Jump to content

Recommended Posts

Hi, wondering if anyone could help me.

My laptop has recently been hijacked. I get a message popping up in my task from "Windows Security Center" (possibly the malware) telling me to check my security settings.

If I attempt to load anything it tells me that "the services does not exist as an installed service"(software, regedit, msconfig, services, etc). I tried to startup my services in safemode but still unable even after setting safeboot option value to 0. Also device manager doesn't display any drivers which prevents me from connecting to a network/internet connection and using usb devices.

I ran a Malwarebytes scan (full and quick) and it picked up 129 PUP.MyWebSerch files and registry keys. I ran a scan with a different software and it picked up: Adware.Tracking Cookie, Adware.Zango and Trojan.Agent/Gen-FakeAlert[Local].

Below are my DDS logs.

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.19088

Run by Katy at 20:02:52 on 2012-07-26

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Users\Katy\Desktop\dds.scr

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c105l0304zq45t47i2x236

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: o2.co.uk\*.broadband

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8E754B43-A926-4192-B09F-AE0A89555BE5} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A156ED08-84FA-4128-BBBC-4F79EC76EB10} : DhcpNameServer = 192.168.1.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R? BBSvc;Bing Bar Update Service

R? CLHNService;CLHNService

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? DPMemGridVista;Physical Memory I/O for GridVista

R? ePowerSvc;Acer ePower Service

R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller

R? MBAMProtector;MBAMProtector

R? MBAMService;MBAMService

R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service

R? McComponentHostService;McAfee Security Scan Component Host Service

R? McProxy;McAfee Proxy Service

R? McShield;McAfee Real-time Scanner

R? McSysmon;McAfee SystemGuards

R? mfeavfk;McAfee Inc. mfeavfk

R? mfebopk;McAfee Inc. mfebopk

R? mfehidk;McAfee Inc. mfehidk

R? mferkdk;McAfee Inc. mferkdk

R? mfesmfk;McAfee Inc. mfesmfk

R? mwlPSDFilter;mwlPSDFilter

R? mwlPSDNServ;mwlPSDNServ

R? mwlPSDVDisk;mwlPSDVDisk

R? MWLService;MyWinLocker Service

R? NTIBackupSvc;NTI Backup Now 5 Backup Service

R? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service

R? PAC207;PC Camer@

R? SASDIFSV;SASDIFSV

R? SASKUTIL;SASKUTIL

R? SBSDWSCService;SBSD Security Center Service

R? sprtsvc_O2;SupportSoft Sprocket Service (O2)

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

.

=============== Created Last 30 ================

.

2012-07-26 00:00:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-25 23:52:52 -------- d-----w- c:\users\katy\appdata\local\temp

2012-07-25 23:52:09 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-25 23:11:38 -------- d-----w- c:\program files\VS Revo Group

2012-07-25 18:14:18 98816 ----a-w- c:\windows\sed.exe

2012-07-25 18:14:18 518144 ----a-w- c:\windows\SWREG.exe

2012-07-25 18:14:18 256000 ----a-w- c:\windows\PEV.exe

2012-07-25 18:14:18 208896 ----a-w- c:\windows\MBR.exe

2012-07-25 18:12:06 -------- d-----w- C:\FRST

2012-07-24 23:18:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-24 23:18:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-24 21:53:32 -------- d-----w- c:\windows\pss

2012-07-24 19:16:04 -------- d-----w- c:\users\katy\appdata\roaming\Malwarebytes

2012-07-24 19:15:28 -------- d-----w- c:\programdata\Malwarebytes

2012-07-24 19:15:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-24 19:15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-24 17:56:35 -------- d-----w- c:\users\katy\appdata\roaming\SUPERAntiSpyware.com

2012-07-24 17:56:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-24 17:56:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.

==================== Find3M ====================

.

.

============= FINISH: 20:04:52.54 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 27/07/2009 23:20:26

System Uptime: 26/07/2012 19:58:38 (1 hours ago)

.

Motherboard: Acer | | Aspire 5332

Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz | uPGA-478 | 1795/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 193.524 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acer Arcade Deluxe

Acer ePower Management

Acer eRecovery Management

Acer Product Registration

Acer ScreenSaver

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

Adobe Shockwave Player 11.5

AMCap

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

BlackBerry Desktop Software 5.0.1

Bonjour

C:\Program Files\Acer GameZone\GameConsole

Compatibility Pack for the 2007 Office system

Driving Test Success 2003-2004

eSobi v2

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

GridVista

Hazard Perception Training 2003-2004

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft WSE 3.0 Runtime

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

O2 Broadband Assistant

Orion

QuickTime

Rainbow Web

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.94

Roxio Media Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Spybot - Search & Destroy

SUPERAntiSpyware

Synaptics Pointing Device Driver

The Sims™ 3

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

26/07/2012 20:00:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl

26/07/2012 01:02:39, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.

26/07/2012 00:09:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

25/07/2012 20:40:46, Error: EventLog [6008] - The previous system shutdown at 20:38:42 on 25/07/2012 was unexpected.

25/07/2012 20:34:42, Error: EventLog [6008] - The previous system shutdown at 20:33:09 on 25/07/2012 was unexpected.

25/07/2012 19:41:59, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

25/07/2012 19:39:23, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

25/07/2012 19:36:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl

25/07/2012 19:36:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

25/07/2012 19:36:36, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

25/07/2012 19:32:57, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

25/07/2012 19:32:32, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.

25/07/2012 19:32:32, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.

25/07/2012 19:19:32, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

25/07/2012 02:06:02, Error: Service Control Manager [7003] - The Windows Media Player Network Sharing Service service depends the following service: UPnPHost. This service might not be installed.

25/07/2012 00:13:33, Error: EventLog [6008] - The previous system shutdown at 00:12:05 on 25/07/2012 was unexpected.

24/07/2012 22:59:58, Error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

24/07/2012 20:42:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DPMemGridVista mfehidk mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6

24/07/2012 20:41:01, Error: EventLog [6008] - The previous system shutdown at 20:38:43 on 24/07/2012 was unexpected.

24/07/2012 20:07:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DPMemGridVista mfehidk mwlPSDFilter mwlPSDNServ mwlPSDVDisk SASDIFSV SASKUTIL spldr Wanarpv6

24/07/2012 20:04:40, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6

24/07/2012 18:43:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

24/07/2012 18:43:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

24/07/2012 18:42:53, Error: Service Control Manager [7003] - The Virtual Disk service depends the following service: PlugPlay. This service might not be installed.

24/07/2012 18:42:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}

24/07/2012 18:41:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DPMemGridVista mfehidk MPFP mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:41:18, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

24/07/2012 18:40:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

24/07/2012 18:40:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

24/07/2012 18:40:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

24/07/2012 18:40:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

24/07/2012 18:40:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

23/07/2012 10:27:46, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.

23/07/2012 10:26:07, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.

23/07/2012 10:26:07, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

23/07/2012 10:25:18, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).

23/07/2012 10:25:18, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.

23/07/2012 10:25:18, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted

23/07/2012 10:25:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.

23/07/2012 10:25:18, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

23/07/2012 10:25:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello maggotkil and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following application: Ask Toolbar

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Hi Maniac, here are the logs.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.03.05

Windows Vista Service Pack 1 x86 NTFS (Safe Mode)

Internet Explorer 8.0.6001.19088

Katy :: KATY-PC [administrator]

Protection: Disabled

26/07/2012 21:40:47

mbam-log-2012-07-26 (21-40-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226195

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-26 21:45:34

-----------------------------

21:45:34.036 OS Version: Windows 6.0.6001 Service Pack 1

21:45:34.036 Number of processors: 2 586 0x170A

21:45:34.036 ComputerName: KATY-PC UserName: Katy

21:45:35.456 Initialize success

21:45:43.630 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:45:43.630 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3

21:45:43.677 Disk 0 MBR read successfully

21:45:43.677 Disk 0 MBR scan

21:45:43.677 Disk 0 Windows VISTA default MBR code

21:45:43.693 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63

21:45:43.708 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294999 MB offset 20981760

21:45:43.708 Disk 0 scanning sectors +625139712

21:45:43.755 Disk 0 scanning C:\Windows\system32\drivers

21:45:49.792 Service scanning

21:46:03.567 Modules scanning

21:46:05.299 Disk 0 trace - called modules:

21:46:05.330 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys

21:46:05.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852b2348]

21:46:05.330 3 CLASSPNP.SYS[89fa0745] -> nt!IofCallDriver -> [0x852fd2b8]

21:46:05.346 5 acpi.sys[8069f6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85282ba0]

21:46:05.346 Scan finished successfully

21:49:57.130 Disk 0 MBR has been saved successfully to "C:\Users\Katy\Desktop\MBR.dat"

21:49:57.146 The log file has been saved successfully to "C:\Users\Katy\Desktop\aswMBR1.txt"

Link to post
Share on other sites

Okay i've manually updated the database to 27/07/2012, the problem is that I cannot run anything on normal mode.

When I try to execute malwarebytes it get the message:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

The specified service does not exist as an installed service.

Link to post
Share on other sites

Try this tool and then try to run Malwarebytes' Anti-Malware again:

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Link to post
Share on other sites

I tried to run exehelper on normal mode but I got the same error message about the service not being installed. I ran it in safemode but I don't think it made any difference to normal mode as I still couldnt execute anything.

exeHelper by Raktor

Build 20100414

Run at 17:54:35 on 07/28/12

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

Link to post
Share on other sites

Yeah I've tried using a USB on it to try and get my files off, but the PC doesnt pick up any USB devices and device manager is blank. I've been using CD's to transfer.

Link to post
Share on other sites

Okay, could you try this:

  1. Download OTLPEStd.exe to your desktop
  2. Ensure that you have a blank CD in the drive
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  4. Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location
  9. When asked "Do you wish to load the remote registry", select Yes
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  12. OTL should now start.
  13. Drag and drop this attached scan.txt into the Custom scans and fixes box
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

I ran the scan but was a bit confused about step 13. Was there suppose to be a hyperlink? If so I'll run it again.

OTL logfile created on: 7/31/2012 8:28:09 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Windows Vista Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.08 Gb Total Space | 192.92 Gb Free Space | 66.97% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SeaPort)

SRV - File not found [On_Demand] -- -- (BBSvc)

SRV - [2012/07/03 08:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/13 07:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/09/24 12:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2010/06/10 01:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/27 07:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 08:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/09/16 06:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 05:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 04:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/07/08 06:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 14:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/23 12:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) [Disabled] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009/05/14 18:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/04/14 12:48:50 | 000,075,048 | ---- | M] () [Disabled] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/07 11:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (PAC207)

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2012/07/03 08:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/07/15 10:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/09/16 05:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 05:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 05:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 05:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 05:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/06/23 02:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/01/14 23:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)

DRV - [2008/12/04 13:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008/12/04 13:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008/12/04 13:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008/09/30 23:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)

DRV - [2005/06/24 13:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2005/05/26 06:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2005/05/26 06:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c105l0304zq45t47i2x236

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found

IE - HKU\Katy_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Other_People_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\Other_People_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/28 20:12:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/26 14:41:51 | 000,000,000 | ---D | M]

[2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions

[2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2009/10/02 15:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/07/25 20:32:46 | 000,442,781 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 15236 more lines...

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKU\Other_People_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Users\Other People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found

F3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Katy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Katy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Other_People_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Other_People_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 13:42:43 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe

[2012/07/28 16:20:07 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2012/07/27 11:36:38 | 007,151,488 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe

[2012/07/26 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\Other People\Desktop\tools

[2012/07/26 15:18:57 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\WinRAR

[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/07/26 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2012/07/26 15:02:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\dds.scr

[2012/07/25 20:13:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe

[2012/07/25 20:08:16 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe

[2012/07/25 20:00:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/25 19:55:00 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe

[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Local\temp

[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Local\temp

[2012/07/25 19:52:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/25 19:33:13 | 000,000,000 | ---D | C] -- C:\Users\Katy\Desktop\RK_Quarantine

[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/07/25 19:11:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe

[2012/07/25 15:28:09 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe

[2012/07/25 14:36:05 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe

[2012/07/25 14:36:02 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe

[2012/07/25 14:14:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/25 14:14:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/25 14:14:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/25 14:14:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/25 14:12:06 | 000,000,000 | ---D | C] -- C:\FRST

[2012/07/25 14:11:53 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe

[2012/07/25 14:11:51 | 004,585,817 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe

[2012/07/25 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\SUPERAntiSpyware.com

[2012/07/25 11:44:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe

[2012/07/24 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\Malwarebytes

[2012/07/24 19:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012/07/24 17:53:32 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/07/24 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Malwarebytes

[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/24 15:15:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/07/24 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/24 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\SUPERAntiSpyware.com

[2012/07/24 13:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/24 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/24 13:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/07/24 13:55:37 | 018,570,448 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe

[2012/07/24 13:55:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe

[2010/08/25 14:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2009/07/14 21:41:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/31 14:13:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/31 13:46:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/31 13:46:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/31 13:46:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/31 13:44:44 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata

[2012/07/31 13:44:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/31 13:26:02 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe

[2012/07/31 13:23:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/31 13:23:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Other People\Desktop\exeHelper.com

[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Katy\Desktop\exeHelper.com

[2012/07/27 11:30:46 | 007,151,488 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe

[2012/07/26 16:51:19 | 000,427,728 | ---- | M] () -- C:\Users\Katy\Desktop\Desktop.rar

[2012/07/26 16:49:57 | 000,000,512 | ---- | M] () -- C:\Users\Katy\Desktop\MBR.dat

[2012/07/26 15:20:12 | 000,426,233 | ---- | M] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar

[2012/07/26 15:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/07/26 15:17:09 | 001,517,376 | ---- | M] () -- C:\Users\Katy\Desktop\wrar420.exe

[2012/07/26 15:09:56 | 000,007,529 | ---- | M] () -- C:\Users\Katy\Desktop\attach.zip

[2012/07/26 14:25:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\dds.scr

[2012/07/25 20:32:46 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/25 20:32:10 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013246.backup

[2012/07/25 20:11:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe

[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe

[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe

[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Other People\Desktop\RogueKiller.exe

[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Katy\Desktop\RogueKiller.exe

[2012/07/25 19:11:38 | 000,001,061 | ---- | M] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk

[2012/07/25 19:09:40 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe

[2012/07/25 15:40:37 | 127,201,003 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/25 14:27:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013210.backup

[2012/07/25 14:18:59 | 012,621,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe

[2012/07/25 14:18:06 | 000,302,592 | ---- | M] () -- C:\Users\Katy\Desktop\c84wjm22.exe

[2012/07/25 14:10:31 | 004,585,817 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe

[2012/07/25 14:10:31 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe

[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe

[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe

[2012/07/25 13:11:56 | 000,001,356 | ---- | M] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat

[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe

[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe

[2012/07/24 19:19:57 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120725-002049.backup

[2012/07/24 19:18:29 | 000,001,083 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/24 19:18:29 | 000,001,059 | ---- | M] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk

[2012/07/24 19:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/24 18:40:09 | 000,009,192 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat

[2012/07/24 17:56:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[2012/07/24 17:53:37 | 000,032,553 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2012/07/24 15:15:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/24 15:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job

[2012/07/24 13:56:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/24 13:56:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe

[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe

[2012/07/13 20:01:10 | 018,570,448 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe

[2012/07/03 08:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 13:44:44 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata

[2012/07/28 16:13:59 | 000,294,400 | ---- | C] () -- C:\Users\Other People\Desktop\exeHelper.com

[2012/07/28 12:54:17 | 000,294,400 | ---- | C] () -- C:\Users\Katy\Desktop\exeHelper.com

[2012/07/26 16:51:19 | 000,427,728 | ---- | C] () -- C:\Users\Katy\Desktop\Desktop.rar

[2012/07/26 15:20:12 | 000,426,233 | ---- | C] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar

[2012/07/26 15:18:40 | 001,517,376 | ---- | C] () -- C:\Users\Katy\Desktop\wrar420.exe

[2012/07/26 15:09:56 | 000,007,529 | ---- | C] () -- C:\Users\Katy\Desktop\attach.zip

[2012/07/25 20:17:18 | 000,000,512 | ---- | C] () -- C:\Users\Katy\Desktop\MBR.dat

[2012/07/25 19:37:30 | 001,552,384 | ---- | C] () -- C:\Users\Other People\Desktop\RogueKiller.exe

[2012/07/25 19:33:08 | 001,552,384 | ---- | C] () -- C:\Users\Katy\Desktop\RogueKiller.exe

[2012/07/25 19:11:38 | 000,001,061 | ---- | C] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk

[2012/07/25 15:28:01 | 000,302,592 | ---- | C] () -- C:\Users\Katy\Desktop\c84wjm22.exe

[2012/07/25 14:14:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/25 14:14:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/25 14:14:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/25 14:14:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/25 14:14:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/25 11:44:46 | 006,925,416 | ---- | C] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe

[2012/07/24 19:25:35 | 006,925,416 | ---- | C] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe

[2012/07/24 19:18:29 | 000,001,083 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/24 19:18:29 | 000,001,059 | ---- | C] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk

[2012/07/24 15:15:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job

[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job

[2012/07/24 13:56:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/06/28 14:31:14 | 000,000,680 | ---- | C] () -- C:\Users\Other People\AppData\Local\d3d9caps.dat

[2011/01/25 16:06:41 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2010/08/25 15:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010/08/25 15:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010/08/25 15:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010/08/25 14:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/08/25 14:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/08/25 14:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/02/04 13:50:45 | 000,000,982 | ---- | C] () -- C:\Users\Other People\AppData\Roaming\wklnhst.dat

[2010/01/18 08:18:27 | 000,124,488 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2009/11/08 06:10:29 | 000,001,356 | ---- | C] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat

[2009/10/31 08:15:07 | 000,020,480 | ---- | C] () -- C:\Users\Other People\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat

[2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin

[2009/10/24 08:35:52 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini

[2009/10/22 11:43:25 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\UserTile.png

[2009/10/03 12:35:28 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/03 12:18:03 | 000,009,192 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat

[2009/10/02 13:47:13 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini

[2009/07/14 21:38:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll

[2009/07/14 21:38:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/07/14 14:51:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/07/14 13:24:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/14 13:24:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2007/10/25 19:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/01/25 11:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL

[2003/08/18 10:55:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE

[2003/08/18 10:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL

[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll

[2002/09/13 11:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini

[2001/01/19 15:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE

========== LOP Check ==========

[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Acer GameZone Console

[2010/01/07 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\eSobi

[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PlayFirst

[2009/10/03 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PowerCinema

[2011/01/25 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Research In Motion

[2009/10/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\SoftDMA

[2009/10/08 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Template

[2010/12/22 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Utherverse

[2009/10/04 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Windows Live Writer

[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Acer GameZone Console

[2010/12/12 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\LimeWire

[2009/11/14 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\PowerCinema

[2011/02/06 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Research In Motion

[2011/11/22 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\SoftDMA

[2010/02/04 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Template

[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2011/12/07 17:06:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Driving Test Success

[2009/07/14 15:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec

[2010/09/27 12:34:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2009/07/14 15:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2011/12/07 17:07:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Hazard Perception Training

[2009/11/15 16:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games

[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst

[2010/02/10 18:00:30 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games

[2011/01/25 15:48:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/10/02 13:47:42 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft

[2011/03/04 18:16:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2010/04/12 15:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/02 14:07:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/14 20:59:59 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2009/10/22 13:20:55 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2012/07/31 13:44:45 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DCAF903C

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:03D08225

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23

@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4

< End of report >

Link to post
Share on other sites

Good! :)

Start OTLPE as you did previously from CD

Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

fix.txt

Link to post
Share on other sites

Okay i've run the scan with the file.

OTL logfile created on: 8/2/2012 10:24:50 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Windows Vista Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.08 Gb Total Space | 190.05 Gb Free Space | 65.97% Space Free | Partition Type: NTFS

Drive D: | 3.76 Gb Total Space | 3.28 Gb Free Space | 87.32% Space Free | Partition Type: FAT32

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SeaPort)

SRV - File not found [On_Demand] -- -- (BBSvc)

SRV - [2012/07/03 08:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/13 07:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/09/24 12:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)

SRV - [2010/06/10 01:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/27 07:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 08:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/09/16 06:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 05:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 04:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/07/08 06:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 14:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/23 12:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) [Disabled] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009/05/14 18:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/04/14 12:48:50 | 000,075,048 | ---- | M] () [Disabled] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/06/07 11:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (PAC207)

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2012/07/03 08:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/07/15 10:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/09/16 05:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 05:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 05:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 05:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 05:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/06/23 02:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/01/14 23:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)

DRV - [2008/12/04 13:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008/12/04 13:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008/12/04 13:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008/09/30 23:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)

DRV - [2005/06/24 13:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2005/05/26 06:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2005/05/26 06:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c105l0304zq45t47i2x236

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\Katy_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found

IE - HKU\Katy_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Katy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\Other_People_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Other_People_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\Other_People_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/28 20:12:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/26 14:41:51 | 000,000,000 | ---D | M]

[2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions

[2009/10/24 07:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2009/10/02 15:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/07/25 20:32:46 | 000,442,781 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 15236 more lines...

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKU\Other_People_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Users\Other People\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found

F3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Katy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Katy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Other_People_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Other_People_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 13:42:43 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe

[2012/07/28 16:20:07 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2012/07/27 11:36:38 | 007,151,488 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe

[2012/07/26 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\Other People\Desktop\tools

[2012/07/26 15:18:57 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\WinRAR

[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/07/26 15:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/07/26 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2012/07/26 15:02:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\dds.scr

[2012/07/25 20:13:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe

[2012/07/25 20:08:16 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe

[2012/07/25 20:00:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/25 19:55:00 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe

[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Local\temp

[2012/07/25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Local\temp

[2012/07/25 19:52:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/25 19:33:13 | 000,000,000 | ---D | C] -- C:\Users\Katy\Desktop\RK_Quarantine

[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/07/25 19:11:38 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/07/25 19:11:18 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe

[2012/07/25 15:28:09 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe

[2012/07/25 14:36:05 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe

[2012/07/25 14:36:02 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe

[2012/07/25 14:14:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/25 14:14:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/25 14:14:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/25 14:14:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/25 14:13:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/25 14:12:06 | 000,000,000 | ---D | C] -- C:\FRST

[2012/07/25 14:11:53 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe

[2012/07/25 14:11:51 | 004,585,817 | R--- | C] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe

[2012/07/25 12:16:02 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\SUPERAntiSpyware.com

[2012/07/25 11:44:54 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe

[2012/07/24 21:07:08 | 000,000,000 | ---D | C] -- C:\Users\Other People\AppData\Roaming\Malwarebytes

[2012/07/24 19:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/07/24 19:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012/07/24 17:53:32 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/07/24 15:16:04 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\Malwarebytes

[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/24 15:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/24 15:15:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/07/24 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/07/24 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\Katy\AppData\Roaming\SUPERAntiSpyware.com

[2012/07/24 13:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/24 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/24 13:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/07/24 13:55:37 | 018,570,448 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe

[2012/07/24 13:55:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe

[2010/08/25 14:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2009/07/14 21:41:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/01 11:04:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/01 11:04:33 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2012/08/01 11:04:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/31 17:02:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/31 17:01:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/31 17:01:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/31 17:01:41 | 3147,800,576 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/31 13:26:02 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Katy\Desktop\OTLPEStd.exe

[2012/07/31 13:23:16 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/31 13:23:16 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Other People\Desktop\exeHelper.com

[2012/07/28 12:34:02 | 000,294,400 | ---- | M] () -- C:\Users\Katy\Desktop\exeHelper.com

[2012/07/27 11:30:46 | 007,151,488 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Katy\Desktop\mbam-rules.exe

[2012/07/26 16:51:19 | 000,427,728 | ---- | M] () -- C:\Users\Katy\Desktop\Desktop.rar

[2012/07/26 16:49:57 | 000,000,512 | ---- | M] () -- C:\Users\Katy\Desktop\MBR.dat

[2012/07/26 15:20:12 | 000,426,233 | ---- | M] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar

[2012/07/26 15:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/07/26 15:17:09 | 001,517,376 | ---- | M] () -- C:\Users\Katy\Desktop\wrar420.exe

[2012/07/26 15:09:56 | 000,007,529 | ---- | M] () -- C:\Users\Katy\Desktop\attach.zip

[2012/07/26 14:25:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\dds.scr

[2012/07/25 20:32:46 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/25 20:32:10 | 000,442,781 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013246.backup

[2012/07/25 20:11:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Katy\Desktop\aswMBR.exe

[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Other People\Desktop\tdsskiller.exe

[2012/07/25 19:45:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Katy\Desktop\tdsskiller.exe

[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Other People\Desktop\RogueKiller.exe

[2012/07/25 19:30:41 | 001,552,384 | ---- | M] () -- C:\Users\Katy\Desktop\RogueKiller.exe

[2012/07/25 19:11:38 | 000,001,061 | ---- | M] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk

[2012/07/25 19:09:40 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Katy\Desktop\revosetup.exe

[2012/07/25 15:40:37 | 127,201,003 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/25 14:27:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120726-013210.backup

[2012/07/25 14:18:59 | 012,621,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Katy\Desktop\mseinstall.exe

[2012/07/25 14:18:06 | 000,302,592 | ---- | M] () -- C:\Users\Katy\Desktop\c84wjm22.exe

[2012/07/25 14:10:31 | 004,585,817 | R--- | M] (Swearware) -- C:\Users\Katy\Desktop\ComboFix.exe

[2012/07/25 14:10:31 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Other People\Desktop\ComboFix.exe

[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Other People\Desktop\FRST.exe

[2012/07/25 13:12:23 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Katy\Desktop\FRST.exe

[2012/07/25 13:11:56 | 000,001,356 | ---- | M] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat

[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe

[2012/07/24 19:23:32 | 006,925,416 | ---- | M] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe

[2012/07/24 19:19:57 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120725-002049.backup

[2012/07/24 19:18:29 | 000,001,083 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/24 19:18:29 | 000,001,059 | ---- | M] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk

[2012/07/24 19:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/24 18:40:09 | 000,009,192 | ---- | M] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat

[2012/07/24 17:56:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[2012/07/24 17:53:37 | 000,032,553 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2012/07/24 15:15:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/24 15:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job

[2012/07/24 13:56:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/24 13:56:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Other People\Desktop\spybotsd162.exe

[2012/07/13 20:49:52 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Katy\Desktop\spybotsd162.exe

[2012/07/13 20:01:10 | 018,570,448 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Katy\Desktop\SUPERAntiSpyware.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 17:01:41 | 3147,800,576 | -HS- | C] () -- C:\hiberfil.sys

[2012/07/28 16:13:59 | 000,294,400 | ---- | C] () -- C:\Users\Other People\Desktop\exeHelper.com

[2012/07/28 12:54:17 | 000,294,400 | ---- | C] () -- C:\Users\Katy\Desktop\exeHelper.com

[2012/07/26 16:51:19 | 000,427,728 | ---- | C] () -- C:\Users\Katy\Desktop\Desktop.rar

[2012/07/26 15:20:12 | 000,426,233 | ---- | C] () -- C:\Users\Katy\Desktop\RK_Quarantine.rar

[2012/07/26 15:18:40 | 001,517,376 | ---- | C] () -- C:\Users\Katy\Desktop\wrar420.exe

[2012/07/26 15:09:56 | 000,007,529 | ---- | C] () -- C:\Users\Katy\Desktop\attach.zip

[2012/07/25 20:17:18 | 000,000,512 | ---- | C] () -- C:\Users\Katy\Desktop\MBR.dat

[2012/07/25 19:37:30 | 001,552,384 | ---- | C] () -- C:\Users\Other People\Desktop\RogueKiller.exe

[2012/07/25 19:33:08 | 001,552,384 | ---- | C] () -- C:\Users\Katy\Desktop\RogueKiller.exe

[2012/07/25 19:11:38 | 000,001,061 | ---- | C] () -- C:\Users\Katy\Desktop\Revo Uninstaller.lnk

[2012/07/25 15:28:01 | 000,302,592 | ---- | C] () -- C:\Users\Katy\Desktop\c84wjm22.exe

[2012/07/25 14:14:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/25 14:14:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/25 14:14:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/25 14:14:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/25 14:14:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/25 11:44:46 | 006,925,416 | ---- | C] () -- C:\Users\Other People\Desktop\spybotsd_includes.exe

[2012/07/24 19:25:35 | 006,925,416 | ---- | C] () -- C:\Users\Katy\Desktop\spybotsd_includes.exe

[2012/07/24 19:18:29 | 000,001,083 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/07/24 19:18:29 | 000,001,059 | ---- | C] () -- C:\Users\Katy\Desktop\Spybot - Search & Destroy.lnk

[2012/07/24 15:15:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job

[2012/07/24 13:56:42 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job

[2012/07/24 13:56:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/06/28 14:31:14 | 000,000,680 | ---- | C] () -- C:\Users\Other People\AppData\Local\d3d9caps.dat

[2011/01/25 16:06:41 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2010/08/25 15:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010/08/25 15:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010/08/25 15:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010/08/25 14:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/08/25 14:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/08/25 14:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/02/04 13:50:45 | 000,000,982 | ---- | C] () -- C:\Users\Other People\AppData\Roaming\wklnhst.dat

[2010/01/18 08:18:27 | 000,124,488 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2009/11/08 06:10:29 | 000,001,356 | ---- | C] () -- C:\Users\Katy\AppData\Local\d3d9caps.dat

[2009/10/31 08:15:07 | 000,020,480 | ---- | C] () -- C:\Users\Other People\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat

[2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin

[2009/10/24 08:35:52 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini

[2009/10/22 11:43:25 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\UserTile.png

[2009/10/03 12:35:28 | 000,024,064 | ---- | C] () -- C:\Users\Katy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/03 12:18:03 | 000,009,192 | ---- | C] () -- C:\Users\Katy\AppData\Roaming\wklnhst.dat

[2009/10/02 13:47:13 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini

[2009/07/14 21:38:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll

[2009/07/14 21:38:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/07/14 14:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/07/14 14:51:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/07/14 13:24:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/14 13:24:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2007/10/25 19:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/01/25 11:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL

[2003/08/18 10:55:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE

[2003/08/18 10:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL

[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll

[2002/09/13 11:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini

[2001/01/19 15:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE

========== LOP Check ==========

[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Acer GameZone Console

[2010/01/07 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\eSobi

[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PlayFirst

[2009/10/03 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\PowerCinema

[2011/01/25 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Research In Motion

[2009/10/03 12:24:05 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\SoftDMA

[2009/10/08 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Template

[2010/12/22 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Utherverse

[2009/10/04 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Katy\AppData\Roaming\Windows Live Writer

[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Acer GameZone Console

[2010/12/12 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\LimeWire

[2009/11/14 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\PowerCinema

[2011/02/06 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Research In Motion

[2011/11/22 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\SoftDMA

[2010/02/04 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\Other People\AppData\Roaming\Template

[2009/07/14 15:10:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2011/12/07 17:06:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Driving Test Success

[2009/07/14 15:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec

[2010/09/27 12:34:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts

[2009/07/14 15:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2011/12/07 17:07:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Hazard Perception Training

[2009/11/15 16:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games

[2010/04/16 15:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst

[2010/02/10 18:00:30 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games

[2011/01/25 15:48:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/10/02 13:47:42 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft

[2011/03/04 18:16:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2010/04/12 15:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/02 14:07:55 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/14 20:59:59 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2012/08/01 11:04:33 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2012/07/31 13:44:45 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 23b2ce64-964c-450e-be70-bc5b8f139ec9.job

[2012/07/24 13:56:42 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 378aaceb-3540-4379-8f17-3d211b9b44f0.job

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found >

< O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >

< O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >

< O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. >

< O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. >

< O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not found >

< F3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not found >

< [2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat >

Invalid Switch: 31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat

< [2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin >

Invalid Switch: 31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin

< :files >

< ipconfig /flushdns /c >

Windows IP Configuration

< :Commands >

< [resethosts] >

< [emptytemp] >

========== Restore Points Found ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DCAF903C

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:03D08225

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23

@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4

< End of report >

Link to post
Share on other sites

Your script was not activated. Please try again, but make sure the script in OTL looks the same as here:

:OTL
IE - HKU\Katy_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Katy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\Other_People_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\Other_People_ON_C..\Run: [syshost32] File not found
F3 - HKU\Other_People_ON_C WinNT: Load - (C:\Users\OTHERP~1\AppData\Local\Temp\{92573~1.EXE) - File not found
[2009/10/31 07:32:48 | 000,000,120 | ---- | C] () -- C:\Users\Other People\AppData\Local\Tnoregobeyey.dat
[2009/10/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Other People\AppData\Local\Vyiwutuyezev.bin

:files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.