Jump to content


Photo
- - - - -

windows 7 removal tool


  • This topic is locked This topic is locked
11 replies to this topic

#1 ij21

ij21

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 May 2011 - 06:39 AM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by louisa at 7:37:23.63 on 19/05/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1012.166 [GMT 1:00]
.
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Virgin Media\Security\Fws.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Virgin Media\Security\rps.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\servicing\TrustedInstaller.exe
\\IAN-PC\Users\Public\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735
uSearch Page = hxxp://www.Google.com/
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512091106l03d3ww58w68384735
uInternet Settings,ProxyOverride = *.local
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.894
StartupFolder: c:\users\louisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\louisa\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-5-18 25608]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-21 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-6-4 1150496]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-8-6 311592]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-5-18 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-5-18 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-5-18 21208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-21 119256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-21 167424]
.
=============== Created Last 30 ================
.
2011-05-19 01:52:37 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7c4b65e2-8f9e-4696-9f48-05a614af3824}\mpengine.dll
2011-05-18 18:47:54 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-05-18 18:46:50 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-05-18 18:45:57 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-05-18 18:45:42 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-05-18 18:45:16 -------- d-----w- c:\program files\Raxco
2011-05-18 18:13:01 -------- d-----w- c:\program files\Virgin Media
2011-05-18 17:31:52 -------- d-----w- c:\users\louisa\appdata\roaming\Malwarebytes
2011-05-18 17:31:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 17:31:45 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-18 17:31:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 17:31:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-18 17:14:05 -------- d--h--w- c:\users\louisa\appdata\roaming\Virgin Media
2011-05-18 17:13:28 -------- d-----w- c:\progra~2\Radialpoint
2011-05-18 17:13:25 -------- d-----w- c:\progra~2\Virgin Media
2011-05-12 18:24:36 -------- d--h--w- c:\users\louisa\appdata\local\Windows Live
2011-05-11 19:53:36 -------- d-----w- C:\fcdd2fff355f9310b7cb0b9fbd
2011-05-11 19:32:31 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 19:32:30 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 7:40:48.38 ===============

Attached Files



#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 May 2011 - 07:06 AM

Posted Image

Logs will be closed if you haven't replied within 3 days



Please don't attach the scans / logs for these tools, use "copy/paste".


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:


Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)
Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 ij21

ij21

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 May 2011 - 12:14 PM

Posted Image

Logs will be closed if you haven't replied within 3 days



Please don't attach the scans / logs for these tools, use "copy/paste".


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:


Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)
Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.



Thank you for helping me.

I did as you suggested and it restored the desktop except for the windows 7 starter screen. The start menu folders were also restored but they are "empty" eg the Ofice folder does not contain the links to Word -Excel etc

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 May 2011 - 12:16 PM

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    [list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 ij21

ij21

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 May 2011 - 03:12 PM

OTL logfile created on: 20/05/2011 20:49:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\louisa\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,012.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 24.67 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: LOUISA-PC | User Name: louisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)
PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)
PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\PLFSetI.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Acer\Acer ePower Management\SysHook.dll (Acer Incorporated)


========== Win32 Services (SafeList) ==========

SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)
SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)
SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)
SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)
DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )
DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d3ww58w68384735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...d3ww58w68384735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d3ww58w68384735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\louisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell - "" = AutoRun
O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell - "" = AutoRun
O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 20:46:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe
[2011/05/19 12:52:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/05/19 05:28:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/18 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Mozilla
[2011/05/18 19:47:54 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2011/05/18 19:46:50 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/05/18 19:45:57 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/18 19:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011/05/18 19:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/05/18 19:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security
[2011/05/18 19:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media
[2011/05/18 19:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2011/05/18 18:31:52 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Malwarebytes
[2011/05/18 18:31:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/18 18:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/18 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/18 18:31:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/18 18:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/18 18:14:05 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Virgin Media
[2011/05/18 18:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2011/05/18 18:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Virgin Media
[2011/05/12 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Local\Windows Live
[2011/05/11 20:53:36 | 000,000,000 | ---D | C] -- C:\fcdd2fff355f9310b7cb0b9fbd
[2011/05/11 20:32:31 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 20:32:30 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/04/26 22:51:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/04/26 22:51:13 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/04/26 22:51:12 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/04/26 22:51:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/04/26 22:51:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 22:51:03 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/08/21 02:35:15 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 20:46:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe
[2011/05/20 20:39:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 20:39:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/20 18:23:45 | 001,000,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/20 18:23:45 | 000,295,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/20 18:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/20 18:18:36 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 17:08:03 | 000,001,471 | ---- | M] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk
[2011/05/19 07:28:17 | 000,000,000 | ---- | M] () -- C:\Users\louisa\defogger_reenable
[2011/05/18 19:45:57 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/18 19:44:54 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/18 18:31:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r
[2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888
[2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888
[2011/04/28 18:46:06 | 000,000,091 | ---- | M] () -- C:\Windows\CIV.INI
[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 19:56:16 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2011/05/19 17:08:03 | 000,001,471 | ---- | C] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk
[2011/05/19 14:51:10 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/05/19 14:51:09 | 000,002,597 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/05/19 14:51:09 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/19 14:51:09 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/19 14:51:09 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/19 14:51:09 | 000,001,269 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/05/19 14:51:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/19 14:51:09 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/05/19 14:51:08 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Acer GameZone Console.lnk
[2011/05/19 14:51:08 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Acer Accessory Store.lnk
[2011/05/19 07:28:17 | 000,000,000 | ---- | C] () -- C:\Users\louisa\defogger_reenable
[2011/05/18 19:44:54 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/18 18:31:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 01:15:22 | 000,000,144 | ---- | C] () -- C:\ProgramData\~29744888r
[2011/05/16 01:15:21 | 000,000,120 | ---- | C] () -- C:\ProgramData\~29744888
[2011/05/16 01:12:03 | 000,000,336 | ---- | C] () -- C:\ProgramData\29744888
[2011/02/16 23:19:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/06 20:42:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/04/21 20:41:38 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/04/21 20:36:47 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/21 20:36:47 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/01/23 14:20:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/21 16:29:18 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/10/08 03:59:36 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/10/08 03:59:36 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/10/08 03:59:36 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/10/08 03:59:36 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/08/21 02:33:08 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2009/08/21 02:33:08 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/08/21 02:33:08 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/08/21 02:33:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,412,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 001,000,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,295,224 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/26 22:53:18 | 000,000,000 | -HSD | M] -- C:\Users\louisa\AppData\Roaming\.#
[2011/03/02 09:45:54 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\BitTorrent
[2011/05/20 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Dropbox
[2009/12/21 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\GameConsole
[2011/05/18 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Virgin Media
[2011/04/17 07:50:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#6 ij21

ij21

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 May 2011 - 03:15 PM

OTL Extras logfile created on: 20/05/2011 20:49:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\louisa\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,012.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 24.67 Gb Free Space | 18.01% Space Free | Partition Type: NTFS

Computer Name: LOUISA-PC | User Name: louisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AD839E7-BFA7-4796-B2CA-B1D824ECCDF7}" = Virgin Media Security
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{714048C6-7703-4059-A8EC-17B31AAB73A2}" = RPS RpsCore
"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"AC3Filter_is1" = AC3Filter 1.63b
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Freeciv-2.0.9-gtk2" = Freeciv 2.0.9 (GTK+ client)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UFileDownloadD" = ActiveX Download Control Trial Version
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"vShare" = vShare Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/10/2010 14:42:06 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/10/2010 14:42:09 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3155978

Error - 13/10/2010 14:42:09 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3155978

Error - 14/10/2010 16:37:36 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 14/10/2010 16:37:37 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2734121

Error - 14/10/2010 16:37:37 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2734121

Error - 15/10/2010 13:22:45 | Computer Name = louisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16625,
time stamp: 0x4c2ae0bb Exception code: 0xc0000005 Fault offset: 0x00396579 Faulting
process id: 0xa70 Faulting application start time: 0x01cb6c895c13159b Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: d270f572-d880-11df-bcf3-00269e539a9c

Error - 15/10/2010 15:18:16 | Computer Name = louisa-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b90 Start
Time: 01cb6c9966afe71a Termination Time: 109 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: f09c9028-d890-11df-bcf3-00269e539a9c

Error - 17/10/2010 08:28:01 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/10/2010 08:28:01 | Computer Name = louisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19453

[ System Events ]
Error - 19/05/2011 07:54:14 | Computer Name = louisa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7.

Error - 19/05/2011 08:56:33 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom StarOpen

Error - 19/05/2011 10:32:53 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom StarOpen

Error - 19/05/2011 12:01:58 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom StarOpen

Error - 19/05/2011 12:02:04 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%-2147417831

Error - 19/05/2011 12:02:32 | Computer Name = louisa-PC | Source = DCOM | ID = 10010
Description =

Error - 19/05/2011 12:38:10 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom StarOpen

Error - 20/05/2011 07:22:08 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom StarOpen

Error - 20/05/2011 08:30:39 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 20/05/2011 13:19:30 | Computer Name = louisa-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom StarOpen


< End of report >

#7 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 May 2011 - 03:17 PM

OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    [2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r
    [2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888
    [2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888
    
    
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Commands
    [EmptyFlash]
    [RESETHOSTS] 
    [purity]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 ij21

ij21

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 May 2011 - 03:25 PM

OTL logfile created on: 20/05/2011 20:49:48 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\louisa\Desktop

Starter Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy



1,012.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.95 Gb Total Space | 24.67 Gb Free Space | 18.01% Space Free | Partition Type: NTFS



Computer Name: LOUISA-PC | User Name: louisa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)

PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)

PRC - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Windows\PLFSetI.exe ()





========== Modules (SafeList) ==========



MOD - C:\Users\louisa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Acer\Acer ePower Management\SysHook.dll (Acer Incorporated)





========== Win32 Services (SafeList) ==========



SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)

SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)

SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Radialpoint SafeCare Inc.)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)

SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Greg_Service) -- C:\Program Files\Acer\Registration\GregHSRW.exe (Acer Incorporated)





========== Driver Services (SafeList) ==========



DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint Inc.)

DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)

DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)

DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )

DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )

DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )

DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )

DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)

DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys ()





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d3ww58w68384735

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...d3ww58w68384735



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d3ww58w68384735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local







O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Users\louisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\louisa\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell - "" = AutoRun

O33 - MountPoints2\{a789d15c-4ecf-11df-a04f-00269e539a9c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe

O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell - "" = AutoRun

O33 - MountPoints2\{c22996c6-a0cf-11df-80ca-00269e539a9c}\Shell\AutoRun\command - "" = D:\Startme.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe

O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2011/05/20 20:46:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe

[2011/05/19 12:52:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/05/19 12:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/05/19 05:28:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2011/05/18 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Mozilla

[2011/05/18 19:47:54 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys

[2011/05/18 19:46:50 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys

[2011/05/18 19:45:57 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys

[2011/05/18 19:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco

[2011/05/18 19:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco

[2011/05/18 19:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security

[2011/05/18 19:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media

[2011/05/18 19:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media

[2011/05/18 18:31:52 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Malwarebytes

[2011/05/18 18:31:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/18 18:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/18 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/18 18:31:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/18 18:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/18 18:14:05 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Roaming\Virgin Media

[2011/05/18 18:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint

[2011/05/18 18:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Virgin Media

[2011/05/12 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\louisa\AppData\Local\Windows Live

[2011/05/11 20:53:36 | 000,000,000 | ---D | C] -- C:\fcdd2fff355f9310b7cb0b9fbd

[2011/05/11 20:32:31 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/05/11 20:32:30 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/04/26 22:51:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2011/04/26 22:51:13 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll

[2011/04/26 22:51:12 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2011/04/26 22:51:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2011/04/26 22:51:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/04/26 22:51:03 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/08/21 02:35:15 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2011/05/20 20:46:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\louisa\Desktop\OTL.exe

[2011/05/20 20:39:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/20 20:39:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/20 18:27:26 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/20 18:23:45 | 001,000,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/20 18:23:45 | 000,295,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/20 18:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/20 18:18:36 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/19 17:08:03 | 000,001,471 | ---- | M] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk

[2011/05/19 07:28:17 | 000,000,000 | ---- | M] () -- C:\Users\louisa\defogger_reenable

[2011/05/18 19:45:57 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys

[2011/05/18 19:44:54 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk

[2011/05/18 18:31:47 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r

[2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888

[2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888

[2011/04/28 18:46:06 | 000,000,091 | ---- | M] () -- C:\Windows\CIV.INI

[1 C:\Users\louisa\Desktop\*.tmp files -> C:\Users\louisa\Desktop\*.tmp -> ]



========== Files Created - No Company Name ==========



[2011/05/20 19:56:16 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2011/05/19 17:08:03 | 000,001,471 | ---- | C] () -- C:\Users\louisa\Desktop\iexplore - Shortcut.lnk

[2011/05/19 14:51:10 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk

[2011/05/19 14:51:09 | 000,002,597 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2011/05/19 14:51:09 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/05/19 14:51:09 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/05/19 14:51:09 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/05/19 14:51:09 | 000,001,269 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk

[2011/05/19 14:51:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/05/19 14:51:09 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk

[2011/05/19 14:51:08 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Acer GameZone Console.lnk

[2011/05/19 14:51:08 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Acer Accessory Store.lnk

[2011/05/19 07:28:17 | 000,000,000 | ---- | C] () -- C:\Users\louisa\defogger_reenable

[2011/05/18 19:44:54 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk

[2011/05/18 18:31:47 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 01:15:22 | 000,000,144 | ---- | C] () -- C:\ProgramData\~29744888r

[2011/05/16 01:15:21 | 000,000,120 | ---- | C] () -- C:\ProgramData\~29744888

[2011/05/16 01:12:03 | 000,000,336 | ---- | C] () -- C:\ProgramData\29744888

[2011/02/16 23:19:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/08/06 20:42:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2010/05/19 17:15:19 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll

[2010/05/19 17:15:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll

[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll

[2010/04/21 20:41:38 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll

[2010/04/21 20:41:38 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll

[2010/04/21 20:36:47 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2010/04/21 20:36:47 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll

[2010/01/23 14:20:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/12/21 16:29:18 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI

[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys

[2009/10/08 03:59:36 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/10/08 03:59:36 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/10/08 03:59:36 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/10/08 03:59:36 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2009/08/21 02:33:08 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat

[2009/08/21 02:33:08 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2009/08/21 02:33:08 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/08/21 02:33:08 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/08/21 02:33:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 05:33:53 | 000,412,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 001,000,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,295,224 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI



========== LOP Check ==========



[2010/01/26 22:53:18 | 000,000,000 | -HSD | M] -- C:\Users\louisa\AppData\Roaming\.#

[2011/03/02 09:45:54 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\BitTorrent

[2011/05/20 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Dropbox

[2009/12/21 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\GameConsole

[2011/05/18 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\louisa\AppData\Roaming\Virgin Media

[2011/04/17 07:50:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT



========== Purity Check ==========







< End of report >

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 May 2011 - 03:31 PM

Click: Start > All Programs> Accessories
Open Notepad, click on Format and uncheck Word Wrap.

That doesn't show anything being removed.
Try it again and let me know how it's running after running it.




OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    [2011/05/16 01:15:22 | 000,000,144 | ---- | M] () -- C:\ProgramData\~29744888r
    [2011/05/16 01:15:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~29744888
    [2011/05/16 01:12:03 | 000,000,336 | ---- | M] () -- C:\ProgramData\29744888
    
    
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\ProgramData\~29744888r
    C:\ProgramData\~29744888
    C:\ProgramData\29744888
    
    :Commands
    [EmptyFlash]
    [RESETHOSTS] 
    [purity]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 ij21

ij21

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 May 2011 - 03:50 PM

========== OTL ==========
C:\ProgramData\~29744888r moved successfully.
C:\ProgramData\~29744888 moved successfully.
C:\ProgramData\29744888 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\louisa\Desktop\cmd.bat deleted successfully.
C:\Users\louisa\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\louisa\Desktop\cmd.bat deleted successfully.
C:\Users\louisa\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
C:\Users\louisa\AppData\Local\Temp\smtmp\3\CCleaner.lnk
C:\Users\louisa\AppData\Local\Temp\smtmp\3\desktop.ini
C:\Users\louisa\AppData\Local\Temp\smtmp\3\Internet Explorer.lnk
C:\Users\louisa\AppData\Local\Temp\smtmp\3\Microsoft Office Word.lnk
C:\Users\louisa\AppData\Local\Temp\smtmp\3\Windows Explorer.lnk
C:\Users\louisa\AppData\Local\Temp\smtmp\3\Windows Media Player.lnk
6 File(s) copied
C:\Users\louisa\Desktop\cmd.bat deleted successfully.
C:\Users\louisa\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\louisa\Desktop\cmd.bat deleted successfully.
C:\Users\louisa\Desktop\cmd.txt deleted successfully.
File\Folder C:\ProgramData\~29744888r not found.
File\Folder C:\ProgramData\~29744888 not found.
File\Folder C:\ProgramData\29744888 not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: louisa
->Flash cache emptied: 2616234 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_214207

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 20 May 2011 - 03:53 PM

How's it running now?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 24 May 2011 - 07:19 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users