition with boot components)

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

Yeah I tried to look for info regarding it and that's all I found. I did as that website said.

You've helped me a lot, so thanks. But are you sure there's nothing malicious there at all? I have a certain gaming account which was hacked just today and everything was gone. My password was extemely obscure so I doubt someone would've guessed that. And Bitdefender and Malwarebytes detect nothing when I use them. I'm just a tad worried that there's an undetectable keylogger there — it baffles me.

I'll let ya know if the message keeps appearing.

Link to post
Share on other sites

Strangely enough the message hasn't appeared since I've done the update. So that's good news! I guess you can close the topic. Appreciate your help.

But from the scans, everything else seemed okay, right?

Link to post
Share on other sites

Great! Yes everything else is OK

A little cleanup to do.....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.