Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://uk.woofi.info/ [Closed]

Started by hellomut , Jun 10 2013 09:55 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 21 June 2013 - 12:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

Advertisements

#17
Nutloaf
Posted 21 June 2013 - 04:10 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut glad you have returned :)

Let's us carry on from where we left off here
  • 0

#18
hellomut
Posted 23 June 2013 - 12:16 PM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi sorey for the late reply here are the reports
Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows Vista ™ Home Basic Service Pack 2
Program started at: 06/23/2013 06:44:31 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\shadbolt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\shadbolt\Desktop


0 bad shortcuts found.

Program finished at: 06/23/2013 06:44:32 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

OTL logfile created on: 23/06/2013 18:47:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 24.14% Memory free
3.25 Gb Paging File | 1.86 Gb Available in Paging File | 57.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 89.58 Gb Free Space | 60.10% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 11:29:38 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/20 11:29:38 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/20 11:29:38 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/20 11:29:36 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/16 17:20:32 | 000,032,024 | ---- | M] () -- C:\Program Files\sysTPL\sysTPLService.exe
PRC - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () -- C:\Program Files\sysTPL\sysTPLMonitor.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/02 20:21:44 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Services (SafeList) ==========

SRV - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/16 17:20:32 | 000,032,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\sysTPL\sysTPLService.exe -- (sysTPLService.exe)
SRV - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () [Auto | Running] -- C:\Program Files\sysTPL\sysTPLMonitor.exe -- (sysTPLMonitor.exe)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/02 20:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...121240&tsp=4922
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...121240&tsp=4922
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [sysTPL] C:\Program Files\sysTPL\sysTPL.exe ()
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/23 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder (2)
[2013/06/23 17:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013/06/23 17:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/06/23 17:32:40 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Babylon
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 17:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/09 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps
[2013/05/26 12:05:21 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 11:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\sysTPL
[2013/05/26 11:58:50 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Tlapia

========== Files - Modified Within 30 Days ==========

[2013/06/23 18:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/23 17:58:32 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/23 17:47:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 17:47:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 17:46:48 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/23 17:46:30 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/23 17:46:22 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/23 17:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/23 17:45:27 | 1608,925,184 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/23 17:43:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/23 17:33:40 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\EPUpdater.job
[2013/06/23 10:20:03 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/21 10:59:53 | 205,057,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 12:02:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wget-log

========== Files Created - No Company Name ==========

[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/23 17:33:40 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\EPUpdater.job
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/09 17:16:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 12:02:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wget-log
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/23 17:32:40 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Babylon
[2013/05/26 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Tlapia

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 646B-E12E
Directory of C:\
02/11/2006 13:59 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:59 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 13:59 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:59 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:59 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:59 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:59 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:59 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:59 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:59 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:59 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:59 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:59 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:59 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:59 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:59 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:59 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 13:59 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:59 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:59 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Roaming]
29/07/2010 20:51 <JUNCTION> Cookies [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Cookies]
29/07/2010 20:51 <JUNCTION> Local Settings [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> My Documents [C:\Users\shadbolt\Documents]
29/07/2010 20:51 <JUNCTION> NetHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/07/2010 20:51 <JUNCTION> PrintHood [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/07/2010 20:51 <JUNCTION> Recent [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Recent]
29/07/2010 20:51 <JUNCTION> SendTo [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\SendTo]
29/07/2010 20:51 <JUNCTION> Start Menu [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu]
29/07/2010 20:51 <JUNCTION> Templates [C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt\AppData\Local
29/07/2010 20:51 <JUNCTION> Application Data [C:\Users\shadbolt\AppData\Local]
29/07/2010 20:51 <JUNCTION> History [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\History]
29/07/2010 20:51 <JUNCTION> Temporary Internet Files [C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt\AppData\LocalLow
27/08/2010 21:34 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\shadbolt\Documents
29/07/2010 20:51 <JUNCTION> My Music [C:\Users\shadbolt\Music]
29/07/2010 20:51 <JUNCTION> My Pictures [C:\Users\shadbolt\Pictures]
29/07/2010 20:51 <JUNCTION> My Videos [C:\Users\shadbolt\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 96,318,218,240 bytes free

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/05 13:41:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/05 13:41:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/05 13:41:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/05/17 00:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/05/17 00:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

I seem to be getting other things happening I get a message about NETBT QoS Packet Scheduler driver not found.

Hope can can help
Thanks
I forgot to say I have removed the old windows file, the Tlapia folder and Angry birds but I can't remove SysTPL

Edited by hellomut, 23 June 2013 - 02:14 PM.

  • 0

#19
Nutloaf
Posted 23 June 2013 - 02:39 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Hellomut nice to see you again :) I am awaiting clearance for my next post :thumbsup:
  • 0

#20
Nutloaf
Posted 23 June 2013 - 03:17 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Hellomut :)

O.K you have been reinfected so we have to start again I'm afraid, not to worry it doesn't look to bad. Please refrain from downloading or installing anything new until we have finished :thumbsup:

Malawarebytes is running along side Security Essential and this will cause conflicts and performance issues, more importantly running 2 AntiVirus puts you more at risk of infection. I need you to uninstall Malwarebytes. I will ask you to install it in a few posts.

sysTPL is not needed and often comes bundled with other programs. As for the other programs listed below please uninstall if present.

1. Uninstalls
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Malwarebytes
  • SysTPL
  • Wajam
  • Tlapia
  • Yontoo

2. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2013/05/16 17:20:32 | 000,032,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\sysTPL\sysTPLService.exe -- (sysTPLService.exe)
SRV - [2013/05/16 17:20:32 | 000,029,976 | ---- | M] () [Auto | Running] -- C:\Program Files\sysTPL\sysTPLMonitor.exe -- (sysTPLMonitor.exe)
SRV - [2013/05/02 20:21:44 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...121240&tsp=4922
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...121240&tsp=4922

O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O4 - HKLM..\Run: [sysTPL] C:\Program Files\sysTPL\sysTPL.exe ()

[2013/06/23 17:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013/06/23 17:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/06/23 17:32:40 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Babylon
[2013/05/26 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Rovio
[2013/05/26 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Roaming\Tlapia

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"

:FILES
C:\Program Files\sysTPL
netsh int ip reset c:\resetlog.txt

:COMMANDS
[EMPTYTEMP]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

3. Run ADWcleaner
  • Double click ADWcleaner and select Search
  • The search will complete and a log produced I need to see this log.

4. Junkware Removal Tool
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

5. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    /md5start
    netbt.sys
    /md5stop

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

Things I want to see in your next post.
  • OTL Fix.txt
  • ADWcleaner scan results
  • JRT.txt
  • OTL.txt and Extras.txt
  • How are things running now?
  • Windows.old folder?

  • 0

#21
hellomut
Posted 24 June 2013 - 04:46 PM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi I have completed all the scans the last OTL scans only produced one report, I removed the windows.old folder last time I could not remove SysTPL, I could not find Wajam or Yontoo I did remove Tlapia. Here are the reports
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service sysTPLService.exe stopped successfully!
Service sysTPLService.exe deleted successfully!
C:\Program Files\sysTPL\sysTPLService.exe moved successfully.
Service sysTPLMonitor.exe stopped successfully!
Service sysTPLMonitor.exe deleted successfully!
C:\Program Files\sysTPL\sysTPLMonitor.exe moved successfully.
Service WajamUpdater stopped successfully!
Service WajamUpdater deleted successfully!
C:\Program Files\Wajam\Updater\WajamUpdater.exe moved successfully.
HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ deleted successfully.
C:\Program Files\Wajam\IE\priam_bho.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysTPL deleted successfully.
C:\Program Files\sysTPL\sysTPL.exe moved successfully.
C:\Program Files\Wajam\Updater folder moved successfully.
C:\Program Files\Wajam\IE folder moved successfully.
C:\Program Files\Wajam folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Babylon folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Rovio\Angry Birds Rio folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Rovio folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Tlapia\QuickEngine 1.0.1\install\8AFE8F9 folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Tlapia\QuickEngine 1.0.1\install folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Tlapia\QuickEngine 1.0.1 folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Tlapia folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\\"Default_Page_URL"|"http://www.google.com" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\\"Start Page"|"http://www.google.com" /E : value set successfully!
========== FILES ==========
C:\Program Files\sysTPL folder moved successfully.
File\Folder netsh int ip reset c:\resetlog.txt not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: shadbolt
->Temp folder emptied: 43486311 bytes
->Temporary Internet Files folder emptied: 346262022 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 8747 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245021 bytes
RecycleBin emptied: 155269 bytes

Total Files Cleaned = 372.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06242013_214744

Files\Folders moved on Reboot...
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.2128.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.6532.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.6540.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koan.2128.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koan.6532.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koan.6540.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koanlight.2128.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koanlight.6532.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koanlight.6540.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XE7O36T9\skypeinoutlook-iframe[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TLBAE3IA\Messenger[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TLBAE3IA\regular[1].eot moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TLBAE3IA\semibold[1].eot moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S34RAM2L\xmlProxy[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODGSDG9O\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODGSDG9O\GFXHasherAjaxIFrame_e8u3OtQonFhEjc0Yi_3RCA2[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODGSDG9O\GFXHasherVerification[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ODGSDG9O\LocalStorage[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JSE594WQ\skypedomaincheck[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JSE594WQ\xmlProxy[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GZRTP15V\default[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GZRTP15V\resourcespreload[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FMHY2P72\light[1].eot moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FMHY2P72\xmlProxy[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EWYB7DSW\outlook-transIframe[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EWYB7DSW\RteFrameResources[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ESDJA466\flextag[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E073M9A4\xmlProxy[4].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\42MA110X\bing_com[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 22:05:45
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : shadbolt - SHADBOLT-PC
# Boot Mode : Normal
# Running from : C:\Users\shadbolt\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Windows\Tasks\EPUpdater.job
Folder Found : C:\Users\shadbolt\AppData\LocalLow\Delta

***** [Registry] *****

Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Wajam
Key Found : HKLM\SOFTWARE\5d2d88be13dee14
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2522 octets] - [13/06/2013 09:34:11]
AdwCleaner[R2].txt - [2582 octets] - [13/06/2013 17:10:50]
AdwCleaner[R3].txt - [2297 octets] - [24/06/2013 22:05:45]
AdwCleaner[S1].txt - [2735 octets] - [13/06/2013 17:11:23]

########## EOF - C:\AdwCleaner[R3].txt - [2417 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by shadbolt on 24/06/2013 at 22:19:21.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\shadbolt\appdata\locallow\delta"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/06/2013 at 22:21:54.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 24/06/2013 23:05:59 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 33.22% Memory free
3.25 Gb Paging File | 1.90 Gb Available in Paging File | 58.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.00 Gb Free Space | 61.72% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 11:29:38 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/20 11:29:38 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/20 11:29:38 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/20 11:29:36 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Services (SafeList) ==========

SRV - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/31 22:37:37 | 000,000,000 | ---D | M]

[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\246fix
[2013/06/23 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder (2)
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/06/24 22:58:06 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/24 22:46:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/24 22:00:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/24 22:00:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/24 22:00:37 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/24 22:00:10 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/24 22:00:08 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/24 21:59:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/24 21:59:42 | 1608,892,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/24 21:58:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/24 12:38:22 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/23 17:33:40 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\EPUpdater.job
[2013/06/21 10:59:53 | 205,057,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/05/26 12:02:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wget-log

========== Files Created - No Company Name ==========

[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/23 17:33:40 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\EPUpdater.job
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/05/26 12:02:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wget-log
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Custom Scans ==========

< MD5 for: NETBT.SYS >
[2008/01/21 03:34:49 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< End of report >
I think that's it for now, the laptop is running but there are thinks that keep coming up NETBT drivers not working or stopped working, I will try using it a bit more and log any problems.
Many Thanks
  • 0

#22
Nutloaf
Posted 24 June 2013 - 05:02 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there can you also post the Extras log thanks :)

I am looking into the errors you are getting, a fix will be ready for you but I need the Extras log also.

Many thanks Hellomut :thumbsup:
  • 0

#23
Nutloaf
Posted 25 June 2013 - 02:23 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello again leave the Extras log for now and carry on with the following :)

Can you tell me anything about this folder on your Desktop? If it is a personal folder I only need confirmation that you know about it.246fix

We will try to address the errors you have been getting in this post and get an Extras log with the 3rd step.

1. Run ADWcleaner
  • Double click ADWcleaner and select Search
  • The search will complete and a log produced I do not need to see this log.
  • Back to ADWcleaner and click Delete and O.K to remove malware.
  • A reboot will be asked for click O.K
  • On reboot a log is produced. I need to see this log

2. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

:REG
[HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

:FILES
ipconfig /flushdns /c
netsh winsock reset catalog /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

[COMMANDS]
[emptytemp]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

3. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply


Things I want to see in your next post.
  • OTL Fix.txt
  • ADWcleaner log
  • OTL.txt and Extras.txt
  • How are things running now any error messages?

  • 0

#24
hellomut
Posted 26 June 2013 - 04:39 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi I still only got one report from the OTL custom scan, but here are the other reports am I doing something wrong or are the other reports being saved somewhere else?
The file 246fix is a folder that I have been saving the reports / scans in that I have been sending to you I can remove it if you want. I have been getting two errors message they are.
Windows has found new hardware
Windows needs to install driver software for your NETBT
Windows has found new hardware
Windows needs to install driver software for your PACKET SCHEDULER
# AdwCleaner v2.303 - Logfile created 06/26/2013 at 11:24:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : shadbolt - SHADBOLT-PC
# Boot Mode : Normal
# Running from : C:\Users\shadbolt\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2522 octets] - [13/06/2013 09:34:11]
AdwCleaner[R2].txt - [2582 octets] - [13/06/2013 17:10:50]
AdwCleaner[R3].txt - [2486 octets] - [24/06/2013 22:05:45]
AdwCleaner[R4].txt - [1885 octets] - [26/06/2013 09:51:04]
AdwCleaner[R5].txt - [1018 octets] - [26/06/2013 11:23:40]
AdwCleaner[S1].txt - [2735 octets] - [13/06/2013 17:11:23]
AdwCleaner[S2].txt - [1975 octets] - [26/06/2013 09:51:46]
AdwCleaner[S3].txt - [951 octets] - [26/06/2013 11:24:32]

########## EOF - C:\AdwCleaner[S3].txt - [1010 octets] ##########

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.com" /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\shadbolt\Desktop\cmd.bat deleted successfully.
C:\Users\shadbolt\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\shadbolt\Desktop\cmd.bat deleted successfully.
C:\Users\shadbolt\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.
C:\Users\shadbolt\Desktop\cmd.bat deleted successfully.
C:\Users\shadbolt\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d166:29ae:62f9:2d8a%12
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:149e:2737:3f57:fffc
Link-local IPv6 Address . . . . . : fe80::149e:2737:3f57:fffc%13
Default Gateway . . . . . . . . . : ::
C:\Users\shadbolt\Desktop\cmd.bat deleted successfully.
C:\Users\shadbolt\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d166:29ae:62f9:2d8a%12
IPv4 Address. . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\shadbolt\Desktop\cmd.bat deleted successfully.
C:\Users\shadbolt\Desktop\cmd.txt deleted successfully.
File\Folder [COMMANDS] not found.
File\Folder [emptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 06262013_100319

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 26/06/2013 10:45:29 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 36.51% Memory free
3.25 Gb Paging File | 2.08 Gb Available in Paging File | 63.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.42 Gb Free Space | 62.00% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 11:29:38 | 002,249,352 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/06/20 11:29:38 | 000,349,832 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
PRC - [2013/06/20 11:29:38 | 000,206,984 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
PRC - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/20 11:29:36 | 000,153,224 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Services (SafeList) ==========

SRV - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\246fix
[2013/06/23 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder (2)
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/06/26 10:46:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/26 10:05:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 10:05:28 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 10:05:14 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/26 10:04:48 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/26 10:04:45 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/26 10:04:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 10:04:25 | 1608,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 10:03:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/26 09:58:06 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/24 23:25:58 | 252,128,139 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/24 12:38:22 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = \Device\Tcpip_{DEA39D54-8CDD-49FC- [Binary data over 200 bytes]
"Route" = "Tcpip" "{DEA39D54-8CDD-49FC-8685- [Binary data over 200 bytes]
"Export" = \Device\NetBT_Tcpip_{DEA39D54-8CDD [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{08E286EE-302A-4D49-8385-71FE52709421}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{947C342D-E596-4FCA-961C-2CF318C18106}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DEA39D54-8CDD-49FC-8685-F5D393DE1F66}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = 01 00 14 88 D0 00 00 00 DC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 A0 00 07 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/21 03:34:01 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 03 01 01 01 05 01 08 01 06 01 04 01 00 01 02 [binary data]
"Bind" = \Device\NetBT_Tcpip_{DEA39D54-8CDD [Binary data over 200 bytes]
"Route" = "NetBT" "Tcpip" "{DEA39D54-8CDD-49 [Binary data over 200 bytes]
"Export" = \Device\NetBIOS_NetBT_Tcpip_{DEA39 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< End of report >
I think that about it
Thanks
  • 0

#25
Nutloaf
Posted 26 June 2013 - 03:39 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi There :) Thanks for the info on the 246 folder no need to remove it, just wanted to make sure you knew about it. :thumbsup:

O.K Hellomut I want you to run RogueKiller to fix proxy settings and look for bad registry keys.

In the OTL scan I have highlighted in red the instructions for the Extras.txt. This is saved in the same location as OTL, which is your Desktop.

1. RogueKiller
  • Download RogueKiller (by tigzy) on the desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Fix Proxy Now click Report
  • Please post the contents of the RKreport.txt in your next Reply.

2. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    /md5start
    netbios.*
    /md5stop

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

Things I want to see in your next post.
  • OTL.txt
  • Extras.txt
  • RogueKiller report.

  • 0

Advertisements

#26
hellomut
Posted 28 June 2013 - 04:05 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi here are the reports things seem to be getting better, I seem to have a google home page now not sure where that has come from as google doesn't show on the list of installed programs also I am getting a windows message Google installer has stopped working this is the problem list Problem signature:
Problem Event Name: APPCRASH
Application Name: GoogleUpdate.exe
Application Version: 1.2.183.21
Application Timestamp: 4b95e661
Fault Module Name: StackHash_a034
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 675501de
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 2057
Additional Information 1: a034
Additional Information 2: b364fa9a39e34c725b081de7e5f23f46
Additional Information 3: 1a3c
Additional Information 4: 2fad80b9fa8503c032d089dc622d954c

Read our privacy statement:
http://go.microsoft....63&clcid=0x0409
here are the other reports

OTL logfile created on: 28/06/2013 10:42:22 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 26.27% Memory free
3.25 Gb Paging File | 1.75 Gb Available in Paging File | 53.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 89.86 Gb Free Space | 60.29% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/06/12 02:42:18 | 000,114,688 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Services (SafeList) ==========

SRV - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/06/28 10:32:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{389CF278-7AAD-40A6-BDE0-FA706F4C538B}\MpKsl3f4d449b.sys -- (MpKsl3f4d449b)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/28 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\RK_Quarantine
[2013/06/28 09:50:49 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\SparkTrust
[2013/06/28 09:50:49 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\DriverCure
[2013/06/28 09:50:38 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2013/06/28 09:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SparkTrust
[2013/06/28 09:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/06/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\246fix
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/06/28 10:46:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/28 10:32:02 | 000,911,360 | ---- | M] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:58:54 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/28 09:50:58 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/06/28 09:45:59 | 000,020,558 | ---- | M] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/28 09:26:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/28 09:26:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/28 07:47:23 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/27 19:41:42 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/27 15:58:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/26 11:27:55 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/26 11:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 11:25:56 | 1608,843,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 11:25:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/24 23:25:58 | 252,128,139 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/06/28 10:31:30 | 000,911,360 | ---- | C] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:50:56 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/06/28 09:45:59 | 000,020,558 | ---- | C] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: NETBIOS.SYS >
[2008/01/21 03:34:01 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=BCD093A5A6777CF626434568DC7DBA78 -- C:\Windows\System32\drivers\netbios.sys
[2008/01/21 03:34:01 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=BCD093A5A6777CF626434568DC7DBA78 -- C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\netbios.sys

< End of report >
OTL Extras logfile created on: 28/06/2013 10:42:22 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 26.27% Memory free
3.25 Gb Paging File | 1.75 Gb Available in Paging File | 53.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 89.86 Gb Free Space | 60.29% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2C0250-7AE5-4151-9D15-A9C9638063C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2279B924-6ECC-4CE9-BF51-7B652F4FC377}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400345B6-B29E-4910-8246-BDADB92C181E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9FE20C-1B30-4A8E-847F-A43A00F1AA93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{579A72EB-59EC-46FD-A2B5-ECBA30771282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{602DC809-86EB-44A4-8135-5BED17A8267F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FBC7D60-5253-421C-9251-37C18545EB81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F4A6644-71BB-4034-89F6-9E10527A417C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3672045-1DBE-45F9-80B6-021638F0C5C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD8E8D70-17DF-4681-B982-3F5A231E78E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDB0F1D8-C28B-477D-906C-BA6CCE90B56A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00D35D1-9734-4288-986E-2DC7173960F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D26684FB-A868-44B5-8354-C2156AA5F434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF4581A9-4EE8-4710-97C5-7E9396E042A8}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8121B-FCDC-419A-8154-EB3123B99851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD9BDDB-8B78-4151-9EB3-5793FECAA73D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{392851F9-9A6A-4E74-ABA5-30A4807940D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43F11DEB-C794-4427-8F20-056A82FD7C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{446933C3-18A8-4C68-9C4A-518FE23CD91B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456EE8C0-E3F7-47F2-80AD-02EAE34525F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{45F13DB1-72E3-428F-B0A7-7BDE3B2B4306}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{47763EDA-9041-40BC-910F-8E87C27B27A4}" = protocol=6 | dir=out | app=system |
"{58938025-154F-4CEC-9D59-C9B94B728E2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{651F276D-F903-440F-8CC3-AED091E2D459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1EA845-3ADB-42EE-AEFE-A93511804F57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F11E426-706C-4075-B863-43FA027E31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92BFA062-E482-4E03-B749-552792D13A4E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A3AA04DA-A246-4820-8326-011BB147C350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A898AA63-69E7-46C2-9C2E-1B0373E38027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B9B87347-76AF-4289-A870-FCF9068BEAAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7B9C89-D908-4201-A37D-A24EED8CBC83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3849FF0-8057-4224-A7D0-F38E9AC23651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FC04C91A-7ADD-4224-B74A-CE3C70F56760}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}" = sysTPL
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADA6C3C-C7B5-47F3-98C5-0900326B2E79}" = Wireless Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/06/2013 19:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 27/06/2013 20:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 27/06/2013 21:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 27/06/2013 22:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 27/06/2013 23:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 28/06/2013 00:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 28/06/2013 01:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 28/06/2013 02:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 28/06/2013 03:58:00 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 28/06/2013 04:58:14 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

[ System Events ]
Error - 28/06/2013 05:54:23 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 28/06/2013 05:54:23 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 28/06/2013 05:54:54 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 28/06/2013 05:54:54 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 28/06/2013 05:54:55 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 28/06/2013 05:54:55 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 28/06/2013 05:54:57 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 28/06/2013 05:54:57 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 28/06/2013 05:55:17 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 28/06/2013 05:55:17 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
RogueKiller V8.6.1 [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : shadbolt [Admin rights]
Mode : ProxyFix -- Date : 06/28/2013 10:36:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_PR_06282013_103607.txt >>
RKreport[0]_S_06282013_103539.txt

Hope they are all here this time many thanks
hellomut
  • 0

#27
Nutloaf
Posted 28 June 2013 - 03:49 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut :)

A couple of things are worrying me. The logs are looking a lot better, however there is a Proxy setting that keeps returning that I want to deal with.

I think you have downloaded a PC cleaner these are ussually useless and may interfere with what we are doing here. Please refrain from downloading and using any other tools :)

The Google update errors are addresed here. The Google Homepage - I set that for you :) It is a quick loading and safe hompeage.

1. Internet Options
  • Click Start and type Internet Options in the search bar and press Enter
  • Select the Connections Tab then click Lan Settings
  • The settings should be as shown below. Uncheck the box under Proxy Server if checked.


2. Uninstalls
  • SparkTrust PC Cleaner Plus and InterVideo WinDVD 4 may give you problems and I advise uninstalling these. Any Pc cleaner is a no, no for me. The SparkTrust cleaner comes with a lot of user complaints for finding threats that don't exist. Intervideo is a known memory hog, something you don't have a lot of.
  • Google Update Helper is trying to update programs you don't have installed e.g Chrome so this can go.
  • sysTPL is still showing as listed.
  • Firefox I want you to uninstall this as it doesn't look used. Uninstall and delete user settings. We can download a fresh copy later if you wish.
  • Click Start then Control Panel and click Uninstall a Program or Programs and Features and uninstall the following:
  • InterVideo WinDVD 4
  • sysTPL
  • Google Update Helper
  • SparkTrust PC Cleaner Plus
  • Mozilla Firefox

3. RogueKiller
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Delete Now click Report
  • Please post the contents of the RKreport.txt in your next Reply.


Do Not run the following fix if SparkTrust Pc cleaner is still installed, move on to the next step.

4. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)

[2013/06/28 09:50:49 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\SparkTrust
[2013/06/28 09:50:49 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\DriverCure
[2013/06/28 09:50:38 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2013/06/28 09:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SparkTrust
[2013/06/28 09:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

5. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    C:\|program files;true;true;true /fp
    C:\|programdata;true;true;true /fp

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Things I want to see in your next post.
  • RKreport.txt
  • OTL fix log
  • OTL.txt
  • Are you still getting the NetBT error mesage?

  • 0

#28
hellomut
Posted 29 June 2013 - 05:00 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi sorry about the sparktrust cleaner I click the wrong button when I was downloading Rogue Killer it is on the same page. Sparktrust uninstalled ok but I can’t find Google update helper or Firefox. The main problem is sysTPL will not uninstall when I try it just stay there.
I haven't seen the error message for the Net BT. Here are the reports

RogueKiller V8.6.1 [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : shadbolt [Admin rights]
Mode : Remove -- Date : 06/29/2013 10:50:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Service cpuz132 stopped successfully!
Service cpuz132 deleted successfully!
File C:\Users\shadbolt\AppData\Local\Temp\cpuz132\cpuz132_x32.sys not found.
C:\Users\shadbolt\AppData\Roaming\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\SparkTrust folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust folder moved successfully.
C:\Program Files\Common Files\SparkTrust\UUS3\Images folder moved successfully.
C:\Program Files\Common Files\SparkTrust\UUS3 folder moved successfully.
C:\Program Files\Common Files\SparkTrust folder moved successfully.
C:\ProgramData\SparkTrust\UUS3\SparkTrustPCCleanerPlus folder moved successfully.
C:\ProgramData\SparkTrust\UUS3 folder moved successfully.
C:\ProgramData\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\ProgramData\SparkTrust folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06292013_105636

OTL logfile created on: 29/06/2013 11:00:35 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 34.85% Memory free
3.25 Gb Paging File | 2.00 Gb Available in Paging File | 61.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 91.54 Gb Free Space | 61.42% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/06/20 11:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/28 20:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/28 20:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/28 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\RK_Quarantine
[2013/06/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\246fix
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/06/29 10:58:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/29 10:46:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/29 09:26:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 09:26:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 08:38:55 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/28 18:00:11 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/06/28 15:58:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 10:32:02 | 000,911,360 | ---- | M] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:45:59 | 000,020,558 | ---- | M] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/27 19:41:42 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/26 11:27:55 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/26 11:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 11:25:56 | 1608,843,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 11:25:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/24 23:25:58 | 252,128,139 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/06/28 10:31:30 | 000,911,360 | ---- | C] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:50:56 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/06/28 09:45:59 | 000,020,558 | ---- | C] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< C:\|program files;true;true;true /fp >
[2013/06/29 10:40:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/06/29 10:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/29 21:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\FSC
[2013/06/13 09:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2013/06/29 10:40:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2013/06/13 00:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2013/06/28 20:17:20 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2013/06/08 20:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/01/02 19:16:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2012/11/08 11:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Fix it Center
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/01/02 19:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2013/02/27 01:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2013/03/14 01:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/02 19:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/02 19:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/01/02 19:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2011/01/02 19:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012/09/27 09:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 09:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/08/13 10:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/07/25 10:03:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/11/07 16:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2012/06/30 06:53:13 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2011/09/11 18:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/29 21:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2013/05/26 09:54:15 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/07/29 21:21:46 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2013/04/03 11:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\Trusteer
[2006/11/02 13:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/04 21:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/08/04 21:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/08/04 21:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/06/20 07:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/09/25 00:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/09/25 00:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2012/06/20 07:17:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/08/04 21:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2013/06/13 07:46:42 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06132013_074607\C_Windows\Downloaded Program Files
[2013/06/24 21:48:58 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06242013_214744\C_Program Files
[2013/06/24 21:49:03 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06242013_214744\C_Program Files\sysTPL
[2013/06/24 21:49:02 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06242013_214744\C_Program Files\Wajam
[2013/06/29 10:56:37 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06292013_105636\C_Program Files
[2013/06/29 10:56:37 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06292013_105636\C_Program Files\Common Files
[2013/06/14 19:40:51 | 000,000,000 | --SD | M] -- C:\Windows\Downloaded Program Files

< C:\|programdata;true;true;true /fp >
[2013/06/29 10:56:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/10/27 21:19:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/06/13 07:41:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012/01/01 16:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012/01/01 19:46:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006/11/02 13:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 13:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 13:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 13:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/06/08 12:07:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2013/06/09 17:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2013/06/28 20:14:45 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2013/06/08 20:08:35 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013/05/15 10:23:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2013/05/15 11:00:30 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2010/08/10 19:04:17 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2013/05/22 20:58:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2006/11/02 13:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/09/12 22:24:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2006/11/02 13:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/04/03 11:46:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Trusteer
[2010/12/19 07:35:41 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2013/06/13 07:46:38 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06132013_074607\C_ProgramData
[2013/06/13 07:46:50 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06132013_074607\C_ProgramData\Browser Manager
[2013/06/24 21:49:02 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06242013_214744\C_ProgramData
[2013/06/23 17:32:41 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06242013_214744\C_ProgramData\Babylon
[2013/06/29 10:56:37 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06292013_105636\C_ProgramData
[2013/06/29 10:56:37 | 000,000,000 | ---D | M] -- C:\_OTL\MovedFiles\06292013_105636\C_ProgramData\SparkTrust
[2012/11/03 10:59:27 | 000,000,000 | -H-D | M] -- C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData
[2012/10/11 11:12:47 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager
[2012/11/03 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\NVIDIA
[2006/11/02 11:42:14 | 000,000,692 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms
[2006/11/02 11:42:14 | 000,000,684 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms
[2006/11/02 11:42:14 | 000,000,692 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms
[2006/11/02 13:35:33 | 000,000,848 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_identitycrl_9ceb7e1568e6c6e7.cdf-ms
[2006/11/02 13:35:33 | 000,001,556 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_user_account_pictures_default_pictures_e70ab2484087f163.cdf-ms
[2008/01/21 03:36:31 | 000,001,000 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_windows_defender_definition_updates_default_44e57bb5c1e3d0e8.cdf-ms
[2006/11/02 13:35:33 | 000,000,688 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_windows_drm_1409f63e8e701274.cdf-ms
[2006/11/02 13:35:33 | 000,000,692 | ---- | M] () -- C:\Windows\winsxs\FileMaps\programdata_microsoft_windows_drm_cache_0462a9ca8b56f2bc.cdf-ms

[b]< End of report >

I think thats about it thanks
  • 0

#29
Nutloaf
Posted 29 June 2013 - 05:34 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for those the proxy looks like it has been cleared, I am pleased about that. I will get back to you later on regarding the uninstall problems. I have a number of solutions for those. :thumbsup:
  • 0

#30
Nutloaf
Posted 29 June 2013 - 03:41 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there Hellomut. Glad that Proxy has been cleared. :)

I will deal with those uninstall problems and clear up some leftovers with OTL.

1. Microsoft FixIt
Remove sysTPL and GoogleUpdater
  • Use this link to download the Microsoft FixIt and Save to your Desktop
  • You need to Run the Fixit program for each program
  • Right click the Fixit Icon and select Run as Administrator
  • Choose Recommended option - Then Uninstalling
  • Select sysTPL from the list and click Next then Yes sysTPL removed? If not try the next method.
  • Right click the Fixit Icon and select Run as Administrator
  • This time from the list of uninstalls choose Not Listed
  • Now use the following product codes to uninstall. Copy and Paste the codes in the box and select Next
  • sysTPL product code - {59E3B807-2D5A-4AAE-A6C7-62F9A1615E84}
  • GoogleUpdater product code - {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

2. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

[2012/10/11 11:12:47 | 000,000,000 | ---D | M] -- C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager
[2013/06/28 15:58:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 18:00:11 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job

:COMMANDS
[EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

3. Task Scheduler
  • Click Start and in the searchbar type Task and from the list select Task Scheduler (click image to enlarge)
  • In the left pane click on the Task Scheduler Library
  • From the middle pane locate the Google Update entries, Right click and delete.
  • Now locate the SparksTrust entry, right click and delete

I only want to see the OTL fix.txt. How is everything running now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP