Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cg.exe stopped woring error [Solved]


  • This topic is locked This topic is locked

#31
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the OTL fix log


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files\FoxTabMusicConverter\AudioConverter.exe moved successfully.
C:\Users\Phil\AppData\Roaming\ccn.exe moved successfully.
File\Folder C:\Users\Phil\Documents\!LINDA\PROGRAMS\ccsetup402.exe not found.
File\Folder C:\Users\Phil\Documents\!LINDA\PROGRAMS\mp3gain-setup.exe not found.
File\Folder C:\Users\Phil\Documents\!LINDA\PROGRAMS\PF Config (Original)\PF Config\PFCSetup.exe not found.
D:\GAMES\The Mystery Of The Crystal Portal 2(Full.EN.2010.).exe moved successfully.
G:\!!!NEW DOWNLOADS\Office 2010 Original serial from Microsoft.exe moved successfully.
G:\!!!NEW DOWNLOADS\Epic (2013)\Epic (2013).exe moved successfully.
G:\!!!NEW DOWNLOADS\Pacific Rim (2013)\Pacific Rim (2013).exe moved successfully.
G:\!!!NEW DOWNLOADS\Samsara (2011)\Samsara (2011).exe moved successfully.
G:\!!!NEW DOWNLOADS\Savages (2012)\Savages (2012).exe moved successfully.
G:\!!!NEW DOWNLOADS\The Hunger Games Catching Fire (2013)\The Hunger Games Catching Fire (2013).exe moved successfully.
File\Folder G:\JDownloader\JDownloader_TSV415PA3.exe not found.
File\Folder G:\MISC\mp3tag.exe not found.
G:\MISC\MyFunCards.exe moved successfully.
File\Folder G:\MISC\Setup.exe not found.
File\Folder G:\MISC\Fotosizer v1.26.0.448\fsSetup126.exe not found.
File\Folder G:\MISC\PC Repair Files\Fix my PC (Repair-Format)Pt 2\cdbxp_setup_4.3.2.2140.exe not found.
File\Folder G:\PHIL\bonjourforwindows-setup.exe not found.
File\Folder G:\PHIL\ccsetup401.exe not found.
File\Folder G:\PHIL\rcpsetup_cpx_cpx.exe not found.
File\Folder G:\PHIL\SoftonicDownloader_for_regvac.exe not found.
File\Folder G:\PHIL\SopCast-3.2.9.zip not found.
File\Folder G:\PHIL\SopCast-3.2.9\Setup-SopCast-3.2.9-2010-3-23.exe not found.
G:\PROGRAMS\FLVPlayerSetup.exe moved successfully.
G:\PROGRAMS\installer_dropbox_English.exe moved successfully.
File\Folder G:\PROGRAMS\JDownloader_TSV415PA3.exe not found.
G:\PROGRAMS\winamp565_full_emusic-7plus_all.exe moved successfully.
G:\PROGRAMS\CODECS\ac3filter.exe moved successfully.
G:\PROGRAMS\Microsoft Office 2010 Pro. Plus Sp1 x86 and x64 Full Activated\Microsoft Office 2010 Pro. Plus x64.exe moved successfully.
G:\PROGRAMS\PF Config (Original)\PF Config\PFCSetup.exe moved successfully.
G:\PROGRAMS\Tune Up Utilities 2011 and Keygen Last\Tune up Utilites 2011 Setup file.exe moved successfully.
G:\PROGRAMS\VLC Media Player\vlcmediaplayer-setup.exe moved successfully.
G:\PROGRAMS\WINAMP\cbsidlm-tr1_10a-Winamp-ORG-10251792.exe moved successfully.
G:\PROGRAMS\WINAMP\TuneUp Utilities 2013 v14.0.2013.167 Including Crack + Key [h33t][iahq76]\TuneUp Utilities 2013-setup.exe moved successfully.
File\Folder G:\PROGRAMS\`NOT INSTALLED\YouTube Downloader\YouTubeDownloaderSetup35.exe not found.
G:\RECYCLER\S-1-5-21-1935655697-813497703-1177238915-1003\Dh85\7ZipSetup.exe moved successfully.
G:\RECYCLER\S-1-5-21-1935655697-813497703-1177238915-1003\Dh85\Microsoft Office Enterprise 2010 Corporate Final (full activated).rar moved successfully.
G:\RECYCLER\S-1-5-21-1935655697-813497703-1177238915-1003\Dh85\winamp563_full_emusic-7plus_en-us.exe moved successfully.
G:\`FILMS\!VIDEO TOOLS\`Codecs & Filters Etc\AC3 FILTER\ac3filter.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 03062014_132924


I am so sorry, I have an admission to make, I realised when I read the log and some of the files have not been found. I can't tell you how sorry I am!
I have been trying to tidy up my folders (realise now that I shouln't have touched them until all this was finished. I have put them back in their original folders, but some I have deleted. I will list them, but don't know if it will help now!


Deleted G:\J Downloader

Now back in these original folders



ile\Folder C:\Users\Phil\Documents\!LINDA\PROGRAMS\ccsetup402.exe not found.
File\Folder C:\Users\Phil\Documents\!LINDA\PROGRAMS\mp3gain-setup.exe not found.
File\Folder C:\Users\Phil\Documents\!LINDA\PROGRAMS\PF Config (Original)\PF Config\PFCSetup.exe not found.
File\Folder G:\MISC\Fotosizer v1.26.0.448\fsSetup126.exe not found.
File\Folder G:\MISC\PC Repair Files\Fix my PC (Repair-Format)Pt 2\cdbxp_setup_4.3.2.2140.exe not found.
File\Folder G:\PHIL\bonjourforwindows-setup.exe not found.
File\Folder G:\PHIL\ccsetup401.exe not found.
File\Folder G:\PHIL\rcpsetup_cpx_cpx.exe not found.
File\Folder G:\PHIL\SoftonicDownloader_for_regvac.exe not found.
File\Folder G:\PHIL\SopCast-3.2.9.zip not found.
File\Folder G:\PHIL\SopCast-3.2.9\Setup-SopCast-3.2.9-2010-3-23.exe not found.

Can't find the YouTube Downloader anywhere?
I have maybe deleted it, as I have another version on my C drive

Once again I am so sorry, I am such a plonker!!!

Edited by GroovyGran, 06 March 2014 - 09:32 AM.

  • 0

Advertisements


#32
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Can't find the YouTube Downloader anywhere?
I have maybe deleted it, as I have another version on my C drive

Once again I am so sorry, I am such a plonker!!


Indeed, let the tools finish their work. Those files have to go out they will end up infecting your machine again. :)

I'm going to run another scan when I finish researching and probably remove those two files. I can't find anything on them thus far and that usually means malware. But I'm still digging. :)

No need to be sorry, you are doing quite well and I'm enjoying working with you. :) :thumbsup:
  • 0

#33
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Another one has appeared on my desktop now
ROZwkWOyhzn

NotePad has opened it, but it just looks like gobbledygook to me, but I have copied it anyway, do you want me to paste it to you?

Oh, this one is a little different, it has a faint image of a little cog in it like some of the desktop ini files or settings files?

Edited by GroovyGran, 06 March 2014 - 12:40 PM.

  • 0

#34
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Another one has appeared on my desktop now
ROZwkWOyhzn

NotePad has opened it, but it just looks like gobbledygook to me, but I have copied it anyway, do you want me to paste it to you?


No, do not post it. Also, I would not open any of the others. I'm pretty sure they're all malware related, and opening them could introduce an infection to your machine.
  • 0

#35
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OK, thats why I didn't post it without asking

I'll let you get on with your research for a while :)
  • 0

#36
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Oh, this one is a little different, it has a faint image of a little cog in it like some of the desktop ini files or settings files?


I'm almost positive these are malware, but let's upload a couple of them to VirusTotal and let them scan them. The file that starts with ROZ is larger than they will accept, so let's take a look at the other 2. :)


Please follow my instructions below for each of the files listed.

Upload files to VirusTotal for scanning

  • Please go to VirusTotal.org by clicking here
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select file that is listed in that location.

    C:\Users\Phil\Desktop\spYyz.KXZ
    C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please post each report in your next reply.

  • 0

#37
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Not sure how to post these, I did copy and paste of all three columns but only the antivirus column has shown, they all have a tick against them in the result column



SHA256:

7618b594ce17e2de86adacca21bc2c98383d29cb055284066421050c153afa7e



File name:

VUgVVYSCcHfL.BSA



Detection ratio:

0 / 50



Analysis date:

2014-03-07 09:12:14 UTC ( 0 minutes ago )






AVG



20140306



Ad-Aware



20140307



Agnitum



20140307



AhnLab-V3



20140307



AntiVir



20140307



Antiy-AVL



20140307



Avast



20140307



Baidu-International



20140307



BitDefender



20140307



Bkav



20140306



ByteHero



20140307



CAT-QuickHeal



20140307



CMC



20140307



ClamAV



20140307



Commtouch



20140307



Comodo



20140307



DrWeb



20140307



ESET-NOD32



20140307



Emsisoft



20140307



F-Prot



20140307



F-Secure



20140307



Fortinet



20140307



GData



20140307



Ikarus



20140307



Jiangmin



20140307



K7AntiVirus



20140306



K7GW



20140306



Kaspersky



20140307



Kingsoft



20140307



Malwarebytes



20140307



McAfee



20140307



McAfee-GW-Edition



20140307



MicroWorld-eScan



20140307



Microsoft



20140307



NANO-Antivirus



20140307



Norman



20140307



Panda



20140307



Qihoo-360



20140307



Rising



20140306



SUPERAntiSpyware



20140307



Sophos



20140307



Symantec



20140307



TheHacker



20140305



TotalDefense



20140306



TrendMicro



20140307



TrendMicro-HouseCall



20140307



VBA32



20140307



VIPRE



20140307



ViRobot



20140307



nProtect



20140307
  • 0

#38
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Heres the other one



SHA256:

8266cc70b612d1a6dd7e3de598ef61f124b5524b847794bcade6d4c139777692



File name:

spYyz.KXZ



Detection ratio:

0 / 50



Analysis date:

2014-03-07 09:08:06 UTC ( 13 minutes ago )







0




0


 Analysis

 Additional information
 Comments 0
 Votes







Antivirus

Result

Update




AVG



20140306



Ad-Aware



20140307



Agnitum



20140307



AhnLab-V3



20140307



AntiVir



20140307



Antiy-AVL



20140307



Avast



20140307



Baidu-International



20140307



BitDefender



20140307



Bkav



20140306



ByteHero



20140307



CAT-QuickHeal



20140307



CMC



20140307



ClamAV



20140307



Commtouch



20140307



Comodo



20140307



DrWeb



20140307



ESET-NOD32



20140307



Emsisoft



20140307



F-Prot



20140307



F-Secure



20140307



Fortinet



20140307



GData



20140307



Ikarus



20140307



Jiangmin



20140307



K7AntiVirus



20140306



K7GW



20140306



Kaspersky



20140307



Kingsoft



20140307



Malwarebytes



20140307



McAfee



20140307



McAfee-GW-Edition



20140307



MicroWorld-eScan



20140307



Microsoft



20140307



NANO-Antivirus



20140307



Norman



20140307



Panda



20140307



Qihoo-360



20140307



Rising



20140306



SUPERAntiSpyware



20140307



Sophos



20140307



Symantec



20140307



TheHacker



20140305



TotalDefense



20140306



TrendMicro



20140307



TrendMicro-HouseCall



20140307



VBA32



20140307



VIPRE



20140307



ViRobot



20140307



nProtect



20140307




There is also an Aditional Information Tab, if you want that too for each one?


Oh forgot to say, I will be out most of the day, We have a Funeral o go to, so I will check if you have answered as soon as I get back

Edited by GroovyGran, 07 March 2014 - 05:21 AM.

  • 0

#39
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

There is also an Aditional Information Tab, if you want that too for each one?


Oh forgot to say, I will be out most of the day, We have a Funeral o go to, so I will check if you have answered as soon as I get back


No, no need for that, as they didn't show as infected by VirusTotal, so we'll leave them as they are hidden system files. They should be re-hidden when we do our cleanup procedures. :thumbsup:

Take your time, that's far more important. I will always work on the schedule that best fits you. :thumbsup:


Let's run one final scan with OTL to make sure everything is good and if it's clean, I'll have some cleanup and prevention steps. :)


Start OTL and press the Quick Scan button. OTL will scan your machine and when finished, will produce one log. Please post it in your next reply.
  • 0

#40
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, Heres the OTL Scan Results


OTL logfile created on: 07/03/2014 18:26:31 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.38 Mb Total Physical Memory | 419.41 Mb Available Physical Memory | 41.39% Memory free
2.24 Gb Paging File | 1.26 Gb Available in Paging File | 56.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.77 Gb Total Space | 9.26 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
Drive D: | 70.47 Gb Total Space | 52.40 Gb Free Space | 74.36% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 213.29 Gb Free Space | 71.55% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 96.48 Gb Free Space | 10.36% Space Free | Partition Type: NTFS

Computer Name: ACERLAPTOP | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/04 15:04:57 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
PRC - [2014/02/14 19:09:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/01 05:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/09/24 19:05:46 | 000,625,152 | ---- | M] () -- C:\Program Files\Magnus Brading Software\Mp3-Tag Studio 3.5\Mp3tsshx.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/05/18 20:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/12/18 18:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/04 10:36:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/10/16 16:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 15:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/03 02:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/03 00:46:52 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/01/02 17:33:24 | 000,135,168 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/29 04:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/12/22 22:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 20:57:54 | 000,107,008 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2008/11/17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007/10/19 11:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007/09/13 17:14:02 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/01 18:49:22 | 000,040,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbkey.sys -- (usbkey)
DRV - [2007/04/18 16:30:20 | 000,473,728 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 01:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/25 06:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 06:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 06:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/04 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/09/27 07:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://uk.rd.yahoo.c...://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=401
IE - HKCU\..\SearchScopes\{2D0E4A14-683B-B425-A88A-71163059FA62}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{69661322-D413-4638-9652-71A6CC63B7A5}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{D0FCB2C7-D26E-4336-8212-C97848FBE1C9}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{F9D92CBA-E2C9-42D7-9B43-1419241F8F80}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )


[2013/05/21 18:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2008/05/01 07:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/03/04 15:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/27 08:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2013/06/30 08:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

O1 HOSTS File: ([2014/03/04 15:00:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{439D2219-93AD-495A-AD91-5D24CD231645}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB53BFB9-F153-4DF6-97CB-34571712C65B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell - "" = AutoRun
O33 - MountPoints2\{5174a272-fc1d-11dd-bceb-0016d4afb13d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d87e84bb-0880-11dd-a5a5-0016d4afb13d}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/06 13:27:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/03/05 17:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/03/05 10:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/05 10:45:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/03/05 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/04 22:06:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/04 15:36:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/04 15:24:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/04 14:57:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/03 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Malware Programs
[2014/03/03 12:33:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/03/03 12:25:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/02/26 03:21:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/23 09:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/23 09:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/23 09:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/02/22 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[2014/02/22 23:05:01 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2014/02/21 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 18:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 18:15:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 16:50:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 16:50:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/07 10:52:05 | 000,153,994 | ---- | M] () -- C:\Users\Phil\Desktop\FISH 12.bmp
[2014/03/07 10:46:23 | 000,450,048 | ---- | M] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/03/07 08:51:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/07 08:50:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/06 20:05:09 | 000,647,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/06 20:05:09 | 000,124,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/05 10:45:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 22:09:33 | 000,987,425 | ---- | M] () -- C:\Users\Phil\Desktop\SecurityCheck.exe
[2014/03/04 22:06:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/04 15:00:38 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/03/03 18:59:30 | 000,002,613 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Word 2010.lnk
[2014/03/01 13:10:25 | 001,714,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/28 21:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2014/02/21 16:31:31 | 037,331,907 | -HS- | M] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/21 16:31:28 | 000,674,312 | -HS- | M] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/02/21 16:31:26 | 000,000,058 | -HS- | M] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/21 14:32:12 | 000,002,571 | ---- | M] () -- C:\Users\Phil\Desktop\Microsoft Excel 2010.lnk
[2014/02/20 11:32:39 | 000,000,709 | ---- | M] () -- C:\Users\Phil\Desktop\Zip Contents Renamer - Shortcut.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/07 10:52:05 | 000,153,994 | ---- | C] () -- C:\Users\Phil\Desktop\FISH 12.bmp
[2014/03/07 10:46:22 | 000,450,048 | ---- | C] () -- C:\Users\Phil\Desktop\EMBLEM IDEAS 2.pub
[2014/03/05 10:45:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/04 22:09:33 | 000,987,425 | ---- | C] () -- C:\Users\Phil\Desktop\SecurityCheck.exe
[2014/02/24 23:16:29 | 000,000,058 | -HS- | C] () -- C:\Users\Phil\Desktop\VUgVVYSCcHfL.BSA
[2014/02/24 23:16:27 | 037,331,907 | -HS- | C] () -- C:\Users\Phil\Desktop\ROZwkWQyhzn
[2014/02/24 23:16:23 | 000,674,312 | -HS- | C] () -- C:\Users\Phil\Desktop\spYyz.KXZ
[2014/01/06 21:36:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2014/01/06 18:00:04 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2013/10/29 21:02:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/18 07:53:04 | 000,625,152 | ---- | C] () -- C:\Windows\System32\mp3tsshx.dll
[2013/06/12 12:10:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/05/21 15:47:48 | 000,171,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/17 11:18:39 | 000,001,940 | ---- | C] () -- C:\Users\Phil\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/17 15:31:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008/02/15 19:18:06 | 000,690,513 | ---- | C] () -- C:\Users\Phil\fgh.pmcl
[2008/01/12 14:22:56 | 000,338,032 | ---- | C] () -- C:\Users\Phil\jan 08.pmcl
[2007/10/01 21:19:52 | 000,026,340 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\UserTile.png
[2007/09/29 13:14:48 | 000,002,032 | ---- | C] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
[2007/09/02 18:24:43 | 000,081,408 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/23 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\.minecraft
[2013/09/11 07:39:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\2monkeys
[2013/09/23 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AlawarEntertainment
[2013/09/20 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Amulet_of_time
[2013/12/10 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Any File To Audio Converter
[2013/06/09 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Artifex Mundi
[2014/01/06 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\BITS
[2013/09/24 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Boomzap
[2013/08/26 19:41:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\calibre
[2014/02/26 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DC++
[2013/12/29 13:18:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Dropbox
[2007/12/21 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\DxO Labs
[2013/08/13 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Elephant Games
[2013/07/26 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS G-Studio
[2013/06/27 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ERS Game Studios
[2014/01/06 17:57:24 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashGetBHO
[2014/01/06 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FlashgetSetup
[2013/06/30 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\flashInstall
[2013/06/24 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Floodlight Games
[2013/06/08 21:22:20 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GameInvest
[2013/06/02 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GigantGames
[2013/06/29 21:04:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GoldenBough Games
[2009/12/17 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Imagenomic
[2013/08/05 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Karaoke Builder
[2013/06/06 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MagicIndie
[2013/07/09 22:00:45 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MediaArt
[2013/09/17 13:24:35 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MumboJumbo
[2013/09/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Natural Threat.Ominous Shores
[2007/12/21 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PACE Anti-Piracy
[2007/10/01 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PeerNetworking
[2013/05/29 07:25:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\player
[2013/05/23 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PlayFirst
[2007/12/08 13:16:16 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ppstream
[2014/03/06 12:15:53 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Spare Backup
[2013/08/26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SulusGames
[2010/05/10 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Tific
[2008/04/12 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2013/05/29 07:43:57 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TuneUp Software
[2014/03/06 13:22:29 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
[2013/07/18 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Vast Studios

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#41
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) I see no signs of infection in the last log you posted, but we still have a few things we need to address namely:

  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.


Step 1: Program Update, a warning about Java, and Installation of FileHippo


  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.


  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 2: Tool Removal and Creation of a New, Clean Restore Point with DelFix


  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    Posted Image
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


  • You can uninstall ESET Online Scanner at this time.
  • I would keep Malwarebytes Anti-Malware on your computer. Update it and run it about once a week. You can delete things such as PUPs (potentially unwanted programs) but if it locates something like a trojan, come see us. :)


Step 3: Tips, Information and Protection against CryptoLocker


  • Do not use P2P programs.
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

Posted Image

Are there any further issues I can assist you with? :)
  • 0

#42
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I have downloaded some of the programs you have selected, but not installed them yet. spyware gaurd could not be downloaded at present, it is a work in progress, but I have downloaded spyware blaster. Also FileHippo and delfix. I have uninstalled Java (I think) the only thing I could see to uninstall was a java 7 update? the Foxit Reader site would not load, kept comng up with windows explorer cannot display this site, but will try later. I downloaded the java for a game my daughter kept harping on about, but when I played it I did not like it, it was like the old type pixel stuff, very blocky. it is called Minecraft, bu I can't find it in the Control Panel, Uninstall Programs. Is it safe to just delete the folders it's in?
I will continue in a while! Just got back fom my Grandaughters Birthday Party!
  • 0

#43
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I have downloaded some of the programs you have selected, but not installed them yet. spyware gaurd could not be downloaded at present, it is a work in progress, but I have downloaded spyware blaster. Also FileHippo and delfix. I have uninstalled Java (I think) the only thing I could see to uninstall was a java 7 update? the Foxit Reader site would not load, kept comng up with windows explorer cannot display this site, but will try later. I downloaded the java for a game my daughter kept harping on about, but when I played it I did not like it, it was like the old type pixel stuff, very blocky. it is called Minecraft, bu I can't find it in the Control Panel, Uninstall Programs. Is it safe to just delete the folders it's in?
I will continue in a while!


Ok, good :thumbsup: Whenever you can, post the DelFix log so I can make sure I don't leave anything lying around. :)

Here's an updated link for Foxit: http://www.foxitsoft...ure_PDF_Reader/

As for that Minecraft program, if it's not in the Uninstall list, I'd delete the folder. :)

Just got back fom my Grandaughters Birthday Party!


:rockon: :thumbsup:
  • 0

#44
GroovyGran

GroovyGran

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the DelFix Log


# DelFix v10.6 - Logfile created 08/03/2014 at 16:03:48
# Updated 11/11/2013 by Xplode
# Username : Phil - ACERLAPTOP
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\_OTM
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.2.8.16.0_03.03.2014_12.49.43_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_03.03.2014_12.50.26_log.txt
Deleted : C:\Users\Phil\Desktop\Extras.Txt
Deleted : C:\Users\Phil\Desktop\OTL.Txt
Deleted : C:\Users\Phil\Desktop\OTL.exe
Deleted : C:\Users\Phil\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #778 [Windows Update | 02/27/2014 03:00:16]
Deleted : RP #779 [Windows Update | 03/03/2014 10:42:25]
Deleted : RP #780 [Removed TuneUp Utilities 2011 | 03/04/2014 14:47:20]
Deleted : RP #781 [Removed TuneUp Utilities Language Pack (en-US) | 03/04/2014 14:50:24]
Deleted : RP #782 [OTL Restore Point - 04/03/2014 14:57:52 | 03/04/2014 14:57:52]
Deleted : RP #783 [OTL Restore Point - 06/03/2014 13:29:36 | 03/06/2014 13:29:36]
Deleted : RP #784 [Windows Update | 03/06/2014 17:35:37]
Deleted : RP #785 [Removed Java 7 Update 51 | 03/08/2014 11:54:15]

New restore point created !

########## - EOF - ##########
  • 0

#45
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good! :)

Please don't hesitate to come back if you need us again, it's been a pleasure working with you. (PS, spoil that granddaughter every chance you get!) :thumbsup:


Safe surfing

Pystryker :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP