Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.Dropper & Rustock.E [Closed]

Started by steveo20102010 , Oct 30 2012 10:10 AM

This topic is locked

#16
godawgs

Posted 31 October 2012 - 04:38 PM

Teacher

Retired Staff
8,228 posts

#17
steveo20102010

Posted 01 November 2012 - 07:22 AM

Member

Topic Starter
Member
18 posts

Hi,

Here are the logs as requested:

1 - AdwCleaner:

# AdwCleaner v2.006 - Logfile created 11/01/2012 at 10:33:48
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Steve\AppData\Local\Conduit
Folder Deleted : C:\Users\Steve\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Steve\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Steve\AppData\LocalLow\imeshbandmltbpi
Folder Deleted : C:\Users\Steve\AppData\LocalLow\searchquband

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5729 octets] - [31/10/2012 19:16:09]
AdwCleaner[S1].txt - [5618 octets] - [01/11/2012 10:33:48]

########## EOF - C:\AdwCleaner[S1].txt - [5678 octets] ##########

2 - The OTL Fixes:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.
========== FILES ==========
C:\prefs.js moved successfully.
File\Folder C:\Windows\System32\??) -- C:\Windows\System32\?? not found.
File\Folder C:\Windows\System32\??) -- C:\Windows\System32\?? not found.
File\Folder C:\Windows\System32\?L) -- C:\Windows\System32\?L( not found.
File\Folder C:\Windows\System32\?L) -- C:\Windows\System32\?L( not found.
File\Folder C:\Windows\System32\?O) -- C:\Windows\System32\?O- not found.
File\Folder C:\Windows\System32\?O) -- C:\Windows\System32\?O- not found.
File\Folder C:\Windows\System32\?O) -- C:\Windows\System32\?O- not found.
File\Folder C:\Windows\System32\?O) -- C:\Windows\System32\?O- not found.
File\Folder C:\Windows\System32\?L) -- C:\Windows\System32\?L' not found.
File\Folder C:\Windows\System32\?L) -- C:\Windows\System32\?L' not found.
File\Folder C:\Windows\System32\??) -- C:\Windows\System32\S,'n not found.
File\Folder C:\Windows\System32\??) -- C:\Windows\System32\S,'n not found.
File\Folder C:\Windows\System32\??) -- C:\Windows\System32\?? not found.
File\Folder C:\Windows\System32\??) -- C:\Windows\System32\?? not found.
File\Folder C:\Windows\System32\?K) -- C:\Windows\System32\?K, not found.
File\Folder C:\Windows\System32\?K) -- C:\Windows\System32\?K, not found.
File\Folder C:\Windows\System32\?Œ) -- C:\Windows\System32\?Œ not found.
File\Folder C:\Windows\System32\?Œ) -- C:\Windows\System32\?Œ not found.
File\Folder C:\Windows\System32\?N) -- C:\Windows\System32\?N' not found.
File\Folder C:\Windows\System32\?N) -- C:\Windows\System32\?N' not found.
File\Folder C:\Windows\System32\?L) -- C:\Windows\System32\?L, not found.
File\Folder C:\Windows\System32\?L) -- C:\Windows\System32\?L, not found.
File\Folder C:\Users\Steve\Downloads:Shareaza.GUID not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 29951836 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1081 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6582 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11012012_103912

Files\Folders moved on Reboot...
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP5DD8Q7\page__p__2222866[1].htm moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

3 - Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Steve :: STEVE-PC [administrator]

01/11/2012 10:43:19
mbam-log-2012-11-01 (10-43-19).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325234
Time elapsed: 1 hour(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

4 - No Threats found on Eset Scan

5 - Checkup log:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

6 - New OTL Log:

OTL logfile created on: 01/11/2012 13:13:28 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.70% Memory free
3.94 Gb Paging File | 2.97 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.89 Gb Total Space | 46.52 Gb Free Space | 31.67% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.20% Space Free | Partition Type: NTFS
Drive G: | 982.05 Mb Total Space | 14.02 Mb Free Space | 1.43% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/15 09:53:34 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/02 18:15:02 | 001,542,720 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/10/19 20:27:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/05/28 17:53:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steve\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/22 15:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/09 08:30:56 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/05/30 09:00:13 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 11:12:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 40 FE A5 8B B7 CD 01 [binary data]
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]

[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.facemoods.com/?a=bf1
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/10/31 10:09:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3490D01-2D2B-4749-9468-9E34BE358641}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 19:17:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/10/31 19:06:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2012/10/31 19:01:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/31 18:59:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/31 17:30:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/31 17:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/10/31 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Adobe
[2012/10/31 10:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/31 10:06:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/30 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
[2012/10/30 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICON 225 USB Connect
[2012/10/30 16:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/30 16:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/30 16:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/30 16:35:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/30 16:35:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/30 16:34:52 | 004,991,862 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/10/30 15:49:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:16 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 14:47:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012/10/30 13:09:35 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/30 13:03:27 | 000,906,692 | ---- | C] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/30 10:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/30 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/30 10:37:57 | 021,462,096 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/27 09:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/26 14:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/26 14:21:37 | 014,221,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 13:39:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 13:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 13:10:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/19 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/10/19 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Broadband Desktop Help
[2012/10/19 20:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Motive
[2012/10/19 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/10/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/19 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/10/05 08:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/03 08:34:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\FM Genie Scout 10

========== Files - Modified Within 30 Days ==========

[2012/11/01 13:08:29 | 000,881,833 | ---- | M] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/11/01 10:48:45 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/01 10:48:45 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/01 10:48:12 | 000,671,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/01 10:48:12 | 000,129,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/01 10:41:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/01 10:41:04 | 1587,253,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 19:19:35 | 000,000,512 | ---- | M] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/10/31 19:17:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/10/31 19:15:59 | 000,540,977 | ---- | M] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2012/10/31 19:06:57 | 001,584,640 | ---- | M] () -- C:\Users\Steve\Desktop\RogueKiller.exe
[2012/10/31 16:02:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/31 16:01:55 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/31 10:09:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/30 16:34:56 | 004,991,862 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:29 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 13:10:06 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:30 | 000,906,692 | ---- | M] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/30 10:38:07 | 021,462,096 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/29 14:31:34 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/27 09:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/26 16:51:45 | 000,000,228 | ---- | M] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 14:21:46 | 014,221,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:12:14 | 000,000,055 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 12:20:14 | 001,008,141 | ---- | M] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | M] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk

========== Files Created - No Company Name ==========

[2012/11/01 13:08:25 | 000,881,833 | ---- | C] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/10/31 19:19:35 | 000,000,512 | ---- | C] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/10/31 19:15:55 | 000,540,977 | ---- | C] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2012/10/31 19:06:52 | 001,584,640 | ---- | C] () -- C:\Users\Steve\Desktop\RogueKiller.exe
[2012/10/30 16:41:04 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ICON 225 USB Connect.lnk
[2012/10/30 16:41:04 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/30 16:41:03 | 000,002,555 | ---- | C] () -- C:\Users\Public\Desktop\FMRTE.lnk
[2012/10/30 16:41:03 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\ICON 225 USB Connect.lnk
[2012/10/30 16:41:03 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/30 16:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/30 16:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/30 16:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/30 16:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/30 16:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/27 09:32:31 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 13:40:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 12:50:20 | 000,000,055 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 12:20:03 | 001,008,141 | ---- | C] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | C] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[2012/01/20 12:55:48 | 000,195,496 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/03 09:13:37 | 000,164,645 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/03 09:13:36 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/09/26 13:54:54 | 000,000,527 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/09/26 13:51:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/06/23 15:10:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/16 13:30:33 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 11:11:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/02/26 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/02/26 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/05/31 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG9
[2011/10/12 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2011/03/22 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BSD
[2011/07/02 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2011/03/17 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3Rocket
[2011/09/03 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MusicNet
[2011/09/26 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyHeritage
[2011/08/08 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Netscape
[2011/10/01 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OnLive App
[2011/09/21 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Scribus
[2011/03/17 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shareaza
[2012/08/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sports Interactive
[2011/09/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/11/20 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2012/10/26 13:25:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2011/04/09 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/12/26 23:36:44 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/12/26 23:36:44 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/11/28 16:51:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/28 16:51:08 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/21 22:36:26 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 22:36:26 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 11:52:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/11/21 11:52:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/10/21 12:34:49 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/21 12:34:49 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/20 12:34:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șŉ
[2010/10/20 12:34:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șŉ
[2010/10/13 11:52:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/13 11:52:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/11 12:27:42 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/10/11 12:27:42 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/09/12 14:55:29 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\춘Œ
[2010/09/12 14:55:29 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\춘Œ
[2010/08/22 22:27:43 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/22 22:27:43 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/21 11:50:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ
[2010/08/21 11:50:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Steve\Downloads:Shareaza.GUID
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Many thanks,

#18
godawgs

Posted 01 November 2012 - 01:01 PM

Teacher

Retired Staff
8,228 posts

Hi Steveo,

The logs look good except for the Unicode files. I am asking the tool developer about those. In the mean time we need to update Adobe Reader. I would also recommend that you update Internet Explorer, but that is your call.

Step-1.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.

Go to Start > Control Panel > Add/Remove Programs
Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
Click the Download Now button to download Adobe Reader and follow the directions.

Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.

Step-2.

If you decide to update IE, click the Windows Update link on the Start Orb> All Programs menu and go to the Microsoft update site to update it.

Step-3.

Things For Your Next Post:
1. Let me know how things went

#19
steveo20102010

Posted 02 November 2012 - 04:25 AM

Member

Topic Starter
Member
18 posts

Hi,

I have installed the new Acrobat and IE, all done ok.

I also ran a Full Scan yesterday afternoon using the MSE and came back No Threats.

Looks to be all good again now, but I will wait to hear that from you first!!

Thanks

#20
godawgs

Posted 02 November 2012 - 09:07 AM

Teacher

Retired Staff
8,228 posts

Hi steveo,

Thanks

You are welcome.

Let's try a different approach to get rid of those unicode files. Then we should be ready to do some cleanup. :thumbsup:

Step-1.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

1. Download the attached Fix.txt file and save it to the desktop.[attachment=61289:Fix.txt]

2. Please re-open Posted Image

on your desktop.
3. Click the Posted Image

button.
You will get a message dialog telling you that no fix is present and asking if you want to load it from a file.
4. Click Yes
A standard file open dialog window will open.
5. Navigate to the desktop. Find the Fix.txt file and click it. That will put it in the File Open box.
6. Click the Open button.
OTL will load the file automatically and the program will run the fix.
7. Let the program run unhindered.
8. OTL may ask to reboot the machine. Please do so if asked.
9. A report will open. Copy and Paste that report in your next reply.
10. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
11. Run OTL again and click the Posted Image

button. Post the log it produces in your next reply.

Step-2.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log

#21
steveo20102010

Posted 02 November 2012 - 09:30 AM

Member

Topic Starter
Member
18 posts

Hi,

First Log:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File C:\Windows\System32\銠̖ not found.
File C:\Windows\System32\銠̖ not found.
File C:\Windows\System32\輘Ľ not found.
File C:\Windows\System32\輘Ľ not found.
File C:\Windows\System32\䗠Ō not found.
File C:\Windows\System32\䗠Ō not found.
File C:\Windows\System32\ꎐŌ not found.
File C:\Windows\System32\ꎐŌ not found.
File C:\Windows\System32\늸Ĺ not found.
File C:\Windows\System32\늸Ĺ not found.
File C:\Windows\System32\Șŉ not found.
File C:\Windows\System32\Șŉ not found.
File C:\Windows\System32\ꏰ˿ not found.
File C:\Windows\System32\ꏰ˿ not found.
File C:\Windows\System32\䀀Ķ not found.
File C:\Windows\System32\䀀Ķ not found.
File C:\Windows\System32\춘Œ not found.
File C:\Windows\System32\춘Œ not found.
File C:\Windows\System32\Ń not found.
File C:\Windows\System32\Ń not found.
File C:\Windows\System32\�Ļ not found.
File C:\Windows\System32\�Ļ not found.
Unable to delete ADS C:\Users\Steve\Downloads:Shareaza.GUID .
========== COMMANDS ==========
Error: Unable to interpret <{EMPTYTEMP]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11022012_152554

#22
steveo20102010

Posted 02 November 2012 - 09:38 AM

Member

Topic Starter
Member
18 posts

The 2nd Log:

OTL logfile created on: 02/11/2012 15:30:23 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 63.15% Memory free
3.94 Gb Paging File | 2.97 Gb Available in Paging File | 75.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.89 Gb Total Space | 46.04 Gb Free Space | 31.34% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.20% Space Free | Partition Type: NTFS
Drive E: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 982.05 Mb Total Space | 14.02 Mb Free Space | 1.43% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 12:38:05 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/02 18:15:02 | 001,542,720 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/11/02 12:38:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 20:27:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/05/28 17:53:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steve\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/22 15:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/09 08:30:56 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/05/30 09:00:13 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 11:12:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 40 FE A5 8B B7 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]

[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/10/31 10:09:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3490D01-2D2B-4749-9468-9E34BE358641}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/10/13 18:44:59 | 000,136,448 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/25 17:10:55 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/02 12:06:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\WinZip Courier
[2012/11/02 12:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2012/11/02 12:05:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\assembly
[2012/11/02 11:18:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\WinZip
[2012/11/02 11:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/11/02 11:18:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Add-in Express
[2012/11/02 11:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/11/02 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/11/02 09:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/02 09:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/11/01 15:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2012/10/31 19:17:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/10/31 19:06:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2012/10/31 19:01:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/31 18:59:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/31 17:30:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/31 17:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/10/31 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Adobe
[2012/10/31 10:06:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/30 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
[2012/10/30 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICON 225 USB Connect
[2012/10/30 16:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/30 16:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/30 16:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/30 16:35:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/30 16:35:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/30 16:34:52 | 004,991,862 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/10/30 15:49:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:16 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 14:47:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012/10/30 13:09:35 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/30 13:03:27 | 000,906,692 | ---- | C] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/30 10:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/30 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/30 10:37:57 | 021,462,096 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/27 09:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/26 14:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/26 14:21:37 | 014,221,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 13:39:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 13:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 13:10:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/19 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/10/19 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Broadband Desktop Help
[2012/10/19 20:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Motive
[2012/10/19 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/10/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/19 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/10/05 08:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

========== Files - Modified Within 30 Days ==========

[2012/11/02 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/02 12:48:55 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 12:48:55 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 12:46:17 | 000,671,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/02 12:46:17 | 000,129,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/02 12:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/02 12:41:28 | 1587,253,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/02 11:18:35 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/11/02 10:06:19 | 000,001,411 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/02 09:59:55 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/11/02 09:57:18 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/01 13:08:29 | 000,881,833 | ---- | M] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/10/31 19:19:35 | 000,000,512 | ---- | M] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/10/31 19:17:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/10/31 19:15:59 | 000,540,977 | ---- | M] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2012/10/31 19:06:57 | 001,584,640 | ---- | M] () -- C:\Users\Steve\Desktop\RogueKiller.exe
[2012/10/31 16:02:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/31 16:01:55 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/31 10:09:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/30 16:34:56 | 004,991,862 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:29 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 13:10:06 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:30 | 000,906,692 | ---- | M] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/30 10:38:07 | 021,462,096 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/29 14:31:34 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/27 09:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/26 16:51:45 | 000,000,228 | ---- | M] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 14:21:46 | 014,221,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:12:14 | 000,000,055 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/25 13:19:04 | 000,001,079 | ---- | M] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk

========== Files Created - No Company Name ==========

[2012/11/02 12:38:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/02 11:18:35 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/11/02 09:59:55 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/11/02 09:57:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/02 09:57:18 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/01 13:08:25 | 000,881,833 | ---- | C] () -- C:\Users\Steve\Desktop\SecurityCheck.exe
[2012/10/31 19:19:35 | 000,000,512 | ---- | C] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/10/31 19:15:55 | 000,540,977 | ---- | C] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2012/10/31 19:06:52 | 001,584,640 | ---- | C] () -- C:\Users\Steve\Desktop\RogueKiller.exe
[2012/10/30 16:41:04 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ICON 225 USB Connect.lnk
[2012/10/30 16:41:04 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/30 16:41:03 | 000,002,555 | ---- | C] () -- C:\Users\Public\Desktop\FMRTE.lnk
[2012/10/30 16:41:03 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/30 16:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/30 16:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/30 16:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/30 16:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/30 16:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/27 09:32:31 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 13:40:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 12:50:20 | 000,000,055 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/25 13:19:04 | 000,001,079 | ---- | C] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[2012/01/20 12:55:48 | 000,195,496 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/03 09:13:37 | 000,164,645 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/03 09:13:36 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/09/26 13:54:54 | 000,000,527 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/09/26 13:51:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/06/23 15:10:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/16 13:30:33 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 11:11:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/31 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG9
[2011/10/12 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2011/03/22 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BSD
[2011/07/02 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2011/03/17 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3Rocket
[2011/09/03 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MusicNet
[2011/09/26 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyHeritage
[2011/08/08 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Netscape
[2011/10/01 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OnLive App
[2011/09/21 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Scribus
[2011/03/17 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shareaza
[2012/08/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sports Interactive
[2011/09/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/11/20 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2012/10/26 13:25:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2011/04/09 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/08/21 11:50:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ
[2010/08/21 11:50:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Steve\Downloads:Shareaza.GUID
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Thanks

#23
steveo20102010

Posted 02 November 2012 - 09:40 AM

Member

Topic Starter
Member
18 posts

I have noticed on these logs I am sending some programs / files of things I no longer use, i.e. Mozilla Firefox, Chrome, Bearshare, Limewire etc....

There is no option to uninstall, Is there a way to remove those old files?

Thanks,

Steve

#24
godawgs

Posted 02 November 2012 - 11:08 AM

Teacher

Retired Staff
8,228 posts

I have noticed on these logs I am sending some programs / files of things I no longer use, i.e. Mozilla Firefox, Chrome, Bearshare, Limewire etc....

There is no option to uninstall, Is there a way to remove those old files?

Thanks,

Steve

Let me look through the log and there should be something we can do. The OTL fix revealed some additional unicode files. We should be able to take care of those as well.
I'm gonna be out for the afternoon. I'll be back to you later this pm.

#25
godawgs

Posted 02 November 2012 - 10:51 PM

Teacher

Retired Staff
8,228 posts

Hi,

The following OTL fix will remove the entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules registry key for Bearshare, Limewire, uTorrent and Frostwire. It will also remove the file folders for Bearshare, Limewire, uTorrent and Frostwire.

It will also remove all Registry keys for Firefox.

So if you still have any of these programs installed Do Not run the fix and let me know.

We will back the registry up before doing this.

Step-1.

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. If you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Posted Image

Backing Up Your Registry with ERUNT
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Compatible with Windows NT, 2000, 2003, XP, Vista, Windows 7, 32 & 64-bit versions.
1. Download ERUNT
2. Double-click erunt_setup.exe to run.

Vista and Windows 7 users will need to right click the erunt_setup.exe file and click Run as Admimistrstor. If prompted by Windows UAC, allow it.

3. Follow the prompts and install using the default configuration:
a. Select your preferred Setup language.
Posted Image

b. At the Setup screen click Next.
Posted Image

c. Accept the default destination folder by clicking Next.
Posted Image

d. Accept the default Start Menu Folder by clicking Next.
Posted Image

e. On the Select Additional Tasks Window, click Create ERUNT desktop icon only. Do Not check the Create NTREGOPT desktop icon. Then click Next.

Posted Image

f. Ready to Install. The Create NTREGOPT desktop icon will not be on the list. Click the Install button.
Posted Image

g. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
Posted Image

h. Setup has completed. Tick the check boxes to Show documentation, or Launch ERUNT. Click Finish.
Posted Image

4. Click OK to start ERUNT
Posted Image

5. Choose a location for the backup

The default location C:\WINDOWS\ERDNT\[today's date] is preferred

6. The first two check boxes are ticked by default (System registry and Current user registry).
7. Press OK
Posted Image

8. When prompted, click YES to create a new folder.
Posted Image

9. Progress bars will show backup status.
Posted Image

10. A confirmation window will pop up when complete.
Posted Image

11. Click Ok to close.
There is a Readme.txt file in the C:/Program Files/ERUNT folder that explains the program.

Step-2.

Delete the Firefox Files and Folders

Show Hidden Files and Folders

Click the Start Orb. Click Computer.
On the next window, at the top of the window, click Tools then click Folder Options.
On the Folder Options window click the View tab.
Under the Files and Folders section:
Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
Also make sure that Hide protected system operating files(recommended) is un-checked.
Also make sure the Hide extensions for known file types box is un-checked.

NEXT:

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) in red (if present):

C:\Program Files\Mozilla Firefox
C:\Users\Steve\AppData\Local\Mozilla
C:\Users\Steve\AppData\Local\VirtualStore\Program Files\Mozilla Firefox
Delete all C:\WINDOWS\Prefetch\FIREFOX* files

2. Close Windows Explorer.

Step-3.

I don't know that much about Chrome but if you have already uninstalled the program please go to the Manually uninstall Google Chrome in Windows page and follow the instructions there. You won't need to back the registry up again.

Step-4.

Posted Image

on your desktop.
3. Click the Posted Image

button. Post the log it produces in your next reply.

Step-4.

Things For Your Next Post:
1. The new OTL.txt log

#26
steveo20102010

Posted 05 November 2012 - 06:59 AM

Member

Topic Starter
Member
18 posts

Hi,

I can't do Step 2, as I can't see and Tools option or Folders Option!

I am using Windows 7 Professional.

Thanks

#27
godawgs

Posted 05 November 2012 - 10:21 AM

Teacher

Retired Staff
8,228 posts

Let's see if you can get there this way:

Show Hidden Files /Folders

1. Click Start,click Control Panel.
2. Click Folder Options.... NOTE: If you are in the Category view, click Clasic View, or Appearance in the left column, then Folder Options
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, under Hidden files and folders, click the Show hidden files and folders button.
5. Make sure the Hide protected operating system files (Recommended) box is not checked.
6. Also make sure the Hide extensions for known file types box is not checked.
7. Click Apply and then OK

#28
steveo20102010

Posted 06 November 2012 - 04:57 AM

Member

Topic Starter
Member
18 posts

Hi,

The latest log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Windows\System32\�Ļ not found.
File C:\Windows\System32\�Ļ not found.
Unable to delete ADS C:\Users\Steve\Downloads:Shareaza.GUID .
========== FILES ==========
File\Folder c:\program files\bearshare applications not found.
File\Folder c:\program files\frostwire not found.
File\Folder c:\program files\frostwire 5 not found.
File\Folder c:\program files\limewire not found.
File\Folder c:\program files\utorrent not found.
C:\Users\Steve\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Steve\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Steve\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Steve\AppData\Roaming\FrostWire folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E731479-04DF-4A7E-B26B-993A533FB9A2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E731479-04DF-4A7E-B26B-993A533FB9A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28707C3D-1ABB-44B5-87AE-74AA3C26590B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28707C3D-1ABB-44B5-87AE-74AA3C26590B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C3F1F84-7629-43A1-B0EA-8F3D62BE8217} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C3F1F84-7629-43A1-B0EA-8F3D62BE8217}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49D19CF3-B352-47F7-BD84-D12039F602AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49D19CF3-B352-47F7-BD84-D12039F602AA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64847F67-BED4-4BFB-A948-8F4761DAF56E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64847F67-BED4-4BFB-A948-8F4761DAF56E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E5F3078-ADBF-4702-9BAF-87EDDF64CE96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E5F3078-ADBF-4702-9BAF-87EDDF64CE96}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D5B9DB6-49C3-42EC-912A-F94B5FE0D0FB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D5B9DB6-49C3-42EC-912A-F94B5FE0D0FB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91A7FA0B-C708-42EE-B817-B713A5446BEC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91A7FA0B-C708-42EE-B817-B713A5446BEC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD304EE0-3870-4A1D-8EB4-01B70ED4CEA1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD304EE0-3870-4A1D-8EB4-01B70ED4CEA1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B27BAAE5-A682-4B0A-8A24-6C68A6A335EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B27BAAE5-A682-4B0A-8A24-6C68A6A335EC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D332F7B8-5F99-4560-A44B-12A29EAC79D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D332F7B8-5F99-4560-A44B-12A29EAC79D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECC574FA-ACCC-49A4-A35B-D6DA627859A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECC574FA-ACCC-49A4-A35B-D6DA627859A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDC4D861-BE48-4592-8B4D-46B7690CE9DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDC4D861-BE48-4592-8B4D-46B7690CE9DF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF4C8B3D-0AE5-418E-A734-1E18084CEC05} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF4C8B3D-0AE5-418E-A734-1E18084CEC05}\ not found.
Registry key HKEY_CLASSES_ROOT\FirefoxHTML not found.
Registry key HKEY_CLASSES_ROOT\FirefoxURL not found.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\firefox.exe\ not found.
Registry key HKEY_CURRENT_USER\Software\Mozilla\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 91938566 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3642 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142254 bytes
RecycleBin emptied: 2455 bytes

Total Files Cleaned = 88.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11062012_104926

Files\Folders moved on Reboot...
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DGQQIBDZ\page__st__15__p__2224646[1].htm moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I am not too concerned about deleting these files as the PC is running perfectly OK now so if it proving to be a problem don't worry too much!!

Thanks for your help

#29
godawgs

Posted 06 November 2012 - 06:25 AM

Teacher

Retired Staff
8,228 posts

Hello,

Thanks for the OTL fixes log.

I am not too concerned about deleting these files as the PC is running perfectly OK now so if it proving to be a problem don't worry too much!!

I'm sorry, what files are you talking about?

Also, you did not include the new OTL.txt log. Please see number 11 of Step 3 on post #25 and post the new OTL.txt log and answer my question about the files.

Thanks

#30
godawgs

Posted 10 November 2012 - 12:31 PM

Teacher

Retired Staff
8,228 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.