Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Heur.agent/gen-white box, pup.babylon toolbar and pup.bprotector virus

Started by emmasabel78 , Oct 02 2012 10:24 AM

  • This topic is locked This topic is locked

#16
emmasabel78
Posted 02 October 2012 - 03:43 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Its a bit better every time I open ie I still have to repair the wireless network to get it to run google properly, when I first log on to the laptop it comes up with a warning saying it couldn't log me on, this is even before I've inputted my user password, I'll run the programme now

Thanks em
  • 0

Advertisements

#17
emmasabel78
Posted 02 October 2012 - 03:50 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi here's the adware scan:

# AdwCleaner v2.003 - Logfile created 10/02/2012 at 22:44:56
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - LENOVO-CF8F6377
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\WINDOWS\Tasks\Browser Manager.job
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v22.0.1229.79

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [428 octets] - [02/10/2012 19:05:06]
AdwCleaner[S2].txt - [2890 octets] - [02/10/2012 22:44:56]

########## EOF - C:\AdwCleaner[S2].txt - [2950 octets] ##########
  • 0

#18
emmasabel78
Posted 02 October 2012 - 03:55 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
and here's the OTL scan:

OTL logfile created on: 02/10/2012 22:50:31 - Run 4
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.90% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.29 Gb Total Space | 105.03 Gb Free Space | 73.30% Space Free | Partition Type: NTFS

Computer Name: LENOVO-CF8F6377 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/02 17:34:12 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/16 20:20:18 | 000,109,296 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/11/04 09:15:16 | 000,125,168 | ---- | M] (KeenHigh Tech.) -- C:\Program Files\Philips\GoGear SA060xx Device Manager\main.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/04 01:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/12 05:38:44 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/07/12 05:32:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/07/12 04:19:00 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/03/09 06:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 05:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/28 02:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/02/28 02:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/28 02:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/12 12:53:26 | 000,431,600 | ---- | M] (Dell) -- C:\Program Files\Dell AIO 810\DLCGmon.exe
PRC - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/07 23:33:32 | 000,537,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcgcoms.exe
PRC - [2006/11/03 05:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/09/06 08:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/19 01:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/02 14:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/20 19:04:20 | 000,106,496 | ---- | M] () -- C:\Program Files\Philips\GoGear SA060xx Device Manager\SA060DLL.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/05 17:18:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007/09/05 17:18:00 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2007/07/12 05:38:44 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/07/12 05:32:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/07/12 05:31:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/07/12 05:31:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/07/12 04:19:00 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2007/04/16 20:17:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/02/28 02:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/28 02:45:10 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007/01/25 07:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/12/14 03:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/11/10 05:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006/11/03 05:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2006/09/06 04:27:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell AIO 810\DLCGcfg.dll
MOD - [2005/08/08 13:59:04 | 000,180,224 | ---- | M] () -- C:\Program Files\Dell AIO 810\dlcgtsfw.dll
MOD - [2005/07/11 09:36:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Dell AIO 810\dlcgdrec.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2007/08/04 01:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/12 05:38:44 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/07/12 04:19:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/02/28 02:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/07 23:33:32 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlcgcoms.exe -- (dlcg_device)
SRV - [2006/11/03 05:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/07 03:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 21:18:31 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/08/04 21:18:31 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/06/06 13:13:56 | 000,018,816 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/06/04 17:53:56 | 000,058,880 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/06/04 17:38:58 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/06/04 17:32:34 | 000,106,112 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2007/09/05 17:18:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/08/08 12:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 03:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 02:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/23 00:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/05/02 03:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/04/30 15:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/27 08:00:58 | 000,666,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - [2007/04/20 09:40:34 | 000,100,992 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/03/30 00:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/25 14:43:00 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/25 14:43:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/25 14:42:00 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/04 11:28:08 | 000,146,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/02/27 10:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/24 10:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 10:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/11/30 09:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 09:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/10/15 07:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/09 15:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/02 14:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 14:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 14:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 14:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 14:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 14:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 14:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 21:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 21:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\SearchScopes,BrowserMngrDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-295299127-446805186-2029492379-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/09/14 18:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/10/02 22:18:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [dlcgmon.exe] C:\Program Files\Dell AIO 810\dlcgmon.exe (Dell)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-295299127-446805186-2029492379-500..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-295299127-446805186-2029492379-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA060xx Device Manager.lnk = C:\Program Files\Philips\GoGear SA060xx Device Manager\main.exe (KeenHigh Tech.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-295299127-446805186-2029492379-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-295299127-446805186-2029492379-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-295299127-446805186-2029492379-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-295299127-446805186-2029492379-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-295299127-446805186-2029492379-500\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348682479328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Emmas
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE04ED63-6D72-4DEB-8FDB-8CF87915DBE2}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/02 21:11:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/10/02 20:20:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/02 20:19:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/02 20:19:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/02 20:19:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/02 20:19:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/02 20:18:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/02 20:18:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/02 20:17:31 | 004,759,935 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/10/02 18:21:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/02 17:33:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/10/02 16:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/10/02 16:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/10/02 16:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/10/02 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/30 22:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/09/30 22:25:28 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2012/09/30 22:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/09/30 21:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2012/09/30 20:30:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/20 21:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/09/20 21:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 21:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/20 21:15:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/20 21:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/14 18:43:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/09/14 18:43:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/09/14 18:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/14 18:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2012/09/14 17:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Programs
[2012/09/14 17:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/09/14 17:49:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/09/14 17:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MyTorrents
[2012/09/14 17:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\OpenApp
[2012/09/14 17:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\smartdl
[2012/09/14 16:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\recovered files
[2012/09/14 16:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2012/09/03 20:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Our Wedding
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/02 22:50:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0AB56806-C346-46B1-853B-5FF9405F7AB7}.job
[2012/10/02 22:47:04 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/10/02 22:46:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/02 22:46:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/02 22:46:32 | 2137,305,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/02 22:44:50 | 000,513,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2012/10/02 22:18:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/02 22:06:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-295299127-446805186-2029492379-500UA.job
[2012/10/02 20:20:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/02 20:17:31 | 004,759,935 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/10/02 17:34:12 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/10/02 16:49:56 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 730277b9-0dfa-446e-b5c8-aa115b056b2e.job
[2012/10/02 16:49:55 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 553ae771-9f92-408e-b592-6d92232de099.job
[2012/10/02 16:49:41 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/01 18:24:44 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/01 17:59:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/30 23:06:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-295299127-446805186-2029492379-500Core.job
[2012/09/30 22:57:35 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/09/30 22:57:35 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/30 22:25:31 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2012/09/30 20:34:09 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/25 21:24:32 | 000,127,683 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\face.JPG
[2012/09/25 21:23:18 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/20 21:15:03 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/02 21:12:42 | 2137,305,088 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/02 20:20:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/10/02 20:20:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/10/02 20:19:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/02 20:19:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/02 20:19:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/02 20:19:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/02 20:19:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/02 18:57:46 | 000,513,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2012/10/02 16:49:56 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 730277b9-0dfa-446e-b5c8-aa115b056b2e.job
[2012/10/02 16:49:55 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 553ae771-9f92-408e-b592-6d92232de099.job
[2012/10/02 16:49:41 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/30 22:57:09 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/09/30 22:57:09 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/30 22:53:51 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-295299127-446805186-2029492379-500UA.job
[2012/09/30 22:53:51 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-295299127-446805186-2029492379-500Core.job
[2012/09/25 21:24:32 | 000,127,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\face.JPG
[2012/09/20 21:15:03 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/08 14:44:22 | 000,017,960 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2012/06/10 20:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2012/06/10 20:41:46 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcgcoin.dll
[2012/06/10 20:41:25 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcgcnv4.dll
[2012/06/10 20:41:18 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcginpa.dll
[2012/06/10 20:41:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\DLCGhcp.dll
[2012/06/10 20:41:18 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\DLCGinst.dll
[2012/06/10 20:41:17 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2012/06/10 20:41:17 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2012/06/10 20:41:17 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2012/06/10 20:41:17 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2012/06/10 20:41:17 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgiesc.dll
[2012/06/10 20:41:17 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2012/06/10 20:41:17 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2012/06/10 20:41:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcghbn3.dll
[2012/06/10 20:41:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2012/06/10 20:41:16 | 000,385,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgih.exe
[2012/06/10 20:41:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2012/06/10 20:41:16 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2012/06/10 20:41:16 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2012/06/10 20:41:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2012/06/10 20:41:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2012/06/10 20:41:15 | 000,537,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe
[2012/06/10 20:41:15 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll
[2012/06/10 20:41:15 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2012/06/10 20:41:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2012/06/10 20:41:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2012/06/10 20:41:14 | 000,381,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcfg.exe
[2012/02/16 22:54:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/26 17:39:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/11 18:29:03 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/29 15:30:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2006/04/30 08:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/02/15 20:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/10 20:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\coupons
[2011/09/04 10:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/12/11 15:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/02/03 10:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2009/02/03 10:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QcWizard
[2012/05/16 20:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RoboForm
[2010/12/11 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2012/09/14 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2009/02/03 10:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STDPHARM\Application Data\Lenovo
[2012/09/18 21:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/02/03 10:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/02/03 10:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/11/24 13:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/02/03 10:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2011/09/06 23:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011/10/11 20:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/02/03 10:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2010/02/16 18:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevinmcnab\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/01 18:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevinmcnab\Application Data\InterVideo
[2010/10/20 19:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevinmcnab\Application Data\Lenovo
[2009/03/23 18:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevinmcnab\Application Data\Vodafone
[2009/03/24 21:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2009/03/23 18:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2009/03/24 21:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

========== Purity Check ==========



< End of report >
  • 0

#19
Essexboy
Posted 03 October 2012 - 06:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like all the bad boys have gone :) On completion of this final run let me know of any outstanding problems.

First I will remove some orphans and then look at resetting the internet connections

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
O3 - HKU\S-1-5-21-295299127-446805186-2029492379-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
[2012/09/14 18:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YourFileDownloader
[2012/09/18 21:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland


:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download Complete Internet Repair to your desktop

Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom

Posted Image
  • 0

#20
emmasabel78
Posted 03 October 2012 - 10:29 AM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi, sorry it's taken a while to reply I've been at work today. Here's the OTL report: All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-295299127-446805186-2029492379-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Administrator\Application Data\YourFileDownloader folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Borland\NetDir folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Borland folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 247653 bytes
->Temporary Internet Files folder emptied: 11619493 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8458530 bytes
->Flash cache emptied: 470 bytes

User: Administrator.STDPHARM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kevinmcnab
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.70.1 log created on 10032012_172353

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JR16H31G\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JR16H31G\search[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#21
emmasabel78
Posted 03 October 2012 - 10:35 AM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I can't download the other program it came up with a warning saying internet explorer could not download.

Thanks Em
  • 0

#22
Essexboy
Posted 03 October 2012 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Time is not a problem :)

Could you try this link for internet repair http://majorgeeks.co...3f942b034a8b48c
  • 0

#23
emmasabel78
Posted 03 October 2012 - 12:03 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
That programe ran went into reboot didn't load so I switched off manually then when it opened the Internet doesn't work at all. I've tried right clicking and repairing like I used to but still have a blank screen? I am able to type in the address bar but nothing happens

Thanks em
  • 0

#24
Essexboy
Posted 03 October 2012 - 12:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK go to the last restore point set and restore to that

Go start > run type in :

rstrui.exe

And follow the prompts, use the one we set during the OTL fix
  • 0

#25
emmasabel78
Posted 03 October 2012 - 12:30 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I've typed that in the run comment bar and I've had a warning window pop up saying "windows cannot find rstrui.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search"

Thanks em
  • 0

Advertisements

#26
emmasabel78
Posted 03 October 2012 - 01:01 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I've rebooted a couple more times and the Internet is working again now


Thanks em
  • 0

#27
Essexboy
Posted 03 October 2012 - 01:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK is it still showing white pages ?
  • 0

#28
emmasabel78
Posted 03 October 2012 - 01:34 PM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No it all looks ok now and is running ok


Thanks em
  • 0

#29
Essexboy
Posted 03 October 2012 - 03:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have sussed out what happened, internet repair was still repairing the computer when you rebooted (it does take a while to run) and the next reboot restarted it when a further reboot was required to finish it off

Any further problems before I clean up ?
  • 0

#30
emmasabel78
Posted 04 October 2012 - 09:43 AM

emmasabel78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi, When I logged back on today I had to repair the internet connection again before the page would load, other than that everything seems ok

Thanks Em
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP