Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

May have many viruses ! noob needs help! [Closed]


  • This topic is locked This topic is locked

#1
Luke-Marsey89

Luke-Marsey89

    Member

  • Member
  • PipPip
  • 11 posts
Hi as you might see from the title i believe i may have many viruses on my laptop as it constantly gives me pop ups from dataserve and searchqu :S pluss many others also its became varry slow and barly usable since this has happened its taken me nearly a hour to get this topic up :( any help would be useful as im not the brightest of laptop users :)...
thanks and hopefully some 1 may be able to help..
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first we will need to have a quick looksee on the computer to see what you have


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi Essexboy thanks for your reply and help
this is the result from AdwCleaner... just about to run the OTL test now ill post the result from that as soon as its compleat..

# AdwCleaner v2.306 - Logfile created 07/29/2013 at 14:44:16
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : -LUKE- - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\-LUKE-\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Searchqu Toolbar
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Discount Buddy
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\-LUKE-\AppData\Local\Discount Buddy
Folder Deleted : C:\Users\-LUKE-\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\-LUKE-\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\-LUKE-\AppData\Roaming\Babylon

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Discount Buddy
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211671166}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211671166}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211671166}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222672266}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026766.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026766.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026766.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026766.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255675566}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266676666}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244674466}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211671166}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211671166}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discount Buddy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=91337798-e062-4700-bb90-2f305aea8aa1&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=91337798-e062-4700-bb90-2f305aea8aa1&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=91337798-e062-4700-bb90-2f305aea8aa1&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=91337798-e062-4700-bb90-2f305aea8aa1&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=91337798-e062-4700-bb90-2f305aea8aa1&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [12807 octets] - [29/07/2013 14:44:16]

########## EOF - C:\AdwCleaner[S1].txt - [12868 octets] ##########
  • 0

#4
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Results from OTL ...

OTL.txt

OTL logfile created on: 29/07/2013 15:19:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\-LUKE-\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.68 Mb Total Physical Memory | 214.17 Mb Available Physical Memory | 21.13% Memory free
2.24 Gb Paging File | 1.02 Gb Available in Paging File | 45.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.76 Gb Total Space | 18.07 Gb Free Space | 27.90% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: -LUKE- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/29 14:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
PRC - [2013/06/25 16:06:29 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/29 09:51:12 | 002,686,536 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2011/10/26 11:34:40 | 000,017,408 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/09 23:13:46 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/09 23:13:40 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/29 15:06:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/05/09 23:13:28 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2006/01/22 13:44:52 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2013/06/25 17:08:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/26 11:34:40 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2008/05/09 23:13:46 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FC00D3A-2410-4532-9281-F46144F1A6E7}\MpKslf3a0fd6d.sys -- (MpKslf3a0fd6d)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\easytthr.sys -- (easytether)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/27 16:43:44 | 000,252,752 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2011/12/27 16:43:44 | 000,191,824 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2011/12/27 16:43:42 | 000,219,984 | ---- | M] (© Guillemot R&D, 2011. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2011/04/02 20:05:23 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/04/02 20:05:22 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 CC B4 EB B9 3D CD 01 [binary data]
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found



O1 HOSTS File: ([2013/01/07 14:31:00 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts:
O1 - Hosts: 127.0.0.1 activation.nero.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-114143902-2153543805-3046081360-1001\..Trusted Domains: google.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{295F6EFF-BE23-4205-B8DE-D01070F32E3A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703CEA9D-BB09-4D3E-A52B-E5152C87564B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/29 14:54:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/29 14:41:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
[2013/07/29 14:27:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/29 14:27:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/29 14:27:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/29 14:27:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/29 14:27:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/29 14:27:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/29 14:27:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/29 14:27:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/29 03:02:49 | 000,000,000 | ---D | C] -- C:\77f0f188c1f737402ffd763bff475d55
[2013/07/28 13:58:10 | 000,000,000 | ---D | C] -- C:\6aa7e9704684e1efc0d15b
[2013/07/28 13:56:31 | 000,000,000 | ---D | C] -- C:\b774e0aaf0abec8f3ee82ac47d430952
[2013/07/11 22:34:06 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/11 22:33:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 22:33:08 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/11 22:33:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/11 22:33:08 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/11 22:33:07 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/11 22:33:07 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/11 22:33:07 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/11 22:33:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/11 22:33:02 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 22:32:59 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/02 22:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/02 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/02 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/02 22:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/07/29 15:07:41 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/29 15:05:09 | 003,633,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/29 15:04:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 15:04:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 15:03:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/29 15:00:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/29 14:55:43 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 14:55:43 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/29 14:45:47 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 14:45:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-114143902-2153543805-3046081360-1000UA.job
[2013/07/29 14:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
[2013/07/29 14:41:09 | 000,666,633 | ---- | M] () -- C:\Users\-LUKE-\Desktop\adwcleaner.exe
[2013/07/28 23:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-114143902-2153543805-3046081360-1000Core.job
[2013/07/02 22:22:20 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/30 20:01:08 | 000,000,943 | ---- | M] () -- C:\Users\-LUKE-\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/07/29 14:44:35 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 14:40:12 | 000,666,633 | ---- | C] () -- C:\Users\-LUKE-\Desktop\adwcleaner.exe
[2013/07/02 22:22:20 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/30 20:01:08 | 000,000,943 | ---- | C] () -- C:\Users\-LUKE-\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/15 04:06:41 | 000,003,584 | ---- | C] () -- C:\Users\-LUKE-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 21:19:40 | 000,005,648 | ---- | C] () -- C:\Users\-LUKE-\AppData\Local\d3d9caps.dat
[2012/05/14 20:10:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012/05/14 20:10:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/17 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Camfrog
[2013/01/07 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\iFunbox_UserCache
[2012/09/05 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\PowerISO
[2012/07/01 02:35:46 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Radialpoint
[2013/07/28 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\redsn0w
[2013/06/26 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\SynthMaker
[2013/07/11 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\uTorrent
[2012/07/01 02:32:55 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Virgin Media
[2012/07/04 12:13:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Radialpoint
[2012/07/04 12:13:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Virgin Media

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 03:33:54 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 03:33:53 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 07:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 03:34:20 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/04/24 05:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 07:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 03:34:51 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 03:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 07:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 03:34:43 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 03:33:50 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 03:34:04 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 03:33:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 03:34:35 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 07:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 07:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 03:34:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 07:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 03:34:19 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 17:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 19:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 07:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 07:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 07:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 03:32:53 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 07:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 07:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 07:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 07:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 07:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 20:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 12:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/21 03:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 13:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 03:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 03:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 13:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is DEDE-758D
Directory of C:\
02/11/2006 13:59 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\-LUKE-
14/05/2012 20:30 <JUNCTION> Application Data [C:\Users\-LUKE-\AppData\Roaming]
14/05/2012 20:30 <JUNCTION> Cookies [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\Cookies]
14/05/2012 20:30 <JUNCTION> Local Settings [C:\Users\-LUKE-\AppData\Local]
14/05/2012 20:30 <JUNCTION> My Documents [C:\Users\-LUKE-\Documents]
14/05/2012 20:30 <JUNCTION> NetHood [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/05/2012 20:30 <JUNCTION> PrintHood [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/05/2012 20:30 <JUNCTION> Recent [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\Recent]
14/05/2012 20:30 <JUNCTION> SendTo [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\SendTo]
14/05/2012 20:30 <JUNCTION> Start Menu [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\Start Menu]
14/05/2012 20:30 <JUNCTION> Templates [C:\Users\-LUKE-\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\-LUKE-\AppData\Local
14/05/2012 20:30 <JUNCTION> Application Data [C:\Users\-LUKE-\AppData\Local]
14/05/2012 20:30 <JUNCTION> History [C:\Users\-LUKE-\AppData\Local\Microsoft\Windows\History]
14/05/2012 20:30 <JUNCTION> Temporary Internet Files [C:\Users\-LUKE-\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\-LUKE-\Documents
14/05/2012 20:30 <JUNCTION> My Music [C:\Users\-LUKE-\Music]
14/05/2012 20:30 <JUNCTION> My Pictures [C:\Users\-LUKE-\Pictures]
14/05/2012 20:30 <JUNCTION> My Videos [C:\Users\-LUKE-\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
01/06/2011 16:13 <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
01/06/2011 16:13 <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
01/06/2011 16:13 <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
01/06/2011 16:13 <JUNCTION> My Documents [C:\Users\Guest\Documents]
01/06/2011 16:13 <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/06/2011 16:13 <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/06/2011 16:13 <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
01/06/2011 16:13 <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
01/06/2011 16:13 <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
01/06/2011 16:13 <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
01/06/2011 16:13 <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
01/06/2011 16:13 <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
01/06/2011 16:13 <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
01/06/2011 16:13 <JUNCTION> My Music [C:\Users\Guest\Music]
01/06/2011 16:13 <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
01/06/2011 16:13 <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/05/2011 00:28 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/05/2011 00:28 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/05/2011 00:28 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
03/05/2011 00:28 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
03/05/2011 00:28 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/05/2011 00:28 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/05/2011 00:28 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/05/2011 00:28 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/05/2011 00:28 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/05/2011 00:28 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/05/2011 00:28 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/05/2011 00:28 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/05/2011 00:28 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/05/2011 00:28 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
03/05/2011 00:28 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
03/05/2011 00:28 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
79 Dir(s) 18,101,235,712 bytes free

< End of report >



Extras.txt

OTL Extras logfile created on: 29/07/2013 15:19:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\-LUKE-\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.68 Mb Total Physical Memory | 214.17 Mb Available Physical Memory | 21.13% Memory free
2.24 Gb Paging File | 1.02 Gb Available in Paging File | 45.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.76 Gb Total Space | 18.07 Gb Free Space | 27.90% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: -LUKE- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16826B51-3446-4306-982F-70289EAC3042}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E77608F-AC22-402C-B52D-6BA9323DCBAE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2CEBBE01-EE91-47A3-99F9-32F970188137}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3020BACD-26C5-40A4-968D-D57412BC33DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{38BC12EB-6520-4124-B749-59C6A0C64335}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3F40BEDE-4E15-4807-A6C5-689C601093AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{40008395-36F3-48D8-8CC5-00F681DFACAD}" = rport=137 | protocol=17 | dir=out | app=system |
"{4603770D-DA6C-4BB8-8B77-5A2E6017E0EC}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C7AC6B8-5F87-4382-A809-05F8B5051C70}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65301985-88A9-4B95-A884-D1C5344180E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76F94965-329A-45F8-96C6-4D3835230E43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F66C420-6CE6-496F-B0EB-63EC179D104B}" = rport=138 | protocol=17 | dir=out | app=system |
"{802C75A5-C341-4D2B-B274-112B262841D1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{80A63F25-FE2D-43E3-95F5-C2BA79E65255}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{829AF9B5-A13B-4DDE-B04B-1AB0DFB9488A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AD6C97E3-0EA0-41CC-89AA-E5517888956F}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF1941EC-363C-45FD-83E9-BF844D1C26B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AF71006E-55C9-451F-926D-6746397DC0C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1EF0536-0CF9-4432-866E-0087146854BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B569CB31-B9E1-4838-B36D-AC0C80C9AC7C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C2722A6D-A771-45E7-B681-C51E6FF584D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2CA7A5C-9FE8-4B16-87B9-14FAB7F54EBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4044F29-A18F-4C85-9E87-CAE08783C7E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{D4F44D1F-0FF3-45A7-AB29-A3AD2A1D9467}" = lport=137 | protocol=17 | dir=in | app=system |
"{D53DC588-C629-409A-B562-D828F67307DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA67272D-178E-492C-9586-4799F3D51353}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0A64055-A5E9-4C0C-8849-F618206BF63D}" = lport=5985 | protocol=6 | dir=in | app=system |
"{E2565EBC-6EDD-4DA5-A314-461D5927E7BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDED0D13-6E1B-4EDF-84F3-5E39562D3B9A}" = lport=80 | protocol=6 | dir=in | name=windows remote management - compatibility mode (http-in) |
"{F2A4DF3E-6140-43B3-9B1D-D5A09A1A3DBF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FC052782-E351-40BD-BD65-CAB4E4FEFBFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDB72347-E7E2-4440-AB22-B406BDF0FC05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E3A0E22-86A5-4823-8CA4-949113A310FC}" = protocol=58 | dir=in | [email protected],-28545 |
"{1DA2F2B5-01A4-4FB2-9963-E3FBCA457184}" = protocol=1 | dir=out | [email protected],-28544 |
"{1E1BD729-C6CE-4B82-AD58-29C6C8C33BF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{212B3BF0-B8A9-4123-9C9D-FB07887238A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23876245-7A88-4333-A70A-E9CA915F816C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3065D63E-8B85-4D13-8BA4-FF92FE8CE351}" = protocol=6 | dir=out | app=system |
"{31139549-1305-41DB-B2FC-BD4BDDEC6302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4781983E-212F-4D95-9D80-C7D7004821A7}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{484F79DE-4E85-4E58-BF7C-3753346130BD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{48A8559B-D90E-4216-9591-71347A448D9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{567FCA56-4B12-475B-903E-46908B7CFEC7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{62F4914E-8DA1-46D7-9BB7-BA341C087652}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68C95FC4-9000-418D-B8FE-A51EF8D99CAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A6CA513-AA14-4D9C-9ACD-3A1490BFCD2D}" = protocol=6 | dir=out | app=system |
"{6D52DA41-4B1D-4EDC-869E-6EBA58F404A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{798E91C5-58AB-44C9-B358-F019FF8B49C1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{852904B5-EA68-434D-89CE-F35D43963293}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91C1FEDB-20B2-4649-9F0D-280780949FD8}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{974975A6-EEDA-43E3-83C2-CA1622CAF5ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2ACD4B4-F625-44FE-9A75-B1F89622889D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C3171BF6-190A-4177-B8E1-6843004E8595}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC946883-0105-47A7-BB7C-6E427C4486B3}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{CE272F4E-CAD8-4D97-969D-9CB0EAF3408E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB613E9D-D9BC-4BD2-8437-D7FDD69FCF96}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DCB4D1F7-D96D-4583-A56F-F3CC373F8308}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0F3D748-D141-4EED-B457-D32301B29D6F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2E58382-35A6-42E5-9A02-4E5C28C10275}" = protocol=58 | dir=out | [email protected],-28546 |
"{F5DD1434-2066-4240-B486-6C028EB8E3F8}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{2BFD9764-C0EE-49B0-82CD-76F212EE19EE}C:\users\-luke-\desktop\tinyumbrella-6.00.00.exe" = protocol=6 | dir=in | app=c:\users\-luke-\desktop\tinyumbrella-6.00.00.exe |
"TCP Query User{5576881E-9895-4534-A176-3D14F2E21831}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"TCP Query User{57020106-5EEA-4F8B-A2F3-67E004E4F9F8}C:\users\-luke-\desktop\jailbreak stuff\shsh stuff\tinyumbrella-6.00.00.exe" = protocol=6 | dir=in | app=c:\users\-luke-\desktop\jailbreak stuff\shsh stuff\tinyumbrella-6.00.00.exe |
"TCP Query User{704F7280-860B-4787-A805-1053992BC654}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4AE80DF3-B4E3-4B4E-8D36-1ED150E5AF24}C:\users\-luke-\desktop\jailbreak stuff\shsh stuff\tinyumbrella-6.00.00.exe" = protocol=17 | dir=in | app=c:\users\-luke-\desktop\jailbreak stuff\shsh stuff\tinyumbrella-6.00.00.exe |
"UDP Query User{5E519C1C-32FF-48A2-B881-0766C71C3141}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"UDP Query User{A9272721-AF1A-400B-81D8-0C906460B614}C:\users\-luke-\desktop\tinyumbrella-6.00.00.exe" = protocol=17 | dir=in | app=c:\users\-luke-\desktop\tinyumbrella-6.00.00.exe |
"UDP Query User{B9F2C0AF-D7F9-40E1-9A1F-43B701A0E224}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{74F28F11-404B-4CEA-92FF-37BF476F239E}" = VirtualDJ PRO Full
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7FE2549F-361D-4F9F-BB3E-75D08EFEB313}" = Microsoft Windows Media Center SDK 5.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Premium
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.170.25.19_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"HDMI" = Intel® Graphics Media Accelerator Driver
"iFunbox_is1" = iFunbox (v1.99.958.697), iFunbox DevTeam
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Basic)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Revo Uninstaller" = Revo Uninstaller 1.93
"uTorrent" = µTorrent
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.1.8
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TidyNetwork.com" = TidyNetwork.com

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2013 08:47:39 | Computer Name = owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2013 11:38:45 | Computer Name = owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2013 13:50:25 | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 11.0.4.4 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 4374 Start Time: 01ce8bbab4af9536 Termination Time: 12

Error - 28/07/2013 14:35:25 | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 11.0.4.4 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 4f08 Start Time: 01ce8bbf6dfeff71 Termination Time: 646

Error - 28/07/2013 15:20:15 | Computer Name = owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2013 08:58:03 | Computer Name = owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2013 09:14:35 | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16490 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 64c Start Time: 01ce8c5bd0d86c4f Termination Time: 5240

Error - 29/07/2013 09:35:00 | Computer Name = owner-PC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 11.0.4.4 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b8c Start Time: 01ce8c5ffac0fa47 Termination Time: 12

Error - 29/07/2013 09:50:08 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/07/2013 09:56:48 | Computer Name = owner-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 29/07/2013 10:04:32 | Computer Name = owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 28/07/2013 11:55:15 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 28/07/2013 11:55:15 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 28/07/2013 11:55:15 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 28/07/2013 15:19:30 | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:09:36 on 28/07/2013 was unexpected.

Error - 28/07/2013 15:20:16 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/07/2013 17:24:54 | Computer Name = owner-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 29/07/2013 08:56:32 | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:10:49 on 29/07/2013 was unexpected.

Error - 29/07/2013 08:58:04 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/07/2013 09:46:45 | Computer Name = owner-PC | Source = DCOM | ID = 10010
Description =

Error - 29/07/2013 10:04:33 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That cleared a lot of rubbish :)

On completion of this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.

:Reg
[HKEY_USERS\S-1-5-21-114143902-2153543805-3046081360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TidyNetwork.com"=-

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
haha i thaught there looked like alot of info in them results my laptop must have been nursting with junk..
the laptop on 1st use feels alot smother and the net also feels alot better due to not reciving all the pop ups im acctually able to do what i plan to do haha. can you advise on a free antivirus software and also are there any programmes i can use to stop my laptop from clutering up again.

thanks again..

results from quick scan.

OTL logfile created on: 29/07/2013 23:06:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\-LUKE-\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.68 Mb Total Physical Memory | 392.16 Mb Available Physical Memory | 38.69% Memory free
2.24 Gb Paging File | 1.18 Gb Available in Paging File | 52.87% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.76 Gb Total Space | 17.87 Gb Free Space | 27.59% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: -LUKE- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/29 14:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
PRC - [2013/06/25 17:08:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013/06/25 16:06:29 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/29 09:51:12 | 002,686,536 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2011/10/26 11:34:40 | 000,017,408 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/09 23:13:46 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/09 23:13:40 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/29 15:06:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/05/09 23:13:28 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2006/01/22 13:44:52 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2013/06/25 17:08:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/26 11:34:40 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2008/05/09 23:13:46 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FC00D3A-2410-4532-9281-F46144F1A6E7}\MpKslf3a0fd6d.sys -- (MpKslf3a0fd6d)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\easytthr.sys -- (easytether)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/27 16:43:44 | 000,252,752 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2011/12/27 16:43:44 | 000,191,824 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2011/12/27 16:43:42 | 000,219,984 | ---- | M] (© Guillemot R&D, 2011. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2011/04/02 20:05:23 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/04/02 20:05:22 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 CC B4 EB B9 3D CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found



O1 HOSTS File: ([2013/07/29 22:53:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{295F6EFF-BE23-4205-B8DE-D01070F32E3A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703CEA9D-BB09-4D3E-A52B-E5152C87564B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/29 22:52:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/29 14:54:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/29 14:41:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
[2013/07/29 03:02:49 | 000,000,000 | ---D | C] -- C:\77f0f188c1f737402ffd763bff475d55
[2013/07/28 13:58:10 | 000,000,000 | ---D | C] -- C:\6aa7e9704684e1efc0d15b
[2013/07/28 13:56:31 | 000,000,000 | ---D | C] -- C:\b774e0aaf0abec8f3ee82ac47d430952
[2013/07/02 22:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/02 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/02 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/02 22:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/07/29 23:07:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/29 23:00:46 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 23:00:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 23:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/29 22:58:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/29 22:53:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/07/29 22:44:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-114143902-2153543805-3046081360-1000UA.job
[2013/07/29 15:05:09 | 003,633,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/29 14:55:43 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 14:55:43 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/29 14:45:47 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 14:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
[2013/07/29 14:41:09 | 000,666,633 | ---- | M] () -- C:\Users\-LUKE-\Desktop\adwcleaner.exe
[2013/07/28 23:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-114143902-2153543805-3046081360-1000Core.job
[2013/07/02 22:22:20 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/30 20:01:08 | 000,000,943 | ---- | M] () -- C:\Users\-LUKE-\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/07/29 14:44:35 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 14:40:12 | 000,666,633 | ---- | C] () -- C:\Users\-LUKE-\Desktop\adwcleaner.exe
[2013/07/02 22:22:20 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/30 20:01:08 | 000,000,943 | ---- | C] () -- C:\Users\-LUKE-\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/15 04:06:41 | 000,003,584 | ---- | C] () -- C:\Users\-LUKE-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 21:19:40 | 000,005,648 | ---- | C] () -- C:\Users\-LUKE-\AppData\Local\d3d9caps.dat
[2012/05/14 20:10:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012/05/14 20:10:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/17 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Camfrog
[2013/01/07 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\iFunbox_UserCache
[2012/09/05 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\PowerISO
[2012/07/01 02:35:46 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Radialpoint
[2013/07/28 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\redsn0w
[2013/06/26 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\SynthMaker
[2013/07/11 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\uTorrent
[2012/07/01 02:32:55 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Virgin Media

========== Purity Check ==========



< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You appear to be using Microsoft security essentials, do you wish to replace that ?

A final scan for any that have been missed, I will give some advice after this :)

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#8
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi again Essexboy sorry for a late reply been abit busy with work, just about to follow your guide with malwarebytes.. also while i have been using the net since the previous test my net seems to be laggy and also i get a web page is unresponsive message quite oftern..

ill post the result from malwarebytes soon as the test is compleate.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We may need to reset the network, we will look at that after MBAM has run :)
  • 0

#10
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.31.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
-LUKE- :: OWNER-PC [administrator]

Protection: Enabled

31/07/2013 15:03:11
mbam-log-2013-07-31 (15-03-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240933
Time elapsed: 25 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\-LUKE-\Local Settings\Application Data\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\AppData\Local\TidyNetwork.com (PUP.TidyNetwork) -> Quarantined and deleted successfully.

Files Detected: 10
C:\Users\-LUKE-\Local Settings\Application Data\TidyNetwork.com\sidTRUK01.tidy (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUK01.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\AppData\Local\TidyNetwork.com\sidTRUK01.tidy (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\AppData\Local\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\AppData\Local\TidyNetwork.com\tidy2networkTRUK01.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\AppData\Local\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> Quarantined and deleted successfully.
C:\Users\-LUKE-\AppData\Local\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that got rid of the rest of tidynetwork on completion of this run can you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
netsh advfirewall reset /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#12
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi essex since doing the above my laptop has now stuck on a boot screen saying "windows failed to start" info: windows failed to load because the system registry file is missing, or corrupt. File: \windows\system32\config\system..
I cannot get past this screen im posting from my mobile.
  • 0

#13
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
a reeboot has got past this problem sorry.

Edited by Luke-Marsey89, 31 July 2013 - 10:31 AM.

  • 0

#14
Luke-Marsey89

Luke-Marsey89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
quick scan results:

OTL logfile created on: 31/07/2013 17:30:26 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\-LUKE-\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.68 Mb Total Physical Memory | 215.63 Mb Available Physical Memory | 21.27% Memory free
2.23 Gb Paging File | 1.07 Gb Available in Paging File | 48.10% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.76 Gb Total Space | 16.38 Gb Free Space | 25.30% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: -LUKE- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/29 14:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
PRC - [2013/06/25 16:06:29 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/29 09:51:12 | 002,686,536 | ---- | M] (Hercules®) -- C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
PRC - [2011/10/26 11:34:40 | 000,017,408 | ---- | M] () -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/09 23:13:46 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/09 23:13:40 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/29 15:06:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/05/09 23:13:28 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2006/01/22 13:44:52 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2013/06/25 17:08:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/26 11:34:40 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2008/05/09 23:13:46 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\easytthr.sys -- (easytether)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/27 16:43:44 | 000,252,752 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2011/12/27 16:43:44 | 000,191,824 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2011/12/27 16:43:42 | 000,219,984 | ---- | M] (© Guillemot R&D, 2011. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2011/04/02 20:05:23 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/04/02 20:05:22 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 CC B4 EB B9 3D CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found



O1 HOSTS File: ([2013/07/31 16:59:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{295F6EFF-BE23-4205-B8DE-D01070F32E3A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703CEA9D-BB09-4D3E-A52B-E5152C87564B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\-LUKE-\AppData\Roaming\Malwarebytes
[2013/07/31 14:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/31 14:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/31 14:58:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/31 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/29 22:52:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/29 14:54:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/29 14:41:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
[2013/07/29 03:02:49 | 000,000,000 | ---D | C] -- C:\77f0f188c1f737402ffd763bff475d55
[2013/07/28 13:58:10 | 000,000,000 | ---D | C] -- C:\6aa7e9704684e1efc0d15b
[2013/07/28 13:56:31 | 000,000,000 | ---D | C] -- C:\b774e0aaf0abec8f3ee82ac47d430952
[2013/07/02 22:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/02 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/02 22:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/02 22:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/07/31 17:19:30 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 17:19:30 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 17:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/31 17:01:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/31 16:59:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/07/31 16:45:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-114143902-2153543805-3046081360-1000UA.job
[2013/07/31 16:07:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/31 14:58:35 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 23:45:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-114143902-2153543805-3046081360-1000Core.job
[2013/07/29 15:05:09 | 003,633,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/29 14:55:43 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 14:55:43 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/29 14:45:47 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 14:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\-LUKE-\Desktop\OTL.exe
[2013/07/29 14:41:09 | 000,666,633 | ---- | M] () -- C:\Users\-LUKE-\Desktop\adwcleaner.exe
[2013/07/02 22:22:20 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/07/31 14:58:35 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 14:44:35 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/29 14:40:12 | 000,666,633 | ---- | C] () -- C:\Users\-LUKE-\Desktop\adwcleaner.exe
[2013/07/02 22:22:20 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/15 04:06:41 | 000,003,584 | ---- | C] () -- C:\Users\-LUKE-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 21:19:40 | 000,005,648 | ---- | C] () -- C:\Users\-LUKE-\AppData\Local\d3d9caps.dat
[2012/05/14 20:10:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012/05/14 20:10:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/17 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Camfrog
[2013/01/07 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\iFunbox_UserCache
[2012/09/05 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\PowerISO
[2012/07/01 02:35:46 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Radialpoint
[2013/07/28 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\redsn0w
[2013/06/26 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\SynthMaker
[2013/07/11 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\uTorrent
[2012/07/01 02:32:55 | 000,000,000 | ---D | M] -- C:\Users\-LUKE-\AppData\Roaming\Virgin Media

========== Purity Check ==========



< End of report >

Edited by Luke-Marsey89, 31 July 2013 - 10:43 AM.

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the internet behaving now ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP