Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Another Garda virus mug! :(
-
20-09-2012 2:28pm#1Hi guys.... Is it possible to get some help please.
I tried booting in with safe mode and network access. Unfortunately the network kept coming up as unidentified (Both wireless and ethernet cable connected)
So I disabled the Virus splash screen using Msconfig to let me into the system.... is this a bad idea?
I've downloaded OTL and the logs are as follows..... Thanks in advance for any help.
OTL logfile created on: 20/09/2012 14:57:01 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = c:\Users\Robbie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.15% Memory free
6.21 Gb Paging File | 5.06 Gb Available in Paging File | 81.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.54 Gb Total Space | 122.46 Gb Free Space | 54.78% Space Free | Partition Type: NTFS
Drive
| 9.34 Gb Total Space | 1.63 Gb Free Space | 17.46% Space Free | Partition Type: NTFS
Computer Name: ROBBIE-PC | User Name: Robbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/20 13:33:07 | 000,600,064 | ---- | M] (OldTimer Tools) -- c:\Users\Robbie\Downloads\OTL.exe
PRC - [2012/09/17 18:54:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/09/05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
PRC - [2008/06/27 20:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
PRC - [2008/06/27 20:42:08 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/03/26 23:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/22 12:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/12 06:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe
PRC - [2008/02/09 23:06:00 | 000,308,600 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
PRC - [2008/02/09 23:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 03:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/05/15 06:56:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/05/15 06:56:46 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/05/15 06:56:46 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008/05/15 06:56:42 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/03/28 10:19:10 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll
MOD - [2007/08/14 20:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 20:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 20:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
========== Services (SafeList) ==========
SRV - [2012/09/17 18:54:51 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/18 21:34:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/06/27 20:43:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe -- (STacSV)
SRV - [2008/03/26 23:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 06:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe -- (AESTFilters)
SRV - [2008/02/09 23:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Running] -- C:\Windows\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 00:31:12 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2009/02/19 14:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 14:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009/02/19 14:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/02/19 14:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009/02/19 14:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/02/19 14:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/06 08:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/27 20:44:18 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/14 23:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/01 12:14:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/28 12:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/23 22:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/07 21:42:04 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Amddfltr.sys -- (Amddfltr)
DRV - [2007/07/11 18:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/10/29 21:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{42092955-400C-460C-A708-D7D433B9ED38}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{8A5C31F0-C5FA-49CB-BF29-B187C78D077A}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{A74EBDA5-D0E2-4E7B-8348-414F09C23E5D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1572&query={searchTerms}&invocationType=tb50hpcnnbie7-en-ie
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{42092955-400C-460C-A708-D7D433B9ED38}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKCU\..\SearchScopes\{8A5C31F0-C5FA-49CB-BF29-B187C78D077A}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKCU\..\SearchScopes\{A74EBDA5-D0E2-4E7B-8348-414F09C23E5D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1572&query={searchTerms}&invocationType=tb50hpcnnbie7-en-ie
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=IE&userid=80caf51e-a597-4d2b-b566-1c89e9685e03&affid=111583&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 18:54:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 18:54:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/11/07 22:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Extensions
[2012/09/15 19:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\k64ag09n.default\extensions
[2012/02/09 22:06:14 | 000,020,696 | ---- | M] () (No name found) -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\k64ag09n.default\extensions\leethax@leethax.net.xpi
[2012/09/10 17:14:54 | 000,002,469 | ---- | M] () -- C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\k64ag09n.default\searchplugins\Web Search.xml
[2011/11/07 22:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/17 18:54:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/17 18:54:46 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/17 18:54:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/17 18:54:46 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/09/17 18:54:46 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/17 18:54:46 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/17 18:54:46 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-IE\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D61C7D-517E-4451-A4EF-AFF07DC39010}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1520D1F-4E59-4F0C-ACD9-E40EDF776AAE}: DhcpNameServer = 172.31.140.69 172.30.140.69
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Robbie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Robbie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/21 19:09:33 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/20 13:38:20 | 000,000,000 | ---D | C] -- C:\Users\Robbie\AppData\Roaming\Malwarebytes
[2012/09/20 13:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/20 13:37:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/20 13:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/18 22:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\bwejxevwlyhlcqe
[2012/09/18 22:11:28 | 000,000,000 | ---D | C] -- C:\Users\Robbie\Desktop\Music List
[2012/09/18 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012/09/18 20:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012/09/18 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2012/09/13 22:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/13 22:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/13 20:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/13 20:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/13 20:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/13 15:33:18 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2012/09/13 15:31:15 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2012/09/13 15:31:00 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2012/09/13 15:29:53 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2012/09/13 15:28:27 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2012/09/13 15:27:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2012/09/11 23:02:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/09/11 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/09/11 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Robbie\AppData\Local\Microsoft Games
[2012/09/10 21:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/09/10 21:00:28 | 000,000,000 | ---D | C] -- C:\Users\Robbie\AppData\Local\Conduit
[2012/09/10 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2012/09/10 20:56:45 | 000,000,000 | ---D | C] -- C:\Users\Robbie\Desktop\Game.of.Thrones.S02E02.WEBRip.XviD-3LT0N
[2012/09/10 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Robbie\Desktop\The.Three.Stooges.2012.DVDRip.XviD-AMIABLE
[2012/09/08 19:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/09/08 19:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/09/08 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp
[2012/09/08 19:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2012/09/08 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Robbie\AppData\Roaming\OpenCandy
[2012/09/08 19:03:44 | 000,000,000 | ---D | C] -- C:\Users\Robbie\Desktop\Game of Thrones S02E01 The North Remembers HDTV XviD-FQM[ettv]
[2012/09/08 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/08 18:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/09/08 18:06:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/07 18:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
========== Files - Modified Within 30 Days ==========
[2012/09/20 14:09:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 14:09:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 13:37:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 12:21:27 | 000,000,271 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/09/20 12:09:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/20 12:09:39 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 12:02:09 | 000,001,808 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2012/09/18 23:01:35 | 000,007,620 | ---- | M] () -- C:\Users\Robbie\AppData\Local\d3d9caps.dat
[2012/09/18 22:49:37 | 000,008,192 | ---- | M] () -- C:\Users\Robbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/18 22:28:41 | 000,073,402 | ---- | M] () -- C:\ProgramData\yakcsfxjtlmejfi
[2012/09/18 22:28:25 | 000,080,384 | ---- | M] () -- C:\ProgramData\ktilpjde.exe
[2012/09/18 22:09:17 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/18 22:09:17 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/18 22:09:13 | 000,002,305 | ---- | M] () -- C:\Users\Robbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/09/13 20:10:42 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/13 15:33:19 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2012/09/13 15:31:30 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2012/09/13 15:31:00 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2012/09/13 15:29:54 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2012/09/13 15:29:04 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2012/09/13 15:11:46 | 002,234,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/11 22:03:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/09/10 21:01:51 | 000,000,009 | ---- | M] () -- C:\END
[2012/09/10 20:59:58 | 000,001,633 | ---- | M] () -- C:\Users\Robbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/09/10 20:59:58 | 000,001,633 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/09/08 18:59:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/08 18:51:25 | 000,000,628 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/09/08 18:40:43 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/09/20 13:37:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 12:09:37 | 3218,956,288 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/20 12:02:09 | 000,001,808 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2012/09/18 22:28:40 | 000,080,384 | ---- | C] () -- C:\ProgramData\ktilpjde.exe
[2012/09/18 22:28:25 | 000,073,402 | ---- | C] () -- C:\ProgramData\yakcsfxjtlmejfi
[2012/09/18 20:17:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ac3filter.cpl
[2012/09/13 20:10:42 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/11 22:03:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/09/11 21:49:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/09/11 21:49:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/09/11 21:49:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012/09/11 21:33:49 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/09/11 21:33:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/09/11 21:33:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/09/10 21:01:37 | 000,000,009 | ---- | C] () -- C:\END
[2012/09/08 19:55:37 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/09/08 19:55:37 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/09/08 19:55:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012/09/08 18:59:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/07 17:57:02 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/12/05 19:51:44 | 000,007,620 | ---- | C] () -- C:\Users\Robbie\AppData\Local\d3d9caps.dat
[2011/12/05 18:53:02 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/27 00:00:22 | 000,008,192 | ---- | C] () -- C:\Users\Robbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/04 08:59:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/09/16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/09/16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/09/16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
========== ZeroAccess Check ==========
[2012/09/07 23:31:34 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@symantec[1].txt
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
========== LOP Check ==========
[2012/09/18 20:13:36 | 000,000,000 | ---D | M] -- C:\Users\Robbie\AppData\Roaming\Azureus
[2012/09/08 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\Robbie\AppData\Roaming\OpenCandy
[2011/11/27 01:17:46 | 000,000,000 | ---D | M] -- C:\Users\Robbie\AppData\Roaming\Samsung
[2012/09/18 22:28:16 | 000,000,000 | ---D | M] -- C:\Users\Robbie\AppData\Roaming\TuneUpMedia
========== Purity Check ==========
< End of report >0
Comments
-
OTL Extras logfile created on: 20/09/2012 14:57:01 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = c:\Users\Robbie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.15% Memory free
6.21 Gb Paging File | 5.06 Gb Available in Paging File | 81.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.54 Gb Total Space | 122.46 Gb Free Space | 54.78% Space Free | Partition Type: NTFS
Drive | 9.34 Gb Total Space | 1.63 Gb Free Space | 17.46% Space Free | Partition Type: NTFS
Computer Name: ROBBIE-PC | User Name: Robbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B959620C-2D92-49B3-8FFF-08DD10EB4C2B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074F49C1-69D8-401C-8BA1-F9AB70034A5A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{1EE04869-BFB4-4096-9F2C-00A26B15F586}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2FEEE2F2-A1FB-4477-ABA3-9AC01E6C6233}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{4AE00FAB-1715-4E00-AE5C-B72188FE73FF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{54939E4B-61AB-4ECC-9AE1-AF374FC76D3E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55482F75-03EC-460F-8C26-275DA9848696}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{65F63640-4564-4F69-8BD7-7EEC6C2DE8A0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{674ED21E-0063-4DD2-B887-DD5FDE92DBC1}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7E02B96C-E4BF-4C63-87FE-5FE71CDF8388}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F155EA3-F419-4B1D-B90C-DE2763817FE0}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8C7333D6-44CA-44F4-82FA-A93C7AF5BB2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8DE82944-9330-41A6-987A-A0EF0A2E041B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ABBEC713-2438-4522-BAA9-0E52A74557B7}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DB807FC5-D0F3-46B6-BE67-71EA956951AD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F114D74C-51BB-4DBD-BCB2-98BCE3F5B4B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024D1716-9F42-0039-06E5-F4279D6C4382}" = CCC Help Russian
"{04556846-E511-3FE9-E824-3588075C8036}" = Catalyst Control Center Graphics Full Existing
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05CD72BE-7783-AAB9-0C05-2D8DBD2DD444}" = Catalyst Control Center Localization Dutch
"{0612E132-33FF-4488-9C31-F8D485D6866D}" = Catalyst Control Center Graphics Light
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B3DB1B2-404C-AAA8-B32E-E65520EDE74D}" = CCC Help Polish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10504622-2818-C312-55CC-A72D36A31DBC}" = CCC Help Swedish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2A34320A-56F9-9C4F-D325-77AC8A54C8B6}" = Catalyst Control Center Localization Japanese
"{2C9FF444-79C0-C0C4-7B21-0E77C872AF53}" = CCC Help Danish
"{2CA3E0A5-9281-6E67-1843-A6CC0B00BD74}" = Catalyst Control Center Localization French
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{31775690-0E29-2AB1-75DE-C406152CBD1D}" = Catalyst Control Center Localization Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3466C4D1-508A-0E36-EB05-2E53766F27E0}" = CCC Help Italian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{38DCD6F5-C4DC-25E5-C113-0A909558FC2C}" = CCC Help Norwegian
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA160E2-066B-8D77-FCF4-F001F236E8E7}" = CCC Help Spanish
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{431CED44-A6D3-4E4A-2B76-04D1A861FCCE}" = Catalyst Control Center Localization Swedish
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{475144D0-A4D6-C553-42B5-7BB60FCEF9EC}" = Catalyst Control Center Localization German
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49BA6327-744C-3D20-16DB-6E98BF66D0FD}" = Catalyst Control Center Localization Danish
"{4B4D411D-E363-7E6B-68C3-C8E2EF02B7C6}" = CCC Help Chinese Traditional
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{50DB0F17-4180-31F7-F26B-B40CBA8BA6E0}" = CCC Help German
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5396C246-53B5-4BBA-62DC-8308C7357EFE}" = Catalyst Control Center Localization Polish
"{54CAEF60-0258-2D8E-F01F-24BC689EA8A9}" = Catalyst Control Center Localization Portuguese
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{560BB29B-41C5-88E4-4847-B4B1DDB47B9B}" = Catalyst Control Center Localization Czech
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{59748B12-406B-7EA4-355D-3BBD62E97C69}" = Catalyst Control Center Localization Turkish
"{5B4E5823-7265-9A19-A871-36E75824F7BE}" = CCC Help French
"{5EBC76DA-573E-7D96-A6F8-F4B9DE97A15F}" = Catalyst Control Center Localization Greek
"{623AD94E-1621-5AA1-BD6D-0EF08C9D7851}" = Catalyst Control Center Core Implementation
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DBCFFF6-2A7B-4AE4-8FC8-1216442E2814}" = CCC Help Korean
"{6FCBD7F7-6A29-089F-E5DB-E33EFCF306CD}" = Catalyst Control Center Localization Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{762D9F20-593B-436E-CAC3-B3D9F4DA7A90}" = Catalyst Control Center Localization Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80C2AD19-97A2-C829-38DE-5FD5B47F122B}" = ATI Catalyst Install Manager
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8436F8D7-AA62-83DA-3BC5-E04871BF5F61}" = CCC Help Portuguese
"{84F40C39-1E61-B3A7-833A-3A376AB53394}" = CCC Help Japanese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931FB38C-D5D4-4DBD-3723-50140A67F276}" = CCC Help Turkish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96A959C9-51E1-C920-A9FA-269BB462A940}" = CCC Help Czech
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A102E7E3-2A4E-F509-3EF6-019F45C83196}" = CCC Help Dutch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57222BD-51E3-7765-A008-9B6428402A59}" = CCC Help Hungarian
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A8ACD338-255C-B53D-7F19-ED7293B291E8}" = Catalyst Control Center Localization Norwegian
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD41A0CF-79B4-98D8-B9B9-3DE8BEC8A861}" = Catalyst Control Center Localization Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4B2636B-D76D-7C23-3010-99E96693F0B5}" = Catalyst Control Center Graphics Previews Vista
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7D336BE-894A-4CB3-A06A-D0989AEDF43A}" = SymNet
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9E9386A-7E81-796A-3465-8471A239A8A0}" = CCC Help Chinese Standard
"{CA4498C8-5146-E527-27A7-1B4F81C9BF05}" = CCC Help Thai
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DEC3A80C-49D3-2885-2A03-3FBA61A5D40F}" = Catalyst Control Center Localization Italian
"{E0B276B1-97D7-7AD2-548F-248A7745A1ED}" = CCC Help Greek
"{E2ADC6FA-4233-54E6-29EC-E60EAD096A50}" = Catalyst Control Center Localization Hungarian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3EA025D-29A0-530C-9CA7-DBB5C49BB6DB}" = Skins
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E96FFA19-E94B-D32B-E103-E78A0877245A}" = Catalyst Control Center Localization Thai
"{EAE4AD65-89F2-3DE8-DF46-CCB34393CAA0}" = Catalyst Control Center Localization Russian
"{EE3D717C-D93F-2A2B-F641-F59F48E11895}" = ccc-utility
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F447BD4C-65C3-A6D9-8A5F-5E822E32E1BC}" = Catalyst Control Center Localization Korean
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F48FEA7A-2B87-8270-927C-20A0E7E5EBC2}" = CCC Help English
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FCC92CBC-F520-A906-C002-9A6236308916}" = Catalyst Control Center Graphics Full New
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEC99680-66C4-C8C7-084B-2FB1B257777C}" = CCC Help Finnish
"{FEEDAB32-F937-8319-D3F1-FFFC98C2111E}" = ccc-core-static
"7-Zip" = 7-Zip 9.22beta
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUpMedia" = TuneUp 2.4.6.4
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent hp Master Uninstall" = My HP Games
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18/09/2012 17:36:42 | Computer Name = Robbie-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 18/09/2012 17:36:42 | Computer Name = Robbie-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 18/09/2012 17:36:42 | Computer Name = Robbie-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 18/09/2012 17:36:42 | Computer Name = Robbie-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 18/09/2012 17:36:42 | Computer Name = Robbie-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 18/09/2012 17:36:42 | Computer Name = Robbie-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 18/09/2012 17:47:58 | Computer Name = Robbie-PC | Source = EventSystem | ID = 4609
Description =
Error - 18/09/2012 17:48:47 | Computer Name = Robbie-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/09/2012 18:10:39 | Computer Name = Robbie-PC | Source = EventSystem | ID = 4609
Description =
Error - 18/09/2012 18:11:26 | Computer Name = Robbie-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 04/05/2012 13:50:35 | Computer Name = Robbie-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04/05/2012 13:50:42 | Computer Name = Robbie-PC | Source = DCOM | ID = 10005
Description =
Error - 04/05/2012 13:54:49 | Computer Name = Robbie-PC | Source = DCOM | ID = 10010
Description =
Error - 04/05/2012 13:55:35 | Computer Name = Robbie-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 04/05/2012 14:00:36 | Computer Name = Robbie-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 04/05/2012 14:00:36 | Computer Name = Robbie-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07/09/2012 09:58:36 | Computer Name = Robbie-PC | Source = HTTP | ID = 15016
Description =
Error - 07/09/2012 09:59:37 | Computer Name = Robbie-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07/09/2012 10:14:28 | Computer Name = Robbie-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 00234DCCA2AF has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
Error - 07/09/2012 10:55:59 | Computer Name = Robbie-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
< End of report >0 -
-
re: the folder, No I don't recognise it....but that doesn't necessarily mean anything. I'm not particularly tech-savvy.
OTL LOG:
All processes killed
========== OTL ==========
C:\ProgramData\bwejxevwlyhlcqe folder moved successfully.
C:\ProgramData\yakcsfxjtlmejfi moved successfully.
C:\ProgramData\ktilpjde.exe moved successfully.
File C:\ProgramData\ktilpjde.exe not found.
File C:\ProgramData\yakcsfxjtlmejfi not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Robbie
->Temp folder emptied: 333752883 bytes
->Temporary Internet Files folder emptied: 19859827 bytes
->FireFox cache emptied: 61843278 bytes
->Apple Safari cache emptied: 870400 bytes
->Flash cache emptied: 97390 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51157406 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7261356107 bytes
Total Files Cleaned = 7,371.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Robbie
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Robbie
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\Robbie\Downloads\cmd.bat deleted successfully.
c:\Users\Robbie\Downloads\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.64.0 log created on 09202012_165728
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Doing the MBAM scan now.
Thanks for your help.0 -
-
-
Advertisement
-
Advertisement