Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cg.exe stopped woring error [Solved]


  • This topic is locked This topic is locked

#1
GroovyGran

GroovyGran

    Member

  • Member
  • PipPip
  • 47 posts
Hi, recently when doing a search, usually on google. I would google a search eg. Beef recipes. I will get a list of sites containing the recipes. But when I click to go to a site, I am taken to other sites. Find.com is one of them.
I have run Malwarebytes (free version) CCleaner (free version) and Tune Up Utilities (Bought)
each time malwarebytes has found lots of PUP files and got rid of them, but the last time I ran malwarebytes and then CCleaner, I have been getting the cg.exe message?

cg.exe stopped working and was closed
a problem caused this application to stop working correctly, Windows will notify you if a solution is available

I have looked up the cg.exe file and it says it is some kind of ad site by DelFin, not sure if I am right?

I am running Windows Vista on a laptop
I hope you can help please

PS - I'm not very technical minded at 65 years old so I don't know what will show up in the log, but thought it worth mentioning that until a few days ago my pc kept turning itself off and was driving me nuts, especially if I was downloading. But I realised it was getting too hot, so I put some little blocks under it to let the air circulate. It's not happened since (I am only mentioning this if it shows up in the log!)

regards Linda

Here is the log

OTL Extras logfile created on: 28/02/2014 21:48:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 27.93% Memory free
2.24 Gb Paging File | 1.13 Gb Available in Paging File | 50.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 9.38 Gb Free Space | 13.25% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS

Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OtsPlay.exe" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2240448931-1470480704-4230414400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\FlashGet Network\Flashget\FlashGet.exe" = C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"C:\FlashGet Network\Flashget\LiveUpdate.exe" = C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe" = C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19EC62FE-29C6-448C-82BA-9AD05C20E472}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DBED632-F457-4EAA-B6E6-D4FE72840E3D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F2AF431-BDCD-467F-BAE5-5FC9249D4C0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4AB93408-039E-4F98-9DFC-B95CBAB32320}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E79A8CC-93AD-4A36-A46B-B60B8E77DD1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58959523-A892-45D0-8694-D83B5F02654D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5975C3F6-8667-4BF3-B289-7CA31336E311}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6200BD29-3BCF-44C3-96D2-F2029C29C872}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C0EF3E4-F97C-447B-A3D9-7491983E147E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7963D6E1-8986-414D-B402-38ABF51E2555}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82AD63ED-F8AE-4ED3-8CAE-22D5729CDA1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8534583F-3CF8-4712-9617-D83E6D4D4FBA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8843C7FC-1012-4F7A-A22A-8ED4522C103C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5DF7895-510B-4E75-AD12-9890FB6C913D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B89DB9-8802-49CE-8854-D93D09CB9906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B498ED18-4209-4B08-8F12-1A5F1FEA9CE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B89033F6-41DE-45C6-8E86-DA41728B13FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB66FE70-72AC-44F1-ACF9-D36E940A1B84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D362164F-4B74-4441-B547-2AC34504AAA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D831B075-FA35-4316-A912-AAE66AAC7C02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE71D6F5-7721-4284-841A-7C8640F6E8C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBCA99D2-C715-429A-8EF1-3313D1D58032}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007BEFFB-888A-4301-A22E-84F7EBC8A9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0576F734-C46C-4A10-8CFB-197650D6C63E}" = protocol=6 | dir=out | app=system |
"{215AD7E4-0C72-4B48-B18C-6CC90AF35A54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2420B3C4-0914-4A8E-95ED-EC71B2BBBB00}" = protocol=17 | dir=in | app=c:\program files\coingeek\cg.exe |
"{2578DBF2-80EA-4FAE-B499-2435BA3132E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{293C9887-15D0-42CB-9519-C273FD4BC647}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{29BD8509-2A52-4A3C-B6EB-32BFA1469087}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{32ABA795-0646-433A-AC99-B56DF2BEA246}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{39ECF3AC-12CF-49F7-90CC-AB15E8FA39BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AA9E4E4-66EE-4F50-8E5A-D9C54C02DD08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F12BEE2-A261-4991-A2C5-4602FB0D8DBE}" = protocol=17 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{4640CD59-80C8-4BFD-83A7-37058F4F7C89}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{4C17EF64-0E27-4D97-9B27-9EEC9B60FAB8}" = protocol=6 | dir=in | app=c:\program files\coingeek\cg.exe |
"{54582F54-D0B9-4A38-9D71-F678835B5315}" = protocol=6 | dir=out | app=system |
"{60E5A5D2-438C-4CCB-9FB8-45D1BC83108F}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{684C313E-E0A3-44D6-9A3E-DF9D70E2C3BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{779820A0-8CEE-4C6B-B190-1974A0110F98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{826A030A-A73D-4772-9C5C-E6B1510415F8}" = protocol=6 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{88BA7C42-5FDD-414B-B5D7-FD8B2E2743F6}" = protocol=6 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{9970B7BB-4D40-4E8B-A8A2-A748699C34EF}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{9D4503CB-C1B5-4878-AF35-5392A2F337C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DD875FE-78F0-4301-A80C-729BFF3F3125}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{9F020BB9-B913-4738-A706-AD0C707049FD}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A42FC4AB-BF0B-40EF-B3FF-A7C3793E4E4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A4E02A17-2751-4C54-B233-258D788E7675}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B537F915-73C6-44D2-8DDA-0E895E6BF0D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA923F8A-65E9-490D-8401-E64F0459A0B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCFC43F5-A382-4D61-B2B8-A2BD83533172}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA39F73-2C62-4518-91CC-18DD3A2D494B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2E1C2CD-719A-4482-98F8-682413E8D4E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C97A6417-4793-4BF1-8EB5-F784645A0CAB}" = protocol=17 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{D1AA1BC4-5477-44EA-A194-D63B4DDF7C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D889881C-2F8A-46CD-89FF-820D08F25743}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{E074ABA5-42F8-45D3-9C77-9E3FC9675C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7FD9DD1-D031-4A00-BFD2-44BB3CD893AB}" = protocol=17 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{EEEE4EBE-2958-4A30-9541-FA194EE0D90E}" = protocol=6 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{F180E196-93D4-4053-9B7C-D11BC3584072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F2DECD43-E2A9-4418-A008-8BBAFFBF3987}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD866F7D-8724-4DD4-A125-7147B58912E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF39F4D-29EA-43F6-BF75-4646ED93C4C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4411C71C-45CF-491B-872B-E1FB38292DD0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{960DB8E5-0095-4D8F-87DE-0D68C79EFC79}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{8E89DD44-2C96-497E-82FF-6F6E6896485C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{A191242F-B557-4D69-A8B9-84846DED1E2C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24ECABA9-D5E2-4AD5-8801-2C70CF025EAE}" = Mp3/Tag Studio 3.5 (beta 22)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F413B69D-4AD6-42ab-AEA5-0548989FAD50}" = Norton 360
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.802
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lightspark" = Lightspark 0.5.3-git
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MiPony" = MiPony 2.1.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OtsAV DJ" = OtsAV DJ 1.90.000
"OtsAV Pro" = OtsAV Pro 1.77.001
"PFConfig" = PFConfig 1.0.296
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TriKaraoke" = TriKaraoke Free Player 1.03 and Manager 1.1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.8.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = Torrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2014 18:06:16 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x6afc, application start time
0x01cf34d14d273134.

Error - 28/02/2014 18:06:29 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7214, application start time
0x01cf34d154743dc4.

Error - 28/02/2014 18:06:45 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7418, application start time
0x01cf34d15e23f274.

Error - 28/02/2014 18:06:56 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x734c, application start time
0x01cf34d164f4a314.

Error - 28/02/2014 18:07:13 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7528, application start time
0x01cf34d16f000c54.

Error - 28/02/2014 18:07:23 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7570, application start time
0x01cf34d174f5c644.

Error - 28/02/2014 18:07:32 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x73bc, application start time
0x01cf34d17a5d9814.

Error - 28/02/2014 18:07:48 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7620, application start time
0x01cf34d1842f53b4.

Error - 28/02/2014 18:07:57 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7518, application start time
0x01cf34d18994db94.

Error - 28/02/2014 18:08:03 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x711c, application start time
0x01cf34d18d22e454.

[ Media Center Events ]
Error - 17/04/2008 03:37:29 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 27/05/2008 18:30:07 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 28/02/2014 11:16:58 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:17:43 | Computer Name = AcerLaptop | Source = DCOM | ID = 10005
Description =

Error - 28/02/2014 11:17:43 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 14:19:14 | Computer Name = AcerLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

[ TuneUp Events ]
Error - 16/09/2013 14:14:50 | Computer Name = AcerLaptop | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :)

Regarding programs like TuneUp Utilities, I recommend you uninstall it. We really don't recommend those programs here, as they all claim to be able to clean the registry. Most of those programs end up messing up the registry to the point that the machine is unbootable. CCleaner is pretty good, but when using it, make sure that you uncheck all of the items under the Registry section.


There should be another log called OTL.txt that will be located in the same location you ran OTL from. In this case it will be here: C:\Users\Phil\Desktop Please post that log in your next reply.

Things I need to see in your next post:

OTL Log

  • 0

#3
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, here is the OTL Log you asked for. Sorry for the late reply, we were out all yesterday visiting a very poorly relative.

OTL Extras logfile created on: 28/02/2014 21:48:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 27.93% Memory free
2.24 Gb Paging File | 1.13 Gb Available in Paging File | 50.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 9.38 Gb Free Space | 13.25% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS

Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OtsPlay.exe" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2240448931-1470480704-4230414400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\FlashGet Network\Flashget\FlashGet.exe" = C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"C:\FlashGet Network\Flashget\LiveUpdate.exe" = C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe" = C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19EC62FE-29C6-448C-82BA-9AD05C20E472}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DBED632-F457-4EAA-B6E6-D4FE72840E3D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F2AF431-BDCD-467F-BAE5-5FC9249D4C0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4AB93408-039E-4F98-9DFC-B95CBAB32320}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E79A8CC-93AD-4A36-A46B-B60B8E77DD1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58959523-A892-45D0-8694-D83B5F02654D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5975C3F6-8667-4BF3-B289-7CA31336E311}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6200BD29-3BCF-44C3-96D2-F2029C29C872}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C0EF3E4-F97C-447B-A3D9-7491983E147E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7963D6E1-8986-414D-B402-38ABF51E2555}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82AD63ED-F8AE-4ED3-8CAE-22D5729CDA1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8534583F-3CF8-4712-9617-D83E6D4D4FBA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8843C7FC-1012-4F7A-A22A-8ED4522C103C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5DF7895-510B-4E75-AD12-9890FB6C913D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B89DB9-8802-49CE-8854-D93D09CB9906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B498ED18-4209-4B08-8F12-1A5F1FEA9CE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B89033F6-41DE-45C6-8E86-DA41728B13FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB66FE70-72AC-44F1-ACF9-D36E940A1B84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D362164F-4B74-4441-B547-2AC34504AAA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D831B075-FA35-4316-A912-AAE66AAC7C02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE71D6F5-7721-4284-841A-7C8640F6E8C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBCA99D2-C715-429A-8EF1-3313D1D58032}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007BEFFB-888A-4301-A22E-84F7EBC8A9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0576F734-C46C-4A10-8CFB-197650D6C63E}" = protocol=6 | dir=out | app=system |
"{215AD7E4-0C72-4B48-B18C-6CC90AF35A54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2420B3C4-0914-4A8E-95ED-EC71B2BBBB00}" = protocol=17 | dir=in | app=c:\program files\coingeek\cg.exe |
"{2578DBF2-80EA-4FAE-B499-2435BA3132E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{293C9887-15D0-42CB-9519-C273FD4BC647}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{29BD8509-2A52-4A3C-B6EB-32BFA1469087}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{32ABA795-0646-433A-AC99-B56DF2BEA246}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{39ECF3AC-12CF-49F7-90CC-AB15E8FA39BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AA9E4E4-66EE-4F50-8E5A-D9C54C02DD08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F12BEE2-A261-4991-A2C5-4602FB0D8DBE}" = protocol=17 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{4640CD59-80C8-4BFD-83A7-37058F4F7C89}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{4C17EF64-0E27-4D97-9B27-9EEC9B60FAB8}" = protocol=6 | dir=in | app=c:\program files\coingeek\cg.exe |
"{54582F54-D0B9-4A38-9D71-F678835B5315}" = protocol=6 | dir=out | app=system |
"{60E5A5D2-438C-4CCB-9FB8-45D1BC83108F}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{684C313E-E0A3-44D6-9A3E-DF9D70E2C3BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{779820A0-8CEE-4C6B-B190-1974A0110F98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{826A030A-A73D-4772-9C5C-E6B1510415F8}" = protocol=6 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{88BA7C42-5FDD-414B-B5D7-FD8B2E2743F6}" = protocol=6 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{9970B7BB-4D40-4E8B-A8A2-A748699C34EF}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{9D4503CB-C1B5-4878-AF35-5392A2F337C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DD875FE-78F0-4301-A80C-729BFF3F3125}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{9F020BB9-B913-4738-A706-AD0C707049FD}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A42FC4AB-BF0B-40EF-B3FF-A7C3793E4E4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A4E02A17-2751-4C54-B233-258D788E7675}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B537F915-73C6-44D2-8DDA-0E895E6BF0D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA923F8A-65E9-490D-8401-E64F0459A0B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCFC43F5-A382-4D61-B2B8-A2BD83533172}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA39F73-2C62-4518-91CC-18DD3A2D494B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2E1C2CD-719A-4482-98F8-682413E8D4E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C97A6417-4793-4BF1-8EB5-F784645A0CAB}" = protocol=17 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{D1AA1BC4-5477-44EA-A194-D63B4DDF7C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D889881C-2F8A-46CD-89FF-820D08F25743}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{E074ABA5-42F8-45D3-9C77-9E3FC9675C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7FD9DD1-D031-4A00-BFD2-44BB3CD893AB}" = protocol=17 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{EEEE4EBE-2958-4A30-9541-FA194EE0D90E}" = protocol=6 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{F180E196-93D4-4053-9B7C-D11BC3584072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F2DECD43-E2A9-4418-A008-8BBAFFBF3987}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD866F7D-8724-4DD4-A125-7147B58912E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF39F4D-29EA-43F6-BF75-4646ED93C4C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4411C71C-45CF-491B-872B-E1FB38292DD0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{960DB8E5-0095-4D8F-87DE-0D68C79EFC79}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{8E89DD44-2C96-497E-82FF-6F6E6896485C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{A191242F-B557-4D69-A8B9-84846DED1E2C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24ECABA9-D5E2-4AD5-8801-2C70CF025EAE}" = Mp3/Tag Studio 3.5 (beta 22)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F413B69D-4AD6-42ab-AEA5-0548989FAD50}" = Norton 360
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.802
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lightspark" = Lightspark 0.5.3-git
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MiPony" = MiPony 2.1.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OtsAV DJ" = OtsAV DJ 1.90.000
"OtsAV Pro" = OtsAV Pro 1.77.001
"PFConfig" = PFConfig 1.0.296
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TriKaraoke" = TriKaraoke Free Player 1.03 and Manager 1.1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.8.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2014 18:06:16 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x6afc, application start time
0x01cf34d14d273134.

Error - 28/02/2014 18:06:29 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7214, application start time
0x01cf34d154743dc4.

Error - 28/02/2014 18:06:45 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7418, application start time
0x01cf34d15e23f274.

Error - 28/02/2014 18:06:56 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x734c, application start time
0x01cf34d164f4a314.

Error - 28/02/2014 18:07:13 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7528, application start time
0x01cf34d16f000c54.

Error - 28/02/2014 18:07:23 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7570, application start time
0x01cf34d174f5c644.

Error - 28/02/2014 18:07:32 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x73bc, application start time
0x01cf34d17a5d9814.

Error - 28/02/2014 18:07:48 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7620, application start time
0x01cf34d1842f53b4.

Error - 28/02/2014 18:07:57 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x7518, application start time
0x01cf34d18994db94.

Error - 28/02/2014 18:08:03 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x711c, application start time
0x01cf34d18d22e454.

[ Media Center Events ]
Error - 17/04/2008 03:37:29 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 27/05/2008 18:30:07 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 28/02/2014 11:16:58 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:17:43 | Computer Name = AcerLaptop | Source = DCOM | ID = 10005
Description =

Error - 28/02/2014 11:17:43 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 14:19:14 | Computer Name = AcerLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

[ TuneUp Events ]
Error - 16/09/2013 14:14:50 | Computer Name = AcerLaptop | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >

Edited by GroovyGran, 03 March 2014 - 07:19 AM.

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :) No worries on the delay, family always come first. :thumbsup:

That log you posted is another copy of the Extras log from the first scan. However, I'd like to get a fresh look at your system. :)

Please follow the instructions below.


  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.

Posted Image

  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate a log, OTL.txt in a Notepad window. This log is saved in the same location as OTL. In this case, on your desktop. If it opens another log called Extras.txt, please post that one as well. :)
  • Please post the log(s) in your next reply.

  • 0

#5
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Scanning Now!
  • 0

#6
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C

surly thats not all? I'm running the scan again

Edited by GroovyGran, 03 March 2014 - 08:28 AM.

  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)


Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C



Then click the Run Scan button. :thumbsup:
  • 0

#8
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OTL logfile created on: 03/03/2014 14:27:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 268.05 Mb Available Physical Memory | 26.45% Memory free
2.24 Gb Paging File | 1.15 Gb Available in Paging File | 51.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 10.55 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS

Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
PRC - [2014/02/14 19:09:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/18 19:39:58 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012/12/01 21:04:36 | 000,157,696 | ---- | M] () -- C:\Program Files\Coingeek\nssm.exe
PRC - [2010/10/27 17:24:42 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/10/27 17:23:16 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 07:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2006/12/01 05:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/09/24 19:05:46 | 000,625,152 | ---- | M] () -- C:\Program Files\Magnus Brading Software\Mp3-Tag Studio 3.5\Mp3tsshx.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/11 06:28:24 | 000,094,208 | ---- | M] () -- C:\Windows\System32\scesrvv.dll
MOD - [2009/04/11 06:28:17 | 000,208,896 | ---- | M] () -- C:\Windows\System32\accessibillitycpl.dll
MOD - [2007/12/11 19:44:20 | 000,077,824 | ---- | M] () -- C:\Windows\System32\dpu100.dll
MOD - [2007/05/18 20:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/04 10:36:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/01 21:04:36 | 000,157,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Coingeek\nssm.exe -- (Coingeek)
SRV - [2010/10/27 17:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/10/16 16:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 15:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 02:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 00:46:52 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 17:33:24 | 000,135,168 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 04:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 22:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 20:57:54 | 000,107,008 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/02/26 00:13:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/07 12:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/11/17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007/10/19 11:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007/09/13 17:14:02 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/01 18:49:22 | 000,040,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbkey.sys -- (usbkey)
DRV - [2007/04/18 16:30:20 | 000,473,728 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 01:42:28 | 001,786,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/25 06:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 06:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 06:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/09/27 07:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...B&cr=1382187686
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2399412
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.the...&cc=GB&unqvl=35
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.swee...D-0016D4AFB13D}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://uk.rd.yahoo.c...://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=401
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...913_m3&tsp=5009
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=en_UK
IE - HKCU\..\SearchScopes\{1C443CF3-5E54-4DFD-BED1-705F455BCC76}: "URL" = http://search.condui...1551478532&UM=1
IE - HKCU\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{69661322-D413-4638-9652-71A6CC63B7A5}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...B&cr=1382187686
IE - HKCU\..\SearchScopes\{D0FCB2C7-D26E-4336-8212-C97848FBE1C9}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.swee...006.10050&st=23
IE - HKCU\..\SearchScopes\{F9D92CBA-E2C9-42D7-9B43-1419241F8F80}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/21 09:55:10 | 000,000,000 | ---D | M]

[2013/05/21 18:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2013/05/21 20:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/05/01 07:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/09/18 16:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/27 08:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2013/06/30 08:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {12DB2EA6-0BB3-01EB-26E9-41BB5AF16DF1} - C:\Windows\System32\scesrvv.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{439D2219-93AD-495A-AD91-5D24CD231645}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB53BFB9-F153-4DF6-97CB-34571712C65B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell - "" = AutoRun
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d87e84bb-0880-11dd-a5a5-0016d4afb13d}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Malware Programs
[2014/03/03 12:49:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Phil\Desktop\TDSSKiller.exe
[2014/03/03 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\GooredFix Backups
[2014/03/03 12:33:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/03/03 12:29:35 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTM.exe
[2014/03/03 12:25:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/03/03 12:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/03 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/01 14:05:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Phil\Desktop\GooredFix.exe
[2014/03/01 13:51:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Phil\Desktop\erunt-setup.exe
[2014/03/01 13:39:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Phil\Desktop\HiJackThis.exe
[2014/03/01 13:34:55 | 018,122,912 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Phil\Desktop\SUPERAntiSpyware.exe
[2014/03/01 13:26:06 | 003,420,288 | ---- | C] (CompuClever Systems Inc.) -- C:\Users\Phil\Desktop\pctuneupmaestro_setup.exe
[2014/02/28 21:46:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/26 03:21:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 23:40:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/23 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/23 09:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/23 09:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/22 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[2014/02/22 23:05:01 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2014/02/21 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2014/02/21 20:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Coingeek
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/03 14:31:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/03 14:16:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/03 12:55:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 12:55:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 12:55:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 12:54:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/03 12:29:37 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTM.exe
[2014/03/03 12:25:26 | 000,000,917 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/03/03 12:25:08 | 000,000,737 | ---- | M] () -- C:\Users\Phil\Desktop\NTREGOPT.lnk
[2014/03/03 12:25:08 | 000,000,718 | ---- | M] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2014/03/01 14:05:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Phil\Desktop\GooredFix.exe
[2014/03/01 13:51:40 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Phil\Desktop\erunt-setup.exe
[2014/03/01 13:39:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Phil\Desktop\HiJackThis.exe
[2014/03/01 13:34:55 | 018,122,912 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Phil\Desktop\SUPERAntiSpyware.exe
[2014/03/01 13:26:07 | 003,420,288 | ---- | M] (CompuClever Systems Inc.) -- C:\Users\Phil\Desktop\pctuneupmaestro_setup.exe
[2014/03/01 13:10:25 | 001,714,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/27 03:03:59 | 000,634,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/27 03:03:59 | 000,120,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/26 00:13:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/24 23:17:33 | 001,649,778 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\ccn.exe
[2014/02/24 23:17:18 | 000,002,613 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Word 2010.lnk
[2014/02/23 13:25:15 | 001,375,744 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS.pub
[2014/02/21 20:52:36 | 000,000,000 | ---- | M] () -- C:\END
[2014/02/21 16:31:31 | 037,331,907 | -HS- | M] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/21 16:31:28 | 000,674,312 | -HS- | M] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/21 16:31:26 | 000,000,058 | -HS- | M] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/21 14:32:12 | 000,002,571 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Excel 2010.lnk
[2014/02/20 20:40:11 | 000,294,912 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/02/20 11:32:39 | 000,000,709 | ---- | M] () -- C:\Users\Phil\Desktop\Zip Contents Renamer - Shortcut.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 12:25:26 | 000,000,917 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/03/03 12:25:08 | 000,000,737 | ---- | C] () -- C:\Users\Phil\Desktop\NTREGOPT.lnk
[2014/03/03 12:25:08 | 000,000,718 | ---- | C] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2014/02/24 23:16:29 | 000,000,058 | -HS- | C] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/24 23:16:27 | 037,331,907 | -HS- | C] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/24 23:16:23 | 000,674,312 | -HS- | C] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/24 23:14:22 | 001,649,778 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\ccn.exe
[2014/02/21 20:52:36 | 000,000,000 | ---- | C] () -- C:\END
[2014/02/20 20:35:05 | 000,294,912 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/02/20 16:34:30 | 001,375,744 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS.pub
[2014/01/06 21:36:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/01/06 18:00:04 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2013/10/29 21:02:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/18 07:53:04 | 000,625,152 | ---- | C] () -- C:\Windows\System32\mp3tsshx.dll
[2013/06/12 12:10:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/05/21 15:47:48 | 000,171,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/08/11 19:29:27 | 000,384,844 | ---- | C] () -- C:\Users\Phil\AppData\Local\funmoods-speeddial.crx
[2011/07/17 11:18:39 | 000,001,940 | ---- | C] () -- C:\Users\Phil\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/17 15:31:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008/02/15 19:18:06 | 000,690,513 | ---- | C] () -- C:\Users\Phil\fgh.pmcl
[2008/01/12 14:22:56 | 000,338,032 | ---- | C] () -- C:\Users\Phil\jan 08.pmcl
[2007/10/01 21:19:52 | 000,026,340 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\UserTile.png
[2007/09/29 13:14:48 | 000,002,032 | ---- | C] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
[2007/09/02 18:24:43 | 000,081,408 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/23 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2013/09/11 07:39:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\2monkeys
[2013/09/23 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AlawarEntertainment
[2013/09/20 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Amulet_of_time
[2013/12/10 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Any File To Audio Converter
[2013/06/09 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Artifex Mundi
[2014/01/06 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\BITS
[2013/09/24 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Boomzap
[2013/08/26 19:41:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\calibre
[2014/02/26 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DC++
[2013/12/29 13:18:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Dropbox
[2007/12/21 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DxO Labs
[2013/08/13 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Elephant Games
[2013/07/26 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS G-Studio
[2013/06/27 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS Game Studios
[2014/01/06 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashGetBHO
[2014/01/06 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashgetSetup
[2013/06/30 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\flashInstall
[2013/06/24 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Floodlight Games
[2014/01/12 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Funmoods
[2013/06/08 21:22:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GameInvest
[2013/06/02 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GigantGames
[2013/06/29 21:04:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GoldenBough Games
[2009/12/17 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Imagenomic
[2013/08/05 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Karaoke Builder
[2013/06/06 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MagicIndie
[2013/07/09 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MediaArt
[2014/01/09 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mipony
[2013/09/17 13:24:35 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MumboJumbo
[2013/09/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Natural Threat.Ominous Shores
[2007/12/21 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PACE Anti-Piracy
[2007/10/01 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PeerNetworking
[2013/05/29 07:25:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\player
[2013/05/23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PlayFirst
[2007/12/08 13:16:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ppstream
[2014/02/23 14:14:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Spare Backup
[2013/08/26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SulusGames
[2013/06/01 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Systweak
[2010/05/10 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Tific
[2008/04/12 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2013/05/29 07:43:57 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TuneUp Software
[2014/02/26 12:43:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
[2013/07/18 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Vast Studios

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/19 13:01:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/19 13:01:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: RPCSS.DLL >
[2009/03/03 04:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/19 07:36:17 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 06:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/03 04:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/03 04:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/03 04:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2006/11/02 09:46:12 | 000,545,792 | ---- | M] (Microsoft Corporation) MD5=B46D8EA6DD30BAA49F674DACDC4C491F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll

< MD5 for: SERVICES >
[2006/09/18 21:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 21:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/12/18 18:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/19 07:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 09:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 06:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 06:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 12:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 12:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/06/12 15:02:07 | 000,001,688 | ---- | M] () MD5=7C51576CAA76454D75589D9F3AB44F67 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/06/12 15:02:07 | 000,001,688 | ---- | M] () MD5=7C51576CAA76454D75589D9F3AB44F67 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 12:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 12:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.TICO >
[2009/09/25 13:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files\TuneUp Utilities 2011\data\services.tico

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is ACER
Volume Serial Number is 0CA0-4AB3
Directory of C:\
02/11/2006 13:02 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:02 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Phil
01/09/2007 15:45 <JUNCTION> Application Data [C:\Users\Phil\AppData\Roaming]
01/09/2007 15:45 <JUNCTION> Cookies [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies]
01/09/2007 15:45 <JUNCTION> Local Settings [C:\Users\Phil\AppData\Local]
01/09/2007 15:45 <JUNCTION> My Documents [C:\Users\Phil\Documents]
01/09/2007 15:45 <JUNCTION> NetHood [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/09/2007 15:45 <JUNCTION> PrintHood [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/09/2007 15:45 <JUNCTION> Recent [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Recent]
01/09/2007 15:45 <JUNCTION> SendTo [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\SendTo]
01/09/2007 15:45 <JUNCTION> Start Menu [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu]
01/09/2007 15:45 <JUNCTION> Templates [C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Phil\AppData\Local
01/09/2007 15:45 <JUNCTION> Application Data [C:\Users\Phil\AppData\Local]
01/09/2007 15:45 <JUNCTION> History [C:\Users\Phil\AppData\Local\Microsoft\Windows\History]
01/09/2007 15:45 <JUNCTION> Temporary Internet Files [C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Phil\Documents
01/09/2007 15:45 <JUNCTION> My Music [C:\Users\Phil\Music]
01/09/2007 15:45 <JUNCTION> My Pictures [C:\Users\Phil\Pictures]
01/09/2007 15:45 <JUNCTION> My Videos [C:\Users\Phil\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
17/12/2009 15:31 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
17/12/2009 15:31 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
17/12/2009 15:31 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
17/12/2009 15:31 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
17/12/2009 15:31 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
17/12/2009 15:31 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
17/12/2009 15:31 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
17/12/2009 15:31 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
17/12/2009 15:31 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
17/12/2009 15:31 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
17/12/2009 15:31 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
17/12/2009 15:31 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
17/12/2009 15:31 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
17/12/2009 15:31 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
17/12/2009 15:31 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
17/12/2009 15:31 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 11,317,452,800 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CE3AADB7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4EE323A4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 03/03/2014 14:27:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 268.05 Mb Available Physical Memory | 26.45% Memory free
2.24 Gb Paging File | 1.15 Gb Available in Paging File | 51.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 10.55 Gb Free Space | 14.90% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS

Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OtsPlay.exe" "%1" /play /surf ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2240448931-1470480704-4230414400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\FlashGet Network\Flashget\FlashGet.exe" = C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"C:\FlashGet Network\Flashget\LiveUpdate.exe" = C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe" = C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19EC62FE-29C6-448C-82BA-9AD05C20E472}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DBED632-F457-4EAA-B6E6-D4FE72840E3D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F2AF431-BDCD-467F-BAE5-5FC9249D4C0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4AB93408-039E-4F98-9DFC-B95CBAB32320}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E79A8CC-93AD-4A36-A46B-B60B8E77DD1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58959523-A892-45D0-8694-D83B5F02654D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5975C3F6-8667-4BF3-B289-7CA31336E311}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6200BD29-3BCF-44C3-96D2-F2029C29C872}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C0EF3E4-F97C-447B-A3D9-7491983E147E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7963D6E1-8986-414D-B402-38ABF51E2555}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82AD63ED-F8AE-4ED3-8CAE-22D5729CDA1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8534583F-3CF8-4712-9617-D83E6D4D4FBA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8843C7FC-1012-4F7A-A22A-8ED4522C103C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5DF7895-510B-4E75-AD12-9890FB6C913D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B89DB9-8802-49CE-8854-D93D09CB9906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B498ED18-4209-4B08-8F12-1A5F1FEA9CE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B89033F6-41DE-45C6-8E86-DA41728B13FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB66FE70-72AC-44F1-ACF9-D36E940A1B84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D362164F-4B74-4441-B547-2AC34504AAA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D831B075-FA35-4316-A912-AAE66AAC7C02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE71D6F5-7721-4284-841A-7C8640F6E8C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBCA99D2-C715-429A-8EF1-3313D1D58032}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007BEFFB-888A-4301-A22E-84F7EBC8A9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0576F734-C46C-4A10-8CFB-197650D6C63E}" = protocol=6 | dir=out | app=system |
"{215AD7E4-0C72-4B48-B18C-6CC90AF35A54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2420B3C4-0914-4A8E-95ED-EC71B2BBBB00}" = protocol=17 | dir=in | app=c:\program files\coingeek\cg.exe |
"{2578DBF2-80EA-4FAE-B499-2435BA3132E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{293C9887-15D0-42CB-9519-C273FD4BC647}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{29BD8509-2A52-4A3C-B6EB-32BFA1469087}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{32ABA795-0646-433A-AC99-B56DF2BEA246}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{39ECF3AC-12CF-49F7-90CC-AB15E8FA39BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AA9E4E4-66EE-4F50-8E5A-D9C54C02DD08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F12BEE2-A261-4991-A2C5-4602FB0D8DBE}" = protocol=17 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{4640CD59-80C8-4BFD-83A7-37058F4F7C89}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{4C17EF64-0E27-4D97-9B27-9EEC9B60FAB8}" = protocol=6 | dir=in | app=c:\program files\coingeek\cg.exe |
"{54582F54-D0B9-4A38-9D71-F678835B5315}" = protocol=6 | dir=out | app=system |
"{60E5A5D2-438C-4CCB-9FB8-45D1BC83108F}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{684C313E-E0A3-44D6-9A3E-DF9D70E2C3BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{779820A0-8CEE-4C6B-B190-1974A0110F98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{826A030A-A73D-4772-9C5C-E6B1510415F8}" = protocol=6 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{88BA7C42-5FDD-414B-B5D7-FD8B2E2743F6}" = protocol=6 | dir=in | app=c:\program files\mp3gain\mp3gaingui.exe |
"{9970B7BB-4D40-4E8B-A8A2-A748699C34EF}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\utorrent\utorrent.exe |
"{9D4503CB-C1B5-4878-AF35-5392A2F337C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DD875FE-78F0-4301-A80C-729BFF3F3125}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{9F020BB9-B913-4738-A706-AD0C707049FD}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A42FC4AB-BF0B-40EF-B3FF-A7C3793E4E4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A4E02A17-2751-4C54-B233-258D788E7675}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B537F915-73C6-44D2-8DDA-0E895E6BF0D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA923F8A-65E9-490D-8401-E64F0459A0B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCFC43F5-A382-4D61-B2B8-A2BD83533172}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA39F73-2C62-4518-91CC-18DD3A2D494B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2E1C2CD-719A-4482-98F8-682413E8D4E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C97A6417-4793-4BF1-8EB5-F784645A0CAB}" = protocol=17 | dir=in | app=c:\program files\ac3filter\ac3config.exe |
"{D1AA1BC4-5477-44EA-A194-D63B4DDF7C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D889881C-2F8A-46CD-89FF-820D08F25743}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{E074ABA5-42F8-45D3-9C77-9E3FC9675C11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7FD9DD1-D031-4A00-BFD2-44BB3CD893AB}" = protocol=17 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{EEEE4EBE-2958-4A30-9541-FA194EE0D90E}" = protocol=6 | dir=in | app=c:\program files\pfconfig\pfconfiglauncher.exe |
"{F180E196-93D4-4053-9B7C-D11BC3584072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F2DECD43-E2A9-4418-A008-8BBAFFBF3987}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD866F7D-8724-4DD4-A125-7147B58912E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF39F4D-29EA-43F6-BF75-4646ED93C4C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4411C71C-45CF-491B-872B-E1FB38292DD0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{960DB8E5-0095-4D8F-87DE-0D68C79EFC79}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{8E89DD44-2C96-497E-82FF-6F6E6896485C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{A191242F-B557-4D69-A8B9-84846DED1E2C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24ECABA9-D5E2-4AD5-8801-2C70CF025EAE}" = Mp3/Tag Studio 3.5 (beta 22)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F413B69D-4AD6-42ab-AEA5-0548989FAD50}" = Norton 360
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.802
"ERUNT_is1" = ERUNT 1.1j
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lightspark" = Lightspark 0.5.3-git
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MiPony" = MiPony 2.1.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OtsAV DJ" = OtsAV DJ 1.90.000
"OtsAV Pro" = OtsAV Pro 1.77.001
"PFConfig" = PFConfig 1.0.296
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TriKaraoke" = TriKaraoke Free Player 1.03 and Manager 1.1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.8.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = Torrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/03/2014 10:45:53 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3b18, application start time
0x01cf36ef46c8d01d.

Error - 03/03/2014 10:45:59 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3b4c, application start time
0x01cf36ef4ab2183d.

Error - 03/03/2014 10:46:05 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3b88, application start time
0x01cf36ef4dfc613d.

Error - 03/03/2014 10:46:11 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3bbc, application start time
0x01cf36ef51a8794d.

Error - 03/03/2014 10:46:23 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3c08, application start time
0x01cf36ef591c47bd.

Error - 03/03/2014 10:46:33 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3c54, application start time
0x01cf36ef5f2f4dad.

Error - 03/03/2014 10:46:39 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3c80, application start time
0x01cf36ef6276b07d.

Error - 03/03/2014 10:46:44 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3cb8, application start time
0x01cf36ef65a92bbd.

Error - 03/03/2014 10:46:52 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3cf4, application start time
0x01cf36ef6a5eeb9d.

Error - 03/03/2014 10:47:05 | Computer Name = AcerLaptop | Source = Application Error | ID = 1000
Description = Faulting application cg.exe, version 0.0.0.0, time stamp 0x51e7f50c,
faulting module libcurl-4.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception
code 0xc0000135, fault offset 0x00009f5d, process id 0x3d3c, application start time
0x01cf36ef71a3459d.

[ Media Center Events ]
Error - 17/04/2008 03:37:29 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 27/05/2008 18:30:07 | Computer Name = AcerLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 28/02/2014 11:17:43 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2014 11:18:13 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 13:27:32 | Computer Name = AcerLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 28/02/2014 14:19:14 | Computer Name = AcerLaptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 03/03/2014 08:36:15 | Computer Name = AcerLaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 840C/841C/842C/843C
with shared resource name HP DeskJet 840C841C842C843C. Error 2114. The printer
cannot be used by others on the network.

Error - 03/03/2014 08:45:33 | Computer Name = AcerLaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer HP DeskJet 840C/841C/842C/843C
with shared resource name HP DeskJet 840C841C842C843C. Error 2114. The printer
cannot be used by others on the network.

[ TuneUp Events ]
Error - 16/09/2013 14:14:50 | Computer Name = AcerLaptop | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, we have some work to do, so let's get started. :)


Step 1: Uninstall a Program


Please uninstall this program from your computer as it comes with adware in it.

MiPony 2.1.1

To uninstall the program, please follow the instructions below.

1.) Open Programs and Features by clicking the Start button, the click Control Panel, then Programs and then Programs and Features.

2.) Select a program, and then click Uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.



Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
SRV - [2012/12/01 21:04:36 | 000,157,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Coingeek\nssm.exe -- (Coingeek)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...B&cr=1382187686
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2399412
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.the...&cc=GB&unqvl=35
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.swee...D-0016D4AFB13D}
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...913_m3&tsp=5009
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=en_UK
IE - HKCU\..\SearchScopes\{1C443CF3-5E54-4DFD-BED1-705F455BCC76}: "URL" = http://search.condui...1551478532&UM=1
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...B&cr=1382187686
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.swee...006.10050&st=23
O2 - BHO: (Groove GFS Browser Helper) - {12DB2EA6-0BB3-01EB-26E9-41BB5AF16DF1} - C:\Windows\System32\scesrvv.dll ()
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
[2012/08/11 19:29:27 | 000,384,844 | ---- | C] () -- C:\Users\Phil\AppData\Local\funmoods-speeddial.crx
[2014/01/12 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Funmoods
[2014/01/09 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mipony
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CE3AADB7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4EE323A4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files
C:\Program Files\Coingeek
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[resethosts]
[emptytemp]




  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove."
    click the Clean button. When finished, it will ask to reboot. Please reboot.

  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 5: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

Question: How is the computer running?

  • 0

#10
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, here is the OTL Fix log
I will send each one as it's done, so I don't get mixed up

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Coingeek stopped successfully!
Service Coingeek deleted successfully!
C:\Program Files\Coingeek\nssm.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C443CF3-5E54-4DFD-BED1-705F455BCC76}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C443CF3-5E54-4DFD-BED1-705F455BCC76}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12DB2EA6-0BB3-01EB-26E9-41BB5AF16DF1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12DB2EA6-0BB3-01EB-26E9-41BB5AF16DF1}\ deleted successfully.
C:\Windows\System32\scesrvv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Mipony\ not found.
File C:\Program Files\MiPony\Browser\IEContext.htm not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\www\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Users\Phil\AppData\Local\funmoods-speeddial.crx moved successfully.
C:\Users\Phil\AppData\Roaming\Funmoods folder moved successfully.
C:\Users\Phil\AppData\Roaming\Mipony folder moved successfully.
ADS C:\ProgramData\TEMP:012BC84F deleted successfully.
ADS C:\ProgramData\TEMP:F610C203 deleted successfully.
ADS C:\ProgramData\TEMP:6EE8565A deleted successfully.
ADS C:\ProgramData\TEMP:C69EAC3C deleted successfully.
ADS C:\ProgramData\TEMP:CE3AADB7 deleted successfully.
ADS C:\ProgramData\TEMP:ED2D63E4 deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:19823AC6 deleted successfully.
ADS C:\ProgramData\TEMP:D47B19A6 deleted successfully.
ADS C:\ProgramData\TEMP:4EE323A4 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Program Files\Coingeek folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Phil\Desktop\cmd.bat deleted successfully.
C:\Users\Phil\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Phil\Desktop\cmd.bat deleted successfully.
C:\Users\Phil\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Phil
->Temp folder emptied: 409707 bytes
->Temporary Internet Files folder emptied: 70412812 bytes
->Java cache emptied: 48016 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 776 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 190376 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15228710 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2865069 bytes

Total Files Cleaned = 85.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03042014_145738

Files\Folders moved on Reboot...
C:\Users\Phil\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XG7M8HE\337523-cgexe-stopped-woring-error[1].htm moved successfully.
File move failed. C:\Windows\System32\OLDE858.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Log from adwcleaner


# AdwCleaner v3.020 - Report created 04/03/2014 at 15:27:16
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Phil - ACERLAPTOP
# Running from : C:\Users\Phil\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\saaveensyhhare
Folder Deleted : C:\ProgramData\saevenshaRe
Folder Deleted : C:\ProgramData\savEEnshaarEo
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Users\Phil\AppData\Local\Conduit
Folder Deleted : C:\Users\Phil\AppData\Local\genienext
Folder Deleted : C:\Users\Phil\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Phil\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Phil\AppData\LocalLow\baidu
Folder Deleted : C:\Users\Phil\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Phil\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Phil\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Phil\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Phil\Documents\Mobogenie
File Deleted : C:\END
File Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\searchplugins\EasyLife.xml
File Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\searchplugins\WebSearch.xml
File Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A11CCF26-FE11-46FE-B993-38745F52DDEC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A11CCF26-FE11-46FE-B993-38745F52DDEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\5b558fd9b06dbe42
Key Deleted : HKLM\SOFTWARE\5b558fd9b06dbe42
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SoftwareUpdater
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v

[ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.the-searcheng.info/?pid=924&r=2013/09/11&hid=4259934524860750519&lg=EN&cc=GB&unqvl=35&l=1&q=");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

*************************

AdwCleaner[R0].txt - [8571 octets] - [04/03/2014 15:25:44]
AdwCleaner[S0].txt - [8788 octets] - [04/03/2014 15:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8848 octets] ##########
  • 0

#12
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Junkware Removal Log


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Phil on 04/03/2014 at 15:36:55.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2240448931-1470480704-4230414400-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}



~~~ Files

Successfully deleted: [File] "C:\Users\Phil\appdata\locallow\SkwConfig.bin"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2014 at 15:40:01.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OTL Quick Scan Log


OTL logfile created on: 04/03/2014 15:49:55 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 239.57 Mb Available Physical Memory | 23.64% Memory free
2.24 Gb Paging File | 1.36 Gb Available in Paging File | 60.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 11.37 Gb Free Space | 16.06% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.24 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 91.90 Gb Free Space | 9.87% Space Free | Partition Type: NTFS

Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/04 15:04:57 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
PRC - [2014/02/14 19:09:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/01 05:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/05/18 20:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/04 10:36:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/10/16 16:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 15:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 02:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 00:46:52 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 17:33:24 | 000,135,168 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 04:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 22:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 20:57:54 | 000,107,008 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/02/26 00:13:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2008/11/17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007/10/19 11:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007/09/13 17:14:02 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/01 18:49:22 | 000,040,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbkey.sys -- (usbkey)
DRV - [2007/04/18 16:30:20 | 000,473,728 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 01:42:28 | 001,786,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/25 06:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 06:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 06:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/09/27 07:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://uk.rd.yahoo.c...://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=401
IE - HKCU\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{69661322-D413-4638-9652-71A6CC63B7A5}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{D0FCB2C7-D26E-4336-8212-C97848FBE1C9}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{F9D92CBA-E2C9-42D7-9B43-1419241F8F80}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )


[2013/05/21 18:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2008/05/01 07:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/03/04 15:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/27 08:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2013/06/30 08:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

O1 HOSTS File: ([2014/03/04 15:00:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{439D2219-93AD-495A-AD91-5D24CD231645}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB53BFB9-F153-4DF6-97CB-34571712C65B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell - "" = AutoRun
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d87e84bb-0880-11dd-a5a5-0016d4afb13d}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/04 15:36:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/04 15:24:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/04 15:16:50 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Phil\Desktop\JRT.exe
[2014/03/04 14:57:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/03 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Malware Programs
[2014/03/03 12:49:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Phil\Desktop\TDSSKiller.exe
[2014/03/03 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\GooredFix Backups
[2014/03/03 12:33:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/03/03 12:29:35 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTM.exe
[2014/03/03 12:25:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/03/03 12:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/03/03 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/01 14:05:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Phil\Desktop\GooredFix.exe
[2014/03/01 13:51:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Phil\Desktop\erunt-setup.exe
[2014/03/01 13:39:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Phil\Desktop\HiJackThis.exe
[2014/03/01 13:34:55 | 018,122,912 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Phil\Desktop\SUPERAntiSpyware.exe
[2014/03/01 13:26:06 | 003,420,288 | ---- | C] (CompuClever Systems Inc.) -- C:\Users\Phil\Desktop\pctuneupmaestro_setup.exe
[2014/02/28 21:46:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/26 03:21:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/25 23:40:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/23 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/23 09:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/23 09:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/22 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[2014/02/22 23:05:01 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2014/02/21 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/04 15:31:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/04 15:31:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/04 15:31:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/04 15:30:57 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/04 15:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/04 15:16:50 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Phil\Desktop\JRT.exe
[2014/03/04 15:16:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/04 15:12:49 | 001,244,192 | ---- | M] () -- C:\Users\Phil\Desktop\adwcleaner.exe
[2014/03/04 15:00:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/03/03 22:07:25 | 000,099,645 | ---- | M] () -- C:\Users\Phil\Desktop\Fish 1.jpg
[2014/03/03 20:42:14 | 001,381,376 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS.pub
[2014/03/03 18:59:30 | 000,002,613 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Word 2010.lnk
[2014/03/03 18:49:23 | 000,401,711 | ---- | M] () -- C:\Users\Phil\Desktop\LHCC Angling Society.png
[2014/03/03 12:29:37 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTM.exe
[2014/03/03 12:25:26 | 000,000,917 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/03/03 12:25:08 | 000,000,737 | ---- | M] () -- C:\Users\Phil\Desktop\NTREGOPT.lnk
[2014/03/03 12:25:08 | 000,000,718 | ---- | M] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2014/03/01 14:05:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Phil\Desktop\GooredFix.exe
[2014/03/01 13:51:40 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Phil\Desktop\erunt-setup.exe
[2014/03/01 13:39:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Phil\Desktop\HiJackThis.exe
[2014/03/01 13:34:55 | 018,122,912 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Phil\Desktop\SUPERAntiSpyware.exe
[2014/03/01 13:26:07 | 003,420,288 | ---- | M] (CompuClever Systems Inc.) -- C:\Users\Phil\Desktop\pctuneupmaestro_setup.exe
[2014/03/01 13:10:25 | 001,714,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/27 03:03:59 | 000,634,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/27 03:03:59 | 000,120,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/26 00:13:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/24 23:17:33 | 001,649,778 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\ccn.exe
[2014/02/21 16:31:31 | 037,331,907 | -HS- | M] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/21 16:31:28 | 000,674,312 | -HS- | M] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/21 16:31:26 | 000,000,058 | -HS- | M] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/21 14:32:12 | 000,002,571 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Excel 2010.lnk
[2014/02/20 20:40:11 | 000,294,912 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/02/20 11:32:39 | 000,000,709 | ---- | M] () -- C:\Users\Phil\Desktop\Zip Contents Renamer - Shortcut.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/04 15:12:36 | 001,244,192 | ---- | C] () -- C:\Users\Phil\Desktop\adwcleaner.exe
[2014/03/03 22:07:24 | 000,099,645 | ---- | C] () -- C:\Users\Phil\Desktop\Fish 1.jpg
[2014/03/03 18:49:22 | 000,401,711 | ---- | C] () -- C:\Users\Phil\Desktop\LHCC Angling Society.png
[2014/03/03 12:25:26 | 000,000,917 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/03/03 12:25:08 | 000,000,737 | ---- | C] () -- C:\Users\Phil\Desktop\NTREGOPT.lnk
[2014/03/03 12:25:08 | 000,000,718 | ---- | C] () -- C:\Users\Phil\Desktop\ERUNT.lnk
[2014/02/24 23:16:29 | 000,000,058 | -HS- | C] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/24 23:16:27 | 037,331,907 | -HS- | C] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/24 23:16:23 | 000,674,312 | -HS- | C] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/24 23:14:22 | 001,649,778 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\ccn.exe
[2014/02/20 20:35:05 | 000,294,912 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/02/20 16:34:30 | 001,381,376 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS.pub
[2014/01/06 21:36:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/01/06 18:00:04 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2013/10/29 21:02:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/18 07:53:04 | 000,625,152 | ---- | C] () -- C:\Windows\System32\mp3tsshx.dll
[2013/06/12 12:10:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/05/21 15:47:48 | 000,171,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/17 11:18:39 | 000,001,940 | ---- | C] () -- C:\Users\Phil\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/17 15:31:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008/02/15 19:18:06 | 000,690,513 | ---- | C] () -- C:\Users\Phil\fgh.pmcl
[2008/01/12 14:22:56 | 000,338,032 | ---- | C] () -- C:\Users\Phil\jan 08.pmcl
[2007/10/01 21:19:52 | 000,026,340 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\UserTile.png
[2007/09/29 13:14:48 | 000,002,032 | ---- | C] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
[2007/09/02 18:24:43 | 000,081,408 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/23 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2013/09/11 07:39:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\2monkeys
[2013/09/23 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AlawarEntertainment
[2013/09/20 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Amulet_of_time
[2013/12/10 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Any File To Audio Converter
[2013/06/09 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Artifex Mundi
[2014/01/06 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\BITS
[2013/09/24 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Boomzap
[2013/08/26 19:41:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\calibre
[2014/02/26 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DC++
[2013/12/29 13:18:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Dropbox
[2007/12/21 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DxO Labs
[2013/08/13 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Elephant Games
[2013/07/26 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS G-Studio
[2013/06/27 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS Game Studios
[2014/01/06 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashGetBHO
[2014/01/06 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashgetSetup
[2013/06/30 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\flashInstall
[2013/06/24 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Floodlight Games
[2013/06/08 21:22:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GameInvest
[2013/06/02 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GigantGames
[2013/06/29 21:04:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GoldenBough Games
[2009/12/17 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Imagenomic
[2013/08/05 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Karaoke Builder
[2013/06/06 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MagicIndie
[2013/07/09 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MediaArt
[2013/09/17 13:24:35 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MumboJumbo
[2013/09/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Natural Threat.Ominous Shores
[2007/12/21 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PACE Anti-Piracy
[2007/10/01 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PeerNetworking
[2013/05/29 07:25:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\player
[2013/05/23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PlayFirst
[2007/12/08 13:16:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ppstream
[2014/02/23 14:14:55 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Spare Backup
[2013/08/26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SulusGames
[2010/05/10 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Tific
[2008/04/12 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2013/05/29 07:43:57 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TuneUp Software
[2014/02/26 12:43:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
[2013/07/18 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Vast Studios

========== Purity Check ==========



< End of report >
  • 0

#14
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Oh "WOW" pystryker, my computer is great now. the cg.exe error has gone, the internet loads so much faster and I have just googled some recipes, sites etc and got no redirects to ads!

You are an absolute STAR
Where do I post to sing your praises
You are so very clever to be able to understand all that computer stuff!

I really can't thank you enough

Just one question, what program do you think I sould run to protect my computer in the future?

THANK YOU! THANK YOU! THANK YOU!
  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Oh "WOW" pystryker, my computer is great now. the cg.exe error has gone, the internet loads so much faster and I have just googled some recipes, sites etc and got no redirects to ads!


Excellent! :) We do have a few more steps to go before we're finished though. We need to sweep for any remnants let behind by the removal of the malware.

You are an absolute STAR
Where do I post to sing your praises
You are so very clever to be able to understand all that computer stuff!

I really can't thank you enough

Just one question, what program do you think I sould run to protect my computer in the future?

THANK YOU! THANK YOU! THANK YOU!


Thank you for your kinds words, :) My teachers here are excellent and train us very well. As for singing praises, that's not necessary, your words here brought a very big smile to my face. You're quite welcome. :)


Let's take a look at your system and see if there's any remnants hiding. :thumbsup:


Step 1: Scan with Malwarebytes


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP