I was able to get into Safe Mode with Networking and cycled through a few different scanners (Malwarebytes, ESET, RogueKiller, TDSS, aswMBR). TDSS and aswMBR didn't report any problems, while the other three scanners detected and removed a bunch of files relating to ZeroAccess (from what I can gather, the newer variant that installs under C:\Users\username\AppData).
This seems to have removed the infection - the ransomware is gone, Normal Mode is up again, the browser redirects I noticed while downloading the scanners in Safe Mode have gone, Windows Firewall and Windows Defender are both running again (the infection had disabled them), and further scans over the past few days (with updates) have all been clean.
However, Windows Update appears to have been disabled: the Action Center flag on my taskbar constantly has the item "Change Windows Update settings (Important)", but the service isn't running, doesn't show up as a "Stopped" service, and when I try to manually check for updates from the "Windows Update" section of Control Panel, I'm told that it can't check for updates "because the service is not running".
So, I'm not sure whether I'm still infected or the scanners just haven't fully fixed the damage left by the removed infections.
Here is the log of an OTL scan I've just run:
OTL logfile created on: 10/2/2012 3:04:58 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\lee\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.30 Mb Total Physical Memory | 174.73 Mb Available Physical Memory | 17.24% Memory free
1.99 Gb Paging File | 0.98 Gb Available in Paging File | 49.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.97 Gb Total Space | 13.10 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
Drive D: | 66.98 Gb Total Space | 0.80 Gb Free Space | 1.20% Space Free | Partition Type: NTFS
Computer Name: L-PC | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/02 15:04:38 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\lee\Downloads\OTL.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/02 17:48:26 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/02 17:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:39 | 000,578,072 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 10:41:38 | 000,123,416 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)
========== Driver Services (SafeList) ==========
DRV - [2009/11/13 23:58:20 | 000,546,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 21:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lee\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lee\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 21:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DAFB0515-075B-11E2-8271-B8AC6F996F26}: C:\Users\lee\AppData\Local\{DAFB0515-075B-11E2-8271-B8AC6F996F26}\ [2012/09/25 22:56:31 | 000,000,000 | ---D | M]
[2011/07/18 21:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lee\AppData\Roaming\Mozilla\Extensions
[2011/07/18 21:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/25 22:56:31 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\LEE\APPDATA\LOCAL\{DAFB0515-075B-11E2-8271-B8AC6F996F26}
[2011/07/08 08:31:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lee\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lee\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Gmail = C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/07/27 20:12:05 | 000,000,921 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - Startup: C:\Users\lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{029B0DFC-C29A-4240-B7CB-8BB9769098B0}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ede6138f-d5ed-11df-8815-b482fe50af9c}\Shell - "" = AutoRun
O33 - MountPoints2\{ede6138f-d5ed-11df-8815-b482fe50af9c}\Shell\AutoRun\command - "" = E:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/02 03:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/02 03:17:54 | 000,000,000 | ---D | C] -- C:\Users\lee\Desktop\RK_Quarantine
[2012/09/27 00:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/26 00:05:55 | 000,000,000 | ---D | C] -- C:\Users\lee\AppData\Roaming\Malwarebytes
[2012/09/26 00:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 00:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/26 00:05:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/26 00:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/25 22:56:31 | 000,000,000 | ---D | C] -- C:\Users\lee\AppData\Local\{DAFB0515-075B-11E2-8271-B8AC6F996F26}
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/02 15:04:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2071869296-2185399040-3217962726-1000UA.job
[2012/10/02 14:58:37 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 14:58:37 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 14:55:23 | 000,664,734 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/10/02 14:55:23 | 000,125,438 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/10/02 14:50:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/02 14:50:38 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/01 17:04:02 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2071869296-2185399040-3217962726-1000Core.job
[2012/09/27 12:10:50 | 000,002,439 | ---- | M] () -- C:\Users\lee\Desktop\Google Chrome.lnk
[2012/09/27 00:28:47 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012/09/25 23:33:04 | 000,102,400 | ---- | M] () -- C:\windows\RegBootClean.exe
[2012/09/25 23:30:58 | 000,162,556 | ---- | M] () -- C:\Users\lee\AppData\Local\census.cache
[2012/09/25 23:30:47 | 000,092,453 | ---- | M] () -- C:\Users\lee\AppData\Local\ars.cache
[2012/09/25 23:16:18 | 000,000,036 | ---- | M] () -- C:\Users\lee\AppData\Local\housecall.guid.cache
[2012/09/25 23:12:35 | 000,006,464 | ---- | M] () -- C:\Users\lee\AppData\Local\chromeupdate.crx
[2012/09/24 23:05:56 | 000,203,808 | ---- | M] () -- C:\Users\lee\Desktop\EECS-2006-1.pdf
[2012/09/21 17:53:25 | 000,011,535 | ---- | M] () -- C:\Users\lee\_viminfo
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/27 00:28:47 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/09/25 23:32:51 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe
[2012/09/25 23:30:58 | 000,162,556 | ---- | C] () -- C:\Users\lee\AppData\Local\census.cache
[2012/09/25 23:30:47 | 000,092,453 | ---- | C] () -- C:\Users\lee\AppData\Local\ars.cache
[2012/09/25 23:16:18 | 000,000,036 | ---- | C] () -- C:\Users\lee\AppData\Local\housecall.guid.cache
[2012/09/25 22:56:31 | 000,006,464 | ---- | C] () -- C:\Users\lee\AppData\Local\chromeupdate.crx
[2012/09/24 23:05:56 | 000,203,808 | ---- | C] () -- C:\Users\lee\Desktop\EECS-2006-1.pdf
[2012/04/24 15:54:41 | 000,007,604 | ---- | C] () -- C:\Users\lee\AppData\Local\Resmon.ResmonCfg
[2012/04/11 03:06:00 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/06/05 17:51:42 | 000,000,129 | ---- | C] () -- C:\Users\lee\jagex_runescape_preferences2.dat
[2011/06/05 17:49:35 | 000,000,034 | ---- | C] () -- C:\Users\lee\jagex_runescape_preferences.dat
[2011/02/25 20:41:47 | 000,000,206 | ---- | C] () -- C:\Users\lee\.swfinfo
[2010/06/11 19:28:00 | 000,011,535 | ---- | C] () -- C:\Users\lee\_viminfo
[2010/06/11 16:28:29 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/06/16 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\.anki
[2012/06/08 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\.matplotlib
[2012/08/27 15:33:39 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\Audacity
[2010/11/09 15:53:27 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\flightgear.org
[2010/11/18 18:57:50 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\Jeskola
[2010/12/29 00:30:39 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\Microchip
[2010/07/21 10:34:08 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\OpenOffice.org
[2011/09/25 17:46:26 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\Renoise
[2010/10/08 00:12:03 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\Stellarium
[2012/09/24 20:05:53 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\uTorrent
[2010/06/13 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\lee\AppData\Roaming\Wireshark
========== Purity Check ==========
< End of report >