I have a really bad malware infestation, help

madeppymage · November 22, 2013

I have an OTL log to show anyone willing to help me

I've noticed lots of weirdness, programs freezing up randomly, and general sluggishness, helping me to remove this problem would really help.

Here is my OTL log

Some things I've noticed: PACE Anti-Piracy, and a hijackthis log revealed a ton of 'unknown' user entries, sorry if that is vague, I can also supply the Hijackthis log.

OTL logfile created on: 11/22/2013 12:29:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\madeppymage\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.77 Gb Available Physical Memory | 73.14% Memory free
23.98 Gb Paging File | 19.60 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.36 Gb Total Space | 90.65 Gb Free Space | 32.45% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 93.70 Gb Free Space | 33.53% Space Free | Partition Type: NTFS

Computer Name: MADEPPYMAGE-PC | User Name: madeppymage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/22 00:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\madeppymage\Downloads\OTL.exe
PRC - [2013/11/22 00:19:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\madeppymage\Downloads\HijackThis.exe
PRC - [2013/11/21 16:12:02 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/11/18 21:24:08 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/30 11:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 11:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/02 12:06:04 | 000,309,632 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/21 16:12:01 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/11/18 21:24:07 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/30 11:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 09:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 12:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/06/14 15:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 15:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 15:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/21 10:41:56 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013/11/21 10:41:44 | 001,645,256 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013/10/08 04:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/07 19:03:48 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013/05/01 16:02:26 | 002,280,960 | ---- | M] (Proxy Labs) [Auto | Running] -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe -- (pcapsvc)
SRV:64bit: - [2013/01/30 09:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/18 21:24:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 11:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/02 12:16:10 | 001,315,728 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - [2013/08/26 11:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/21 10:41:53 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/10/08 05:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 04:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/24 14:49:22 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/09/04 01:16:58 | 000,040,696 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013/08/26 11:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/26 11:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/23 13:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/08/07 13:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/07/19 18:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/07/19 18:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/07/05 00:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/22 19:46:52 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/01/03 05:14:20 | 000,207,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dcrypt.sys -- (dcrypt)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/11 18:05:46 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\madeppymage\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/10/01 12:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/21 15:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/14 19:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/11/21 15:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/10/01 12:45:02 | 000,000,000 | ---D | M]

[2010/04/29 16:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Extensions
[2013/11/21 13:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2013/09/14 19:41:23 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2013/09/15 00:09:44 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2013/08/06 05:09:48 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach.xpi
[2013/11/21 13:19:48 | 000,718,815 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2013/11/21 13:19:48 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/06 05:09:48 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/21 13:19:48 | 000,049,167 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2013/10/30 05:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/10 11:45:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/30 05:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/10 11:45:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 21:24:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/08 13:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\madeppymage\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\madeppymage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\madeppymage\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\pcapwsp.dll (Proxy Labs)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - ppcapwsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWow64\pcapwsp.dll (Proxy Labs)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CF519E-163C-4C87-8715-9AF5CDDB0E91}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 23:53:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\BitTorrent
[2013/11/21 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\uTorrent
[2013/11/21 16:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/11/21 14:45:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/21 14:28:54 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2013/11/21 14:25:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Desktop\Old Firefox Data
[2013/11/21 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Malwarebytes
[2013/11/21 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/21 12:47:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 12:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/21 10:41:57 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2013/11/21 10:41:50 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuh.dll
[2013/11/21 10:41:49 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2013/11/21 10:41:43 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin.dll
[2013/11/21 03:05:35 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\liQeNSoft
[2013/11/21 03:05:35 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\liQeNSoft
[2013/11/21 02:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/11/21 02:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/11/21 02:57:43 | 000,093,600 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
[2013/11/21 02:57:43 | 000,082,824 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2013/11/21 02:57:40 | 000,727,592 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2013/11/21 02:57:40 | 000,601,360 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2013/11/21 02:57:40 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2013/11/21 02:56:33 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Bitdefender
[2013/11/21 02:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/11/21 02:54:17 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\QuickScan
[2013/11/21 02:53:28 | 000,150,256 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2013/11/21 02:53:26 | 000,389,240 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2013/11/21 02:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/11/21 02:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/11/20 20:45:46 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\NBTExplorer
[2013/11/20 19:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/11/20 19:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013/11/20 19:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/11/20 19:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013/11/20 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Logitech
[2013/11/20 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Logishrd
[2013/11/19 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTRVII
[2013/11/19 15:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Creative Assembly
[2013/11/17 23:30:23 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\.SquashOccurrences
[2013/11/14 22:21:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Rockstar Games
[2013/11/14 22:19:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/11/14 22:19:07 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\Rockstar Games
[2013/11/14 22:17:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/11/14 21:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV Vehicle Mod Installer
[2013/11/13 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Desktop\mc
[2013/11/12 19:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/11/11 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Games for Windows - LIVE Videos
[2013/11/11 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Games for Windows - LIVE Demos
[2013/11/11 00:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2013/11/10 23:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2013/11/10 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/11/10 23:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/11/10 23:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/11/10 23:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/11/10 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/11/10 12:49:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/11/10 11:44:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/06 11:54:18 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\S2
[2013/11/06 11:54:14 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\S2
[2013/11/06 01:09:39 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\FalloutNV
[2013/11/03 00:39:45 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\Game Dev Tycoon - Steam
[2013/10/30 05:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/27 22:02:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013/10/27 22:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013/10/27 22:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/10/27 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2013/10/27 22:00:28 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2013/10/27 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2013/10/27 01:48:36 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Tropico 4
[2013/10/27 01:46:28 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Kalypso Media
[2013/10/27 01:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2013/10/25 02:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2013/10/25 02:53:38 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Codemasters
[2013/10/25 02:53:36 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/10/25 02:53:35 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/10/25 02:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013/10/23 18:25:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\PACE Anti-Piracy
[2013/10/23 18:25:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\PACE Anti-Piracy
[2013/10/23 18:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013/10/23 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Adobe
[2013/10/23 18:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/10/23 18:17:06 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2013/10/23 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/10/23 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/10/23 18:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013/10/23 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/10/23 18:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/10/23 16:36:55 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/10/23 16:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/10/23 16:36:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/10/23 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/10/23 16:34:11 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\Windows Live
[2013/10/23 16:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/10/23 16:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013/10/23 02:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
[2013/10/23 02:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Isle

========== Files - Modified Within 30 Days ==========

[2013/11/22 00:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 23:54:20 | 000,000,819 | ---- | M] () -- C:\Users\madeppymage\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/11/21 19:28:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 17:22:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 14:35:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 14:35:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 14:33:44 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/21 14:33:44 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/21 14:33:44 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 14:28:09 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 10:41:57 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2013/11/21 10:41:57 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2013/11/21 10:41:53 | 000,082,824 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2013/11/21 10:41:50 | 000,034,384 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuh.dll
[2013/11/21 10:41:49 | 000,076,944 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2013/11/21 10:41:43 | 000,084,848 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin.dll
[2013/11/21 02:59:25 | 002,301,791 | ---- | M] () -- C:\ProgramData\1385031181.bdinstall.bin
[2013/11/21 02:59:05 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2013/11/21 02:58:04 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013/11/21 02:58:04 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013/11/21 02:58:04 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2013/11/21 02:57:53 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/11/21 02:57:53 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/11/21 02:57:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/11/16 01:03:27 | 000,000,246 | ---- | M] () -- C:\Windows\SIERRA.INI
[2013/11/14 22:17:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/11/11 20:25:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Patrician IV - Rise of a Dynasty.lnk
[2013/11/11 20:25:12 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Patrician IV.lnk
[2013/11/11 00:29:09 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2013/11/10 23:22:15 | 000,000,222 | ---- | M] () -- C:\Users\madeppymage\Desktop\Endless Space.url
[2013/11/10 23:15:23 | 000,773,536 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/10 11:45:00 | 004,944,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/10 11:44:30 | 870,248,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/06 11:54:06 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\The Settlers II - 10th Anniversary.lnk
[2013/10/27 22:00:26 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/10/27 22:00:26 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/10/23 16:12:48 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk

========== Files Created - No Company Name ==========

[2013/11/21 23:54:20 | 000,000,819 | ---- | C] () -- C:\Users\madeppymage\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/11/21 02:59:25 | 002,301,791 | ---- | C] () -- C:\ProgramData\1385031181.bdinstall.bin
[2013/11/21 02:59:05 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2013/11/21 02:58:04 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2013/11/21 02:57:53 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/11/21 02:57:53 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/11/21 02:57:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/11/21 02:55:24 | 046,879,860 | -H-- | C] () -- C:\bdr-im01.gz
[2013/11/21 02:55:24 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2013/11/21 02:55:24 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013/11/21 02:55:24 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013/11/11 20:25:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Patrician IV - Rise of a Dynasty.lnk
[2013/11/11 20:25:12 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Patrician IV.lnk
[2013/11/11 00:29:09 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2013/11/10 23:22:15 | 000,000,222 | ---- | C] () -- C:\Users\madeppymage\Desktop\Endless Space.url
[2013/11/10 11:44:30 | 870,248,584 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/06 11:54:06 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\The Settlers II - 10th Anniversary.lnk
[2013/10/23 16:36:48 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/10/23 16:36:44 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/10/23 16:12:48 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013/10/16 03:58:54 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/09/04 23:45:42 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/09/04 23:45:42 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/09/04 22:44:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/09/04 22:44:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/01 16:08:02 | 000,331,776 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/09/07 10:36:58 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/07 10:36:58 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/21 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\.minecraft
[2013/09/21 04:49:08 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\3909
[2013/10/17 02:35:59 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Ascaron Entertainment
[2013/11/21 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Bitdefender
[2013/11/21 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\BitTorrent
[2013/09/14 17:45:24 | 000,000,000 | -HSD | M] -- C:\Users\madeppymage\AppData\Roaming\Common
[2013/09/29 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\DAEMON Tools Lite
[2013/10/19 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\DisplayFusion
[2013/11/20 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\foobar2000
[2013/10/22 16:33:54 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\GameRanger
[2013/09/15 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\JonDo
[2013/11/15 01:08:07 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Kalypso Media
[2013/11/21 03:05:35 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\liQeNSoft
[2013/10/09 09:45:56 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\LolClient
[2013/09/19 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Mumble
[2013/10/17 22:01:29 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\OBS
[2013/09/26 05:07:56 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\OpenOffice
[2013/10/23 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\PACE Anti-Piracy
[2013/11/21 02:54:17 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\QuickScan
[2010/04/27 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\raidcall
[2013/09/24 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Red Alert 3
[2013/10/08 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Riot Games
[2013/09/24 03:09:18 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\The Creative Assembly
[2013/09/14 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Thunderbird
[2013/10/27 01:48:36 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Tropico 4
[2013/09/29 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\TuneUp Software
[2013/10/04 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\UDP Software
[2013/11/21 23:49:32 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

thanks!

Maniac · November 22, 2013

Hello madeppymage and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please manually delete your OTL.exe copy and follow my instructions:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

madeppymage · November 22, 2013

Thanks for the help Borislav!
My OTL only produced an OTL.txt, no extras.txt, is that okay?
After following your instructions here is the OTL log:

OTL logfile created on: 11/22/2013 11:55:45 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\madeppymage\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 10.51 Gb Available Physical Memory | 87.68% Memory free
23.98 Gb Paging File | 21.31 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.36 Gb Total Space | 99.19 Gb Free Space | 35.51% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 93.69 Gb Free Space | 33.53% Space Free | Partition Type: NTFS

Computer Name: MADEPPYMAGE-PC | User Name: madeppymage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/22 11:52:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\madeppymage\Desktop\OTL.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/02 12:06:04 | 000,309,632 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/21 10:41:56 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013/11/21 10:41:44 | 001,645,256 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013/10/08 04:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/07 19:03:48 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013/05/01 16:02:26 | 002,280,960 | ---- | M] (Proxy Labs) [Auto | Running] -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe -- (pcapsvc)
SRV:64bit: - [2013/01/30 09:52:10 | 000,405,744 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/11/18 21:24:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 11:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/02 12:16:10 | 001,315,728 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - [2013/08/26 11:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/21 10:41:53 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/10/08 05:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 04:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/24 14:49:22 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/09/04 01:16:58 | 000,040,696 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013/08/26 11:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/26 11:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/23 13:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/08/07 13:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/07/19 18:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/07/19 18:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/07/05 00:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/22 19:46:52 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/01/03 05:14:20 | 000,207,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dcrypt.sys -- (dcrypt)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/11 18:05:46 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\madeppymage\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/10/01 12:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/21 15:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/14 19:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/11/21 15:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/10/01 12:45:02 | 000,000,000 | ---D | M]

[2010/04/29 16:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Extensions
[2013/11/21 13:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2013/09/14 19:41:23 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2013/09/15 00:09:44 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
[2013/08/06 05:09:48 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach.xpi
[2013/11/21 13:19:48 | 000,718,815 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
[2013/11/21 13:19:48 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/06 05:09:48 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/21 13:19:48 | 000,049,167 | ---- | M] () (No name found) -- C:\Users\madeppymage\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
[2013/10/30 05:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/10 11:45:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/30 05:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/10 11:45:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 21:24:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/08 13:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\madeppymage\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\madeppymage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKU\S-1-5-21-1305686450-1805955425-1762514390-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\madeppymage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\madeppymage\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\pcapwsp.dll (Proxy Labs)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - ppcapwsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWow64\pcapwsp.dll (Proxy Labs)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CF519E-163C-4C87-8715-9AF5CDDB0E91}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/22 11:52:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\madeppymage\Desktop\OTL.exe
[2013/11/21 23:53:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\BitTorrent
[2013/11/21 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\uTorrent
[2013/11/21 16:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/11/21 14:45:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/21 14:28:54 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2013/11/21 14:25:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Desktop\Old Firefox Data
[2013/11/21 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Malwarebytes
[2013/11/21 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 12:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/21 12:47:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 12:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/21 10:41:57 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2013/11/21 10:41:50 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuh.dll
[2013/11/21 10:41:49 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2013/11/21 10:41:43 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin.dll
[2013/11/21 03:05:35 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\liQeNSoft
[2013/11/21 03:05:35 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\liQeNSoft
[2013/11/21 02:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2013/11/21 02:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/11/21 02:57:43 | 000,093,600 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
[2013/11/21 02:57:43 | 000,082,824 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2013/11/21 02:57:40 | 000,727,592 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2013/11/21 02:57:40 | 000,601,360 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2013/11/21 02:57:40 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2013/11/21 02:56:33 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Bitdefender
[2013/11/21 02:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013/11/21 02:54:17 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\QuickScan
[2013/11/21 02:53:28 | 000,150,256 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2013/11/21 02:53:26 | 000,389,240 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2013/11/21 02:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/11/21 02:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/11/20 20:45:46 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\NBTExplorer
[2013/11/20 19:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/11/20 19:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013/11/20 19:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/11/20 19:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013/11/20 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Logitech
[2013/11/20 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Logishrd
[2013/11/19 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTRVII
[2013/11/19 15:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Creative Assembly
[2013/11/17 23:30:23 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\.SquashOccurrences
[2013/11/14 22:21:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Rockstar Games
[2013/11/14 22:19:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013/11/14 22:19:07 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\Rockstar Games
[2013/11/14 22:17:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/11/14 21:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV Vehicle Mod Installer
[2013/11/13 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Desktop\mc
[2013/11/12 19:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/11/11 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Games for Windows - LIVE Videos
[2013/11/11 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Games for Windows - LIVE Demos
[2013/11/11 00:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2013/11/10 23:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2013/11/10 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/11/10 23:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/11/10 23:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/11/10 23:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/11/10 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/11/10 12:49:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/11/10 11:44:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/06 11:54:18 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\S2
[2013/11/06 11:54:14 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\S2
[2013/11/06 01:09:39 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\FalloutNV
[2013/11/03 00:39:45 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\Game Dev Tycoon - Steam
[2013/10/30 05:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/27 22:02:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013/10/27 22:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013/10/27 22:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/10/27 22:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2013/10/27 22:00:28 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2013/10/27 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2013/10/27 01:48:36 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Tropico 4
[2013/10/27 01:46:28 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\Kalypso Media
[2013/10/27 01:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media
[2013/10/25 02:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2013/10/25 02:53:38 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Codemasters
[2013/10/25 02:53:36 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/10/25 02:53:35 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/10/25 02:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013/10/23 18:25:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Roaming\PACE Anti-Piracy
[2013/10/23 18:25:19 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\PACE Anti-Piracy
[2013/10/23 18:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013/10/23 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\Documents\Adobe
[2013/10/23 18:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/10/23 18:17:06 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2013/10/23 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/10/23 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/10/23 18:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013/10/23 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/10/23 18:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/10/23 16:36:55 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/10/23 16:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/10/23 16:36:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/10/23 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/10/23 16:34:11 | 000,000,000 | ---D | C] -- C:\Users\madeppymage\AppData\Local\Windows Live
[2013/10/23 16:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/10/23 16:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

========== Files - Modified Within 30 Days ==========

[2013/11/22 11:52:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\madeppymage\Desktop\OTL.exe
[2013/11/22 11:38:13 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/22 11:38:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 23:54:20 | 000,000,819 | ---- | M] () -- C:\Users\madeppymage\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/11/21 17:22:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 14:35:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 14:35:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 14:33:44 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/21 14:33:44 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/21 14:33:44 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 14:28:09 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 10:41:57 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2013/11/21 10:41:57 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2013/11/21 10:41:53 | 000,082,824 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2013/11/21 10:41:50 | 000,034,384 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuh.dll
[2013/11/21 10:41:49 | 000,076,944 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2013/11/21 10:41:43 | 000,084,848 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin.dll
[2013/11/21 02:59:25 | 002,301,791 | ---- | M] () -- C:\ProgramData\1385031181.bdinstall.bin
[2013/11/21 02:59:05 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2013/11/21 02:58:04 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013/11/21 02:58:04 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013/11/21 02:58:04 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2013/11/21 02:57:53 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/11/21 02:57:53 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/11/21 02:57:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/11/16 01:03:27 | 000,000,246 | ---- | M] () -- C:\Windows\SIERRA.INI
[2013/11/14 22:17:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/11/11 20:25:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Patrician IV - Rise of a Dynasty.lnk
[2013/11/11 20:25:12 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Patrician IV.lnk
[2013/11/11 00:29:09 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2013/11/10 23:22:15 | 000,000,222 | ---- | M] () -- C:\Users\madeppymage\Desktop\Endless Space.url
[2013/11/10 23:15:23 | 000,773,536 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/10 11:45:00 | 004,944,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/10 11:44:30 | 870,248,584 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/06 11:54:06 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\The Settlers II - 10th Anniversary.lnk
[2013/10/27 22:00:26 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/10/27 22:00:26 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/10/23 16:12:48 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk

========== Files Created - No Company Name ==========

[2013/11/21 23:54:20 | 000,000,819 | ---- | C] () -- C:\Users\madeppymage\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/11/21 02:59:25 | 002,301,791 | ---- | C] () -- C:\ProgramData\1385031181.bdinstall.bin
[2013/11/21 02:59:05 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2013/11/21 02:58:04 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2013/11/21 02:57:53 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2013/11/21 02:57:53 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
[2013/11/21 02:57:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/11/21 02:55:24 | 046,879,860 | -H-- | C] () -- C:\bdr-im01.gz
[2013/11/21 02:55:24 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2013/11/21 02:55:24 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013/11/21 02:55:24 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013/11/11 20:25:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Patrician IV - Rise of a Dynasty.lnk
[2013/11/11 20:25:12 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Patrician IV.lnk
[2013/11/11 00:29:09 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2013/11/10 23:22:15 | 000,000,222 | ---- | C] () -- C:\Users\madeppymage\Desktop\Endless Space.url
[2013/11/10 11:44:30 | 870,248,584 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/06 11:54:06 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\The Settlers II - 10th Anniversary.lnk
[2013/10/23 16:36:48 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/10/23 16:36:44 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/10/23 16:12:48 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013/10/16 03:58:54 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013/10/08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/09/04 23:45:42 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/09/04 23:45:42 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/09/04 22:44:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/09/04 22:44:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/01 16:08:02 | 000,331,776 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/09/07 10:36:58 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/07 10:36:58 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/21 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\.minecraft
[2013/09/21 04:49:08 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\3909
[2013/10/17 02:35:59 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Ascaron Entertainment
[2013/11/21 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Bitdefender
[2013/11/21 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\BitTorrent
[2013/09/14 17:45:24 | 000,000,000 | -HSD | M] -- C:\Users\madeppymage\AppData\Roaming\Common
[2013/09/29 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\DAEMON Tools Lite
[2013/10/19 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\DisplayFusion
[2013/11/20 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\foobar2000
[2013/10/22 16:33:54 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\GameRanger
[2013/09/15 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\JonDo
[2013/11/15 01:08:07 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Kalypso Media
[2013/11/21 03:05:35 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\liQeNSoft
[2013/10/09 09:45:56 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\LolClient
[2013/09/19 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Mumble
[2013/10/17 22:01:29 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\OBS
[2013/09/26 05:07:56 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\OpenOffice
[2013/10/23 18:25:20 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\PACE Anti-Piracy
[2013/11/21 02:54:17 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\QuickScan
[2010/04/27 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\raidcall
[2013/09/24 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Red Alert 3
[2013/10/08 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Riot Games
[2013/09/24 03:09:18 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\The Creative Assembly
[2013/09/14 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Thunderbird
[2013/10/27 01:48:36 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\Tropico 4
[2013/09/29 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\TuneUp Software
[2013/10/04 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\UDP Software
[2013/11/21 23:49:32 | 000,000,000 | ---D | M] -- C:\Users\madeppymage\AppData\Roaming\uTorrent

========== Purity Check ==========

< End of report >

Maniac · November 23, 2013

I would like to see your Extras.txt . If is a problem for you to post it here, post its content in a PM to me. Thanks!

AdvancedSetup · December 10, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

I have a really bad malware infestation, help

Recommended Posts

madeppymage

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

madeppymage

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information