Comp freezing, making beeping noise

[GoBucs]

firefox keeps freezing not responding and then when it freezes it makes a loud beeping noise when I press any button

also really sluggish

I have MBAM Pro

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502
Run by Chris at 22:38:01 on 2013-08-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1393 [GMT 1:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\System32\mspaint.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [pdiface] c:\program files\bitdefender\60-second virus scanner\pdiface.exe -noshow
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [installerLauncher] "c:\program files\common files\bitdefender\setupinformation\{6f57816a-791a-4159-a75f-cfd0c7ea4fbf}\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\{6f57816a-791a-4159-a75f-cfd0c7ea4fbf}\Installer.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-15 17:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-15 22:14; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-08-24 21:36; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-8-24 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-8-24 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-24 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-24 175176]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-8-24 104752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-8-24 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-24 369584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-24 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-24 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-8-24 137960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc --> c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
.
=============== Created Last 30 ================
.
2013-08-24 20:37:38    204784    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-08-24 20:37:37    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-08-24 20:37:35    21576    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-08-24 20:37:34    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-24 20:37:32    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-24 20:37:27    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-24 20:37:25    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-24 20:36:37    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-24 20:36:36    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2013-08-24 20:30:58    300041    ----a-w-    c:\programdata\1377376080.bdinstall.bin
2013-08-24 20:30:45    49243    ----a-w-    c:\programdata\1377376224.bdinstall.bin
2013-08-24 20:28:00    88218    ----a-w-    c:\programdata\1377376078.bdinstall.bin
2013-08-23 21:41:21    7166848    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{7f4b1372-377a-4fc5-a782-220de1f51bf9}\mpengine.dll
2013-08-23 16:11:30    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-23 16:11:30    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-23 15:56:23    569304    ----a-w-    c:\programdata\1377272849.bdinstall.bin
2013-08-23 15:47:29    88217    ----a-w-    c:\programdata\1377272848.bdinstall.bin
2013-08-21 21:29:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-08-18 20:13:08    --------    d-----w-    c:\users\chris\appdata\local\temp
2013-08-18 03:19:38    --------    d-----w-    c:\programdata\Bitdefender
2013-08-18 03:19:35    --------    d-----w-    c:\program files\Bitdefender
2013-08-18 03:19:06    --------    d-----w-    c:\program files\common files\Bitdefender
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-14 02:08:22    --------    d-----w-    c:\windows\system32\MRT
2013-08-14 02:01:00    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-14 01:49:36    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 01:49:36    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-08-14 01:49:34    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 01:49:25    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 01:49:20    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-14 01:49:18    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 01:49:16    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-14 01:49:16    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 01:49:09    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:49:09    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:49:09    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:49:07    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-03 23:14:37    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M  ====================
.
2013-08-23 16:21:05    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-08-23 16:21:05    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-20 19:47:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 19:47:34    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-25 02:32:35    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-11 10:23:27    103680    ----a-w-    C:\kfriapod.sys
2013-06-11 07:54:20    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-06-04 01:50:43    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-06-02 11:53:21    15616    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2013-06-01 04:06:08    505344    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 22:39:44.84 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 24/08/2013 21:50:27 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0K216C
Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 164.902 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: GoTrusted TAP Adapter
Device ID: ROOT\NET\0000
Manufacturer: GoTrusted TAP Provider
Name: GoTrusted TAP Adapter
PNP Device ID: ROOT\NET\0000
Service: gttap1
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.1.0.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Software Update
avast! Internet Security
Bitdefender 60-Second Virus Scanner
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
neroxml
Opera 12.16
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 2.0.8
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
.
==== End Of File ===========================
 

[GoBucs]

in the interests of full discloure I did something stupid and downloaded somthing I shouldnt have *torrent* wont ever be happening again

here is the news dds logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502
Run by Chris at 23:47:12 on 2013-08-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1490 [GMT 1:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [pdiface] c:\program files\bitdefender\60-second virus scanner\pdiface.exe -noshow
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [installerLauncher] "c:\program files\common files\bitdefender\setupinformation\{6f57816a-791a-4159-a75f-cfd0c7ea4fbf}\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\{6f57816a-791a-4159-a75f-cfd0c7ea4fbf}\Installer.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-15 17:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-15 22:14; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-08-24 21:36; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-8-24 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-8-24 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-24 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-24 175176]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-8-24 104752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-8-24 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-24 369584]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-24 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-24 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-8-24 137960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc --> c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
.
=============== Created Last 30 ================
.
2013-08-24 20:37:38    204784    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-08-24 20:37:37    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-08-24 20:37:35    21576    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-08-24 20:37:34    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-24 20:37:32    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-24 20:37:27    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-24 20:37:25    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-24 20:36:37    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-24 20:36:36    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2013-08-24 20:30:58    300041    ----a-w-    c:\programdata\1377376080.bdinstall.bin
2013-08-24 20:30:45    49243    ----a-w-    c:\programdata\1377376224.bdinstall.bin
2013-08-24 20:28:00    88218    ----a-w-    c:\programdata\1377376078.bdinstall.bin
2013-08-23 21:41:21    7166848    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{7f4b1372-377a-4fc5-a782-220de1f51bf9}\mpengine.dll
2013-08-23 16:11:30    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-23 16:11:30    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-23 15:56:23    569304    ----a-w-    c:\programdata\1377272849.bdinstall.bin
2013-08-23 15:47:29    88217    ----a-w-    c:\programdata\1377272848.bdinstall.bin
2013-08-21 21:29:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-08-18 20:13:08    --------    d-----w-    c:\users\chris\appdata\local\temp
2013-08-18 03:19:38    --------    d-----w-    c:\programdata\Bitdefender
2013-08-18 03:19:35    --------    d-----w-    c:\program files\Bitdefender
2013-08-18 03:19:06    --------    d-----w-    c:\program files\common files\Bitdefender
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-17 02:29:10    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-14 02:08:22    --------    d-----w-    c:\windows\system32\MRT
2013-08-14 02:01:00    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-14 01:49:36    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 01:49:36    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-08-14 01:49:34    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 01:49:25    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 01:49:20    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-14 01:49:18    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 01:49:16    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-14 01:49:16    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 01:49:09    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:49:09    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:49:09    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:49:07    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-03 23:14:37    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M  ====================
.
2013-08-23 16:21:05    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-08-23 16:21:05    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-20 19:47:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 19:47:34    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-25 02:32:35    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-11 10:23:27    103680    ----a-w-    C:\kfriapod.sys
2013-06-11 07:54:20    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-06-04 01:50:43    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-06-02 11:53:21    15616    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2013-06-01 04:06:08    505344    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 23:47:52.06 ===============
 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 24/08/2013 21:50:27 (2 hours ago)
.
Motherboard: Dell Inc. |  | 0K216C
Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 163.465 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: GoTrusted TAP Adapter
Device ID: ROOT\NET\0000
Manufacturer: GoTrusted TAP Provider
Name: GoTrusted TAP Adapter
PNP Device ID: ROOT\NET\0000
Service: gttap1
.
==== System Restore Points ===================
.
RP753: 08/08/2013 08:50:12 - Scheduled Checkpoint
RP754: 09/08/2013 00:00:03 - Scheduled Checkpoint
RP755: 11/08/2013 22:00:29 - Scheduled Checkpoint
RP756: 13/08/2013 00:00:03 - Scheduled Checkpoint
RP757: 14/08/2013 00:16:12 - Scheduled Checkpoint
RP758: 14/08/2013 02:46:44 - Windows Update
RP759: 14/08/2013 03:00:12 - Windows Update
RP760: 15/08/2013 20:31:56 - Scheduled Checkpoint
RP761: 17/08/2013 00:33:02 - Scheduled Checkpoint
RP762: 17/08/2013 03:26:04 - Installed QuickTime
RP763: 18/08/2013 00:42:11 - Scheduled Checkpoint
RP764: 18/08/2013 02:01:10 - Installed Java 7 Update 25
RP765: 18/08/2013 02:31:01 - Removed Java 7 Update 25
RP766: 18/08/2013 02:37:02 - Installed Java 7 Update 25
RP767: 18/08/2013 02:54:15 - Removed Java 7 Update 25
RP768: 18/08/2013 03:18:26 - Installed Java 7 Update 25
RP769: 18/08/2013 03:23:25 - Removed Java 7 Update 25
RP770: 18/08/2013 03:25:41 - Installed Java 7 Update 25
RP771: 18/08/2013 03:31:16 - Installed Safari
RP772: 18/08/2013 03:38:11 - Removed Java 7 Update 25
RP773: 18/08/2013 03:48:34 - Installed Java 7 Update 25
RP774: 18/08/2013 04:27:29 - Device Driver Package Install: BitDefender LLC Network Service
RP775: 18/08/2013 04:47:41 - Removed Java 7 Update 25
RP776: 19/08/2013 02:05:56 - Scheduled Checkpoint
RP777: 19/08/2013 18:28:17 - monday
RP778: 20/08/2013 19:21:40 - Windows Update
RP779: 21/08/2013 23:06:55 - Scheduled Checkpoint
RP780: 23/08/2013 00:00:03 - Scheduled Checkpoint
RP781: 23/08/2013 16:55:39 - Device Driver Package Install: BitDefender LLC Network Service
RP782: 23/08/2013 17:14:47 - Installed Java 7 Update 25
RP783: 23/08/2013 17:19:45 - Removed Java 7 Update 25
RP784: 23/08/2013 17:20:48 - Installed Java 7 Update 25
RP785: 23/08/2013 22:33:48 - Windows Update
RP786: 24/08/2013 21:34:57 - avast! Internet Security Setup
RP787: 24/08/2013 21:38:05 - Device Driver Package Install: ALWIL Software Network adapters
RP788: 24/08/2013 21:38:41 - Device Driver Package Install: ALWIL Software Network Service
RP789: 24/08/2013 22:01:01 - Removed Java 7 Update 25
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.1.0.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Software Update
avast! Internet Security
Bitdefender 60-Second Virus Scanner
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
neroxml
Opera 12.16
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 2.0.8
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
.
==== Event Viewer Messages From Past Week ========
.
24/08/2013 21:51:00, Error: EventLog [6008]  - The previous system shutdown at 21:49:06 on 24/08/2013 was unexpected.
24/08/2013 21:42:23, Error: EventLog [6008]  - The previous system shutdown at 21:40:30 on 24/08/2013 was unexpected.
24/08/2013 21:28:37, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
23/08/2013 19:30:35, Error: Service Control Manager [7034]  - The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).
23/08/2013 16:48:21, Error: Service Control Manager [7034]  - The Bitdefender Desktop Update Service service terminated unexpectedly.  It has done this 1 time(s).
21/08/2013 21:18:26, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/08/2013 21:18:26, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
21/08/2013 21:13:21, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avc3 BdfNdisf bdftdif bdselfpr DfsC gzflt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx trufos Wanarpv6 ws2ifsl
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The DHCP Client service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
21/08/2013 21:13:19, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
21/08/2013 21:13:19, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/08/2013 21:12:41, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/08/2013 21:12:41, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/08/2013 21:12:41, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
21/08/2013 21:12:38, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/08/2013 21:12:26, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/08/2013 21:12:03, Error: EventLog [6008]  - The previous system shutdown at 21:09:56 on 21/08/2013 was unexpected.
18/08/2013 21:10:34, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
18/08/2013 04:04:57, Error: Service Control Manager [7000]  - The Bitdefender Desktop Update Service service failed to start due to the following error:  The system cannot find the file specified.
18/08/2013 04:03:28, Error: EventLog [6008]  - The previous system shutdown at 04:01:51 on 18/08/2013 was unexpected.
18/08/2013 03:43:52, Error: EventLog [6008]  - The previous system shutdown at 03:41:04 on 18/08/2013 was unexpected.
17/08/2013 23:57:41, Error: Service Control Manager [7034]  - The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 2 time(s).
.
==== End Of File ===========================
 

[Maniac]

Hello GoBucs and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: FileHippo.com Update Checker

Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[GoBucs]

OTL logfile created on: 25/08/2013 15:02:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.09% Memory free
6.20 Gb Paging File | 4.01 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 163.53 Gb Free Space | 56.72% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
 
Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/25 15:02:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013/08/17 11:41:47 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/29 13:32:09 | 001,221,384 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
PRC - [2013/07/16 02:28:54 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/06/11 08:54:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/11 11:37:30 | 001,402,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/17 11:41:47 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/16 02:28:54 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2012/09/23 20:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/08/20 20:47:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/17 11:41:47 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/29 13:32:09 | 001,221,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe -- (pdserv)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Chris\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/25 01:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/08/24 21:40:31 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/24 21:40:31 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/24 21:40:31 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 09:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/13 18:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/12/10 21:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F4 51 2E 49 4E CE 01  [binary data]
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/24 21:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 11:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 11:41:43 | 000,000,000 | ---D | M]
 
[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/08/15 22:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zmajfhzt.default-1376516779324\extensions
[2013/08/15 22:14:03 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/15 17:40:46 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 11:41:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/11 08:54:46 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/18 21:10:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [installerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe (Bitdefender)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/25 15:02:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/08/25 01:25:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/24 22:32:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/08/24 21:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/08/24 21:40:23 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/24 21:40:22 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/24 21:37:38 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/08/24 21:37:37 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/08/24 21:37:36 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/24 21:37:36 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/08/24 21:37:35 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/08/24 21:37:34 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/24 21:37:25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/24 21:36:37 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/24 21:36:36 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/08/24 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
[2013/08/23 17:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/23 17:11:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/23 17:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/21 22:29:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/21 17:01:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/08/18 21:13:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2013/08/18 04:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/08/18 04:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/08/18 04:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/08/18 03:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2013/08/17 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/17 03:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/17 03:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/08/17 03:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/08/17 03:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/08/17 03:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/08/14 22:46:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data-5
[2013/08/14 03:08:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/04 00:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/25 15:02:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/08/25 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/25 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/25 13:51:09 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 13:51:09 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 01:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/25 01:02:30 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/08/24 23:52:26 | 000,043,520 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/24 22:33:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/08/24 21:52:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/24 21:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/24 21:40:31 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/24 21:40:31 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/24 21:40:31 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/24 21:40:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/24 21:40:25 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/24 21:37:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/24 21:30:58 | 000,300,041 | ---- | M] () -- C:\ProgramData\1377376080.bdinstall.bin
[2013/08/24 21:30:45 | 000,049,243 | ---- | M] () -- C:\ProgramData\1377376224.bdinstall.bin
[2013/08/24 21:30:33 | 147,536,136 | ---- | M] () -- C:\Users\Chris\Desktop\avast_internet_security_setup.exe
[2013/08/24 21:28:00 | 000,088,218 | ---- | M] () -- C:\ProgramData\1377376078.bdinstall.bin
[2013/08/24 12:26:50 | 009,066,916 | ---- | M] () -- C:\Users\Chris\Desktop\24TH.pdf
[2013/08/23 17:11:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 16:56:23 | 000,569,304 | ---- | M] () -- C:\ProgramData\1377272849.bdinstall.bin
[2013/08/23 16:47:29 | 000,088,217 | ---- | M] () -- C:\ProgramData\1377272848.bdinstall.bin
[2013/08/23 15:19:58 | 001,353,371 | ---- | M] () -- C:\Users\Chris\Desktop\BDSP_DELL-530_2013_08_23_15_19.zip
[2013/08/23 15:12:06 | 006,393,736 | ---- | M] () -- C:\Users\Chris\Desktop\BitdefenderSupportTool.exe
[2013/08/21 21:13:04 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/08/21 21:13:01 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/08/21 17:02:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/08/21 12:03:21 | 006,697,381 | ---- | M] () -- C:\Users\Chris\Desktop\777.pdf
[2013/08/21 11:56:52 | 006,697,381 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/08/21 02:44:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/20 19:25:15 | 000,027,575 | ---- | M] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2013/08/20 00:13:01 | 000,008,532 | ---- | M] () -- C:\Users\Chris\Desktop\index.jpg
[2013/08/19 03:49:18 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2013/08/18 21:10:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/18 01:58:23 | 023,263,342 | ---- | M] () -- C:\Users\Chris\Desktop\College Football Preview 2013-2014.pdf
[2013/08/17 11:55:02 | 009,020,269 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(7).pdf
[2013/08/17 11:54:41 | 009,020,269 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(5).pdf
[2013/08/17 03:35:57 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/17 03:28:49 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/08/15 19:33:53 | 000,009,671 | ---- | M] () -- C:\Users\Chris\Desktop\yellow.jpg
[2013/08/14 11:23:44 | 003,854,078 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/08/14 10:02:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/14 03:04:55 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 03:04:55 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 08:19:38 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/08 08:04:40 | 000,018,658 | ---- | M] () -- C:\Users\Chris\Desktop\1tolk1qzlo0mumdkfjnmhzoht324128522.jpg
[2013/08/08 08:04:36 | 000,011,784 | ---- | M] () -- C:\Users\Chris\Desktop\3xou4hxgib4n5lf3yqcu5oijc322086267.2.jpg
[2013/08/04 18:44:19 | 000,012,665 | ---- | M] () -- C:\Users\Chris\Desktop\wasting.jpg
[2013/08/04 18:39:50 | 000,281,281 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-08-04-18-38-24.png
[2013/08/03 11:32:26 | 007,831,597 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/07/31 14:45:04 | 002,745,508 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(6).pdf
 
========== Files Created - No Company Name ==========
 
[2013/08/24 21:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/24 21:40:25 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/24 21:37:32 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/24 21:37:27 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/24 21:30:58 | 000,300,041 | ---- | C] () -- C:\ProgramData\1377376080.bdinstall.bin
[2013/08/24 21:30:45 | 000,049,243 | ---- | C] () -- C:\ProgramData\1377376224.bdinstall.bin
[2013/08/24 21:28:00 | 000,088,218 | ---- | C] () -- C:\ProgramData\1377376078.bdinstall.bin
[2013/08/24 21:26:09 | 147,536,136 | ---- | C] () -- C:\Users\Chris\Desktop\avast_internet_security_setup.exe
[2013/08/24 12:26:48 | 009,066,916 | ---- | C] () -- C:\Users\Chris\Desktop\24TH.pdf
[2013/08/23 17:11:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 16:56:23 | 000,569,304 | ---- | C] () -- C:\ProgramData\1377272849.bdinstall.bin
[2013/08/23 16:47:29 | 000,088,217 | ---- | C] () -- C:\ProgramData\1377272848.bdinstall.bin
[2013/08/23 15:19:54 | 001,353,371 | ---- | C] () -- C:\Users\Chris\Desktop\BDSP_DELL-530_2013_08_23_15_19.zip
[2013/08/23 15:12:00 | 006,393,736 | ---- | C] () -- C:\Users\Chris\Desktop\BitdefenderSupportTool.exe
[2013/08/21 12:03:21 | 006,697,381 | ---- | C] () -- C:\Users\Chris\Desktop\777.pdf
[2013/08/21 11:56:51 | 006,697,381 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/08/20 19:25:15 | 000,027,575 | ---- | C] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2013/08/20 00:13:00 | 000,008,532 | ---- | C] () -- C:\Users\Chris\Desktop\index.jpg
[2013/08/19 03:49:18 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2013/08/18 03:32:08 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013/08/18 01:58:18 | 023,263,342 | ---- | C] () -- C:\Users\Chris\Desktop\College Football Preview 2013-2014.pdf
[2013/08/17 11:55:01 | 009,020,269 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(7).pdf
[2013/08/17 11:54:39 | 009,020,269 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(5).pdf
[2013/08/17 03:35:57 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/17 03:28:49 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/08/17 03:25:00 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/08/15 19:33:53 | 000,009,671 | ---- | C] () -- C:\Users\Chris\Desktop\yellow.jpg
[2013/08/14 11:23:43 | 003,854,078 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/08/08 08:04:40 | 000,018,658 | ---- | C] () -- C:\Users\Chris\Desktop\1tolk1qzlo0mumdkfjnmhzoht324128522.jpg
[2013/08/08 08:04:35 | 000,011,784 | ---- | C] () -- C:\Users\Chris\Desktop\3xou4hxgib4n5lf3yqcu5oijc322086267.2.jpg
[2013/08/04 18:44:19 | 000,012,665 | ---- | C] () -- C:\Users\Chris\Desktop\wasting.jpg
[2013/08/04 18:39:52 | 000,281,281 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-08-04-18-38-24.png
[2013/08/03 11:32:21 | 007,831,597 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/07/31 14:45:03 | 002,745,508 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(6).pdf
[2013/06/11 23:17:34 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/10 19:39:44 | 000,029,239 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/02 12:53:21 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 09:55:32 | 000,043,520 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/06/10 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PeerNetworking
[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2013/05/15 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/08/24 23:46:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/08/25 01:02:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\20130328_151820.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\20130328_151644.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\20130328_151606.mp4:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

OTL Extras logfile created on: 25/08/2013 15:02:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.09% Memory free
6.20 Gb Paging File | 4.01 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 163.53 Gb Free Space | 56.72% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
 
Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{666EC536-9390-41DD-87C5-3F303A0CFA0E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{95C5F95E-62D7-4526-9C15-BCE6ABA4F874}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BDB656A6-F21B-4A0C-86D3-F2418952360B}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe |
"{E666F7E6-14C7-46A7-AEBB-325E67946372}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FB1F78D0-52F6-4C07-939F-DC10CB5FD0DA}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" =  Leawo Video Converter version  5.1.0.0
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}" = Bitdefender 60-Second Virus Scanner
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBCD" = EasyBCD 1.7
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2180] [2008-10-04]
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero7Lite_is1" = Nero 7 Lite 7.10.1.2
"Opera 12.16.1860" = Opera 12.16
"RealPlayer 16.0" = RealPlayer
"Skitch 1.0.2.0" = Skitch
"VLC media player" = VLC media player 2.0.8
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"YouTube Downloader App" = YouTube Downloader App 3.00
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23/08/2013 12:03:19 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 23/08/2013 12:07:17 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 23/08/2013 12:08:10 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 23/08/2013 12:08:10 | Computer Name = DELL-530 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 23/08/2013 12:20:48 | Computer Name = DELL-530 | Source = MsiInstaller | ID = 11500
Description =
 
Error - 23/08/2013 19:05:28 | Computer Name = DELL-530 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 23.0.1.4974, time stamp
0x520bc252, faulting module xul.dll, version 23.0.1.4974, time stamp 0x520bc166,
 exception code 0xc0000005, fault offset 0x0017af08,  process id 0x1250, application
 start time 0x01cea01e215b962b.
 
Error - 24/08/2013 16:33:53 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 24/08/2013 16:44:27 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 24/08/2013 16:47:08 | Computer Name = DELL-530 | Source = Application Hang | ID = 1002
Description = The program pdiface.exe version 1.0.3.57 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: c14  Start Time: 01cea10a88aec4d2  Termination Time: 3
 
Error - 24/08/2013 16:53:27 | Computer Name = DELL-530 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 21/08/2013 16:13:21 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7001
Description =
 
Error - 21/08/2013 16:18:26 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7024
Description =
 
Error - 21/08/2013 16:18:26 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7031
Description =
 
Error - 23/08/2013 11:47:56 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7006
Description =
 
Error - 23/08/2013 11:48:21 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7034
Description =
 
Error - 23/08/2013 12:04:40 | Computer Name = DELL-530 | Source = DCOM | ID = 10010
Description =
 
Error - 23/08/2013 14:30:35 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7034
Description =
 
Error - 24/08/2013 16:28:37 | Computer Name = DELL-530 | Source = Service Control Manager | ID = 7006
Description =
 
Error - 24/08/2013 16:42:23 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:40:30 on 24/08/2013 was unexpected.
 
Error - 24/08/2013 16:51:00 | Computer Name = DELL-530 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:49:06 on 24/08/2013 was unexpected.
 
 
< End of report >
 

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  [2013/06/10 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PeerNetworking

  [2013/08/24 23:46:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent

  :files

  ipconfig /flushdns /c

  :Commands

  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[GoBucs]

All processes killed
========== OTL ==========
C:\Users\Chris\AppData\Roaming\PeerNetworking folder moved successfully.
C:\Users\Chris\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Desktop\cmd.bat deleted successfully.
C:\Users\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 135509041 bytes
->Java cache emptied: 502814 bytes
->FireFox cache emptied: 176847924 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8152 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18137187 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 36143445 bytes
 
Total Files Cleaned = 350.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08252013_160048

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[Maniac]

How are things now?

[GoBucs]

still freezing on firefox, did you find anything bad?

[GoBucs]

is filehippo bad, i use it to update my apps

[Maniac]

I think the problem comes from it, but apparently not. Please, generate me a fresh log file from OTL.

[GoBucs]

OTL logfile created on: 26/08/2013 11:16:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 49.57% Memory free
6.20 Gb Paging File | 4.61 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 162.44 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
 
Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/25 15:02:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013/08/17 11:41:47 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/16 02:28:54 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/06/11 08:54:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/17 11:41:47 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/16 02:28:54 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/08/20 20:47:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/17 11:41:47 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 09:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/25 01:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/08/24 21:40:31 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/24 21:40:31 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/24 21:40:31 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 09:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 09:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 09:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/13 18:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/12/10 21:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 F4 51 2E 49 4E CE 01  [binary data]
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/06 13:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/11 08:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/24 21:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 11:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 11:41:43 | 000,000,000 | ---D | M]
 
[2012/07/03 05:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013/08/15 22:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\zmajfhzt.default-1376516779324\extensions
[2013/08/15 22:14:03 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/15 17:40:46 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\zmajfhzt.default-1376516779324\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 11:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 11:41:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/11 08:54:46 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 11:01:32 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/18 21:10:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [installerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\.DEFAULT..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe (Bitdefender)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/25 16:00:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/25 15:02:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/08/25 01:25:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/24 22:32:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/08/24 21:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/08/24 21:40:23 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/24 21:40:22 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/24 21:37:38 | 000,204,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/08/24 21:37:37 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/08/24 21:37:36 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/24 21:37:36 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/08/24 21:37:35 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/08/24 21:37:34 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/24 21:37:25 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/24 21:36:37 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/24 21:36:36 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/08/23 17:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/23 17:11:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/23 17:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/21 22:29:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/21 17:01:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/08/18 21:13:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2013/08/18 04:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/08/18 04:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/08/18 04:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/08/18 03:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2013/08/17 11:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/17 03:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/08/17 03:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/08/17 03:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/08/17 03:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/08/17 03:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/08/14 22:46:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Old Firefox Data-5
[2013/08/14 03:08:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/04 00:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/26 10:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/26 10:37:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/26 10:03:43 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/26 10:03:43 | 000,005,184 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 21:38:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/25 20:34:41 | 000,002,307 | ---- | M] () -- C:\Users\Chris\Desktop\images.jpg
[2013/08/25 17:15:51 | 000,032,403 | ---- | M] () -- C:\ProgramData\1377446955.bdinstall.bin
[2013/08/25 16:03:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/25 15:02:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/08/25 01:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/25 01:02:30 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/08/24 23:52:26 | 000,043,520 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/24 22:33:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2013/08/24 21:40:31 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/24 21:40:31 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/24 21:40:31 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/24 21:40:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/24 21:40:25 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/24 21:37:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/24 21:30:58 | 000,300,041 | ---- | M] () -- C:\ProgramData\1377376080.bdinstall.bin
[2013/08/24 21:30:45 | 000,049,243 | ---- | M] () -- C:\ProgramData\1377376224.bdinstall.bin
[2013/08/24 21:30:33 | 147,536,136 | ---- | M] () -- C:\Users\Chris\Desktop\avast_internet_security_setup.exe
[2013/08/24 21:28:00 | 000,088,218 | ---- | M] () -- C:\ProgramData\1377376078.bdinstall.bin
[2013/08/24 12:26:50 | 009,066,916 | ---- | M] () -- C:\Users\Chris\Desktop\24TH.pdf
[2013/08/23 17:11:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 16:56:23 | 000,569,304 | ---- | M] () -- C:\ProgramData\1377272849.bdinstall.bin
[2013/08/23 16:47:29 | 000,088,217 | ---- | M] () -- C:\ProgramData\1377272848.bdinstall.bin
[2013/08/23 15:19:58 | 001,353,371 | ---- | M] () -- C:\Users\Chris\Desktop\BDSP_DELL-530_2013_08_23_15_19.zip
[2013/08/23 15:12:06 | 006,393,736 | ---- | M] () -- C:\Users\Chris\Desktop\BitdefenderSupportTool.exe
[2013/08/21 21:13:04 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/08/21 21:13:01 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/08/21 17:02:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\tdsskiller.exe
[2013/08/21 12:03:21 | 006,697,381 | ---- | M] () -- C:\Users\Chris\Desktop\777.pdf
[2013/08/21 11:56:52 | 006,697,381 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/08/21 02:44:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/20 19:25:15 | 000,027,575 | ---- | M] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2013/08/20 00:13:01 | 000,008,532 | ---- | M] () -- C:\Users\Chris\Desktop\index.jpg
[2013/08/19 03:49:18 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2013/08/18 21:10:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/18 01:58:23 | 023,263,342 | ---- | M] () -- C:\Users\Chris\Desktop\College Football Preview 2013-2014.pdf
[2013/08/17 11:55:02 | 009,020,269 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(7).pdf
[2013/08/17 11:54:41 | 009,020,269 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(5).pdf
[2013/08/17 03:35:57 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/17 03:28:49 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/08/15 19:33:53 | 000,009,671 | ---- | M] () -- C:\Users\Chris\Desktop\yellow.jpg
[2013/08/14 11:23:44 | 003,854,078 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/08/14 10:02:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/14 03:04:55 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 03:04:55 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 08:19:38 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/08 08:04:40 | 000,018,658 | ---- | M] () -- C:\Users\Chris\Desktop\1tolk1qzlo0mumdkfjnmhzoht324128522.jpg
[2013/08/08 08:04:36 | 000,011,784 | ---- | M] () -- C:\Users\Chris\Desktop\3xou4hxgib4n5lf3yqcu5oijc322086267.2.jpg
[2013/08/04 18:44:19 | 000,012,665 | ---- | M] () -- C:\Users\Chris\Desktop\wasting.jpg
[2013/08/04 18:39:50 | 000,281,281 | ---- | M] () -- C:\Users\Chris\Desktop\Screenshot_2013-08-04-18-38-24.png
[2013/08/03 11:32:26 | 007,831,597 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/07/31 14:45:04 | 002,745,508 | ---- | M] () -- C:\Users\Chris\Desktop\RacingPost(6).pdf
 
========== Files Created - No Company Name ==========
 
[2013/08/25 20:34:40 | 000,002,307 | ---- | C] () -- C:\Users\Chris\Desktop\images.jpg
[2013/08/25 17:15:51 | 000,032,403 | ---- | C] () -- C:\ProgramData\1377446955.bdinstall.bin
[2013/08/24 21:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/24 21:40:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/24 21:40:25 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/08/24 21:37:32 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/24 21:37:27 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/24 21:30:58 | 000,300,041 | ---- | C] () -- C:\ProgramData\1377376080.bdinstall.bin
[2013/08/24 21:30:45 | 000,049,243 | ---- | C] () -- C:\ProgramData\1377376224.bdinstall.bin
[2013/08/24 21:28:00 | 000,088,218 | ---- | C] () -- C:\ProgramData\1377376078.bdinstall.bin
[2013/08/24 21:26:09 | 147,536,136 | ---- | C] () -- C:\Users\Chris\Desktop\avast_internet_security_setup.exe
[2013/08/24 12:26:48 | 009,066,916 | ---- | C] () -- C:\Users\Chris\Desktop\24TH.pdf
[2013/08/23 17:11:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 16:56:23 | 000,569,304 | ---- | C] () -- C:\ProgramData\1377272849.bdinstall.bin
[2013/08/23 16:47:29 | 000,088,217 | ---- | C] () -- C:\ProgramData\1377272848.bdinstall.bin
[2013/08/23 15:19:54 | 001,353,371 | ---- | C] () -- C:\Users\Chris\Desktop\BDSP_DELL-530_2013_08_23_15_19.zip
[2013/08/23 15:12:00 | 006,393,736 | ---- | C] () -- C:\Users\Chris\Desktop\BitdefenderSupportTool.exe
[2013/08/21 12:03:21 | 006,697,381 | ---- | C] () -- C:\Users\Chris\Desktop\777.pdf
[2013/08/21 11:56:51 | 006,697,381 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(4).pdf
[2013/08/20 19:25:15 | 000,027,575 | ---- | C] () -- C:\Users\Chris\Desktop\Untitled.jpg
[2013/08/20 00:13:00 | 000,008,532 | ---- | C] () -- C:\Users\Chris\Desktop\index.jpg
[2013/08/19 03:49:18 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2013/08/18 03:32:08 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013/08/18 01:58:18 | 023,263,342 | ---- | C] () -- C:\Users\Chris\Desktop\College Football Preview 2013-2014.pdf
[2013/08/17 11:55:01 | 009,020,269 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(7).pdf
[2013/08/17 11:54:39 | 009,020,269 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(5).pdf
[2013/08/17 03:35:57 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/08/17 03:28:49 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/08/17 03:25:00 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/08/15 19:33:53 | 000,009,671 | ---- | C] () -- C:\Users\Chris\Desktop\yellow.jpg
[2013/08/14 11:23:43 | 003,854,078 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(3).pdf
[2013/08/08 08:04:40 | 000,018,658 | ---- | C] () -- C:\Users\Chris\Desktop\1tolk1qzlo0mumdkfjnmhzoht324128522.jpg
[2013/08/08 08:04:35 | 000,011,784 | ---- | C] () -- C:\Users\Chris\Desktop\3xou4hxgib4n5lf3yqcu5oijc322086267.2.jpg
[2013/08/04 18:44:19 | 000,012,665 | ---- | C] () -- C:\Users\Chris\Desktop\wasting.jpg
[2013/08/04 18:39:52 | 000,281,281 | ---- | C] () -- C:\Users\Chris\Desktop\Screenshot_2013-08-04-18-38-24.png
[2013/08/03 11:32:21 | 007,831,597 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(2).pdf
[2013/07/31 14:45:03 | 002,745,508 | ---- | C] () -- C:\Users\Chris\Desktop\RacingPost(6).pdf
[2013/06/11 23:17:34 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/10 19:39:44 | 000,029,239 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2013/06/02 12:53:21 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/05/06 14:42:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/05/06 12:27:02 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/01/13 18:03:01 | 003,610,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/16 15:09:21 | 000,711,240 | ---- | C] () -- C:\Windows\is-L5DGO.exe
[2012/06/03 09:55:32 | 000,043,520 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 11:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,910,996 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2013/04/04 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2013/04/08 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\QuickScan
[2013/05/15 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/06/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2013/08/25 01:02:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\VTS_01_1.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\20130328_151820.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\20130328_151644.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Chris\Desktop\20130328_151606.mp4:TOC.WMV
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 

[Maniac]

Run Firefox Safe mode and check what is the situation.

https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

[GoBucs]

seems okay, are my logs clear, do you need to run combofix or roguekiller?

[GoBucs]

still freezing again

[Maniac]

Still in Firefox Safe mode?

Please be more patient!

[GoBucs]

yes in safe mode

[GoBucs]

plus when I use another browser IE it freezes too

[Maniac]

Please try to reset Firefox:

https://support.mozilla.org/bg/kb/reset-firefox-easily-fix-most-problems

[GoBucs]

yep done it, still not responding

[Maniac]

Try to re-install it:

https://support.mozilla.org/bg/kb/uninstall-firefox-from-your-computer

[GoBucs]

done it still hapening

[Maniac]

Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

[GoBucs]

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.08.30.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

30/08/2013 22:03:54
mbar-log-2013-08-30 (22-03-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 212291
Time elapsed: 13 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3209117696, free: 1861869568

Downloaded database version: v2013.08.30.07
Downloaded database version: v2013.08.06.01
Initializing...
======================
------------ Kernel report ------------
     08/30/2013 22:03:50
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\aswNdis2.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Windows\system32\drivers\aswFW.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863b7340
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\
Lower Device Object: 0xffffffff85d64b98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863b7340, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864bad18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863b7340, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84faf898, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d64b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5ED7C68A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 604657664
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 604659712  Numsec = 20480000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3209117696, free: 1711026176

Downloaded database version: v2013.08.30.07
Downloaded database version: v2013.08.06.01
Initializing...
======================
------------ Kernel report ------------
     08/30/2013 22:20:36
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\aswNdis2.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Windows\system32\drivers\aswFW.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863b7340
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\
Lower Device Object: 0xffffffff85d64b98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863b7340, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864bad18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863b7340, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84faf898, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d64b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5ED7C68A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 604657664
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 604659712  Numsec = 20480000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[GoBucs]

ComboFix 13-08-30.02 - Chris 30/08/2013  23:52:00.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1857 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1377272848.bdinstall.bin
c:\programdata\1377272849.bdinstall.bin
c:\programdata\1377376078.bdinstall.bin
c:\programdata\1377376080.bdinstall.bin
c:\programdata\1377376224.bdinstall.bin
c:\programdata\1377446955.bdinstall.bin
c:\programdata\1377893144.bdinstall.bin
c:\users\Chris\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
.
.
2013-08-30 20:39 . 2013-08-30 20:39    369584    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-08-30 20:39 . 2013-05-09 08:59    29816    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 20:37 . 2013-05-09 08:59    204784    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-08-30 20:37 . 2013-05-09 08:59    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-08-30 20:37 . 2013-05-09 08:59    49760    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-08-30 20:37 . 2013-05-09 08:59    56080    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-08-30 20:37 . 2013-05-09 08:59    21576    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-08-30 20:37 . 2013-08-30 20:39    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-30 20:37 . 2013-08-30 20:39    175176    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-30 20:37 . 2013-05-09 08:59    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 20:37 . 2013-05-09 08:59    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 20:36 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-30 20:36 . 2013-03-13 17:01    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2013-08-30 11:14 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{53E0FEAF-0308-4E2C-AC72-8199E0E8AEB0}\mpengine.dll
2013-08-28 00:29 . 2013-08-02 04:09    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-25 15:00 . 2013-08-25 15:00    --------    d-----w-    C:\_OTL
2013-08-23 16:11 . 2013-08-23 16:11    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-23 16:11 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-18 02:31 . 2013-08-18 02:32    --------    d-----w-    c:\program files\Safari
2013-08-17 02:29 . 2013-08-17 02:29    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-08-17 02:29 . 2013-08-17 02:29    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-08-17 02:29 . 2013-08-17 02:29    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-08-17 02:29 . 2013-08-17 02:29    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-08-17 02:29 . 2013-08-17 02:29    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-08-17 02:28 . 2013-08-17 02:29    --------    d-----w-    c:\program files\QuickTime
2013-08-17 02:28 . 2013-08-17 02:28    --------    d-----w-    c:\programdata\Apple Computer
2013-08-17 02:24 . 2013-08-17 02:25    --------    d-----w-    c:\program files\Apple Software Update
2013-08-14 02:08 . 2013-08-14 02:10    --------    d-----w-    c:\windows\system32\MRT
2013-08-14 02:01 . 2013-07-25 02:22    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-14 01:49 . 2013-06-15 13:22    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-08-14 01:49 . 2013-06-15 11:23    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 01:49 . 2013-07-05 04:53    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 01:49 . 2013-07-17 19:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 01:49 . 2013-07-10 09:47    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-14 01:49 . 2013-07-08 04:55    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 01:49 . 2013-07-09 12:10    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 01:49 . 2013-07-08 04:55    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-14 01:49 . 2013-07-08 04:20    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:49 . 2013-07-08 04:16    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:49 . 2013-07-08 04:16    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:49 . 2013-07-08 04:16    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-03 23:14 . 2013-08-30 21:43    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 16:21 . 2011-12-26 22:04    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-08-23 16:21 . 2011-12-26 22:00    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-20 19:47 . 2012-12-13 19:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 19:47 . 2012-12-13 19:48    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-11 10:23 . 2013-07-11 10:23    103680    ----a-w-    C:\kfriapod.sys
2013-06-11 07:54 . 2008-10-23 12:05    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-06-04 01:50 . 2013-07-11 19:44    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-06-02 11:53 . 2013-06-02 11:53    15616    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-11 295512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-30 05:38    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 19:47]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k0zvvges.default-1377625944838\
FF - ExtSQL: 2013-08-30 21:36; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-pdiface - c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-30 23:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-08-31  00:01:59
ComboFix-quarantined-files.txt  2013-08-30 23:01
ComboFix2.txt  2013-08-18 20:13
.
Pre-Run: 176,310,996,992 bytes free
Post-Run: 175,875,776,512 bytes free
.
- - End Of File - - 3DDD56588F2C83DFC14F6F65A6AC4144
5C616939100B85E558DA92B899A0FC36