Solved Trojan Horse Crypt.AQLW

R

RedEd

Posts: 45   +0
Hi, AVG tells me I'm infected with Trojan Horse Crypt.AQLW and does not seem able to remove the infection. Following the 5 steps here are the results. Thank you for any help.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ed :: ED-PC [administrator]

Protection: Enabled

29/02/2012 11:04:28
mbam-log-2012-02-29 (11-04-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284139
Time elapsed: 53 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Recycle.Bin\B6232F3AA59.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
C:\Recycle.Bin\481D2A6DA7EAFE9 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-29 16:33:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Maxtor_6Y120L0 rev.YAR41BW0
Running: p5vthjdp.exe; Driver: C:\Users\Ed\AppData\Local\Temp\pxldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C7C369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\jewk.sys The system cannot find the path specified. !
.text C:\Windows\System32\Drivers\dfsc.sys section is writeable [0x8E2C7000, 0x3C9C, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EE13000, 0x38CD55, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A08D5000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A08D5123 629 Bytes [05, 8D, A0, FE, 05, 34, 05, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A08D5399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A08D53FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A08D54AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtProtectVirtualMemory 77485F18 5 Bytes JMP 0052000A
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!NtWriteVirtualMemory 77486A98 5 Bytes JMP 0059000A
.text C:\Windows\system32\svchost.exe[1556] ntdll.dll!KiUserExceptionDispatcher 77486FE8 5 Bytes JMP 001B000A
.text C:\Windows\System32\ping.exe[4392] ntdll.dll!NtCreateProcess 77485698 5 Bytes JMP 0055000A
.text C:\Windows\System32\ping.exe[4392] ntdll.dll!NtCreateProcessEx 774856A8 5 Bytes JMP 0056000A
.text C:\Windows\System32\ping.exe[4392] ntdll.dll!NtCreateUserProcess 77485778 5 Bytes JMP 0057000A
.text C:\Windows\System32\ping.exe[4392] ntdll.dll!NtProtectVirtualMemory 77485F18 5 Bytes JMP 003E000A
.text C:\Windows\System32\ping.exe[4392] ntdll.dll!NtWriteVirtualMemory 77486A98 5 Bytes JMP 003F000A
.text C:\Windows\System32\ping.exe[4392] ntdll.dll!KiUserExceptionDispatcher 77486FE8 5 Bytes JMP 003D000A
.text C:\Windows\System32\ping.exe[4392] USER32.dll!GetCursorPos 7516A4B3 5 Bytes JMP 008F000A
.text C:\Windows\System32\ping.exe[4392] USER32.dll!GetForegroundWindow 7517335D 5 Bytes JMP 0091000A
.text C:\Windows\System32\ping.exe[4392] USER32.dll!WindowFromPoint 75196BE9 5 Bytes JMP 0090000A
.text C:\Windows\System32\ping.exe[4392] ole32.dll!CoCreateInstance 75BB9D0B 5 Bytes JMP 005D000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\TEMP\mtbuaj\setup.exe[2176] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\TEMP\mtbuaj\setup.exe[2176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\TEMP\mtbuaj\setup.exe[2176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\TEMP\mtbuaj\setup.exe[2176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\TEMP\mtbuaj\setup.exe[2176] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2552] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2552] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2552] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2552] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74D0FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8E2A3000-8E2C6000 (143360 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\System32\ping.exe (*** hidden *** ) 4392

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB9130$\1825098505 0 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553 0 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\@ 2048 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\cfg.ini 296 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\L 0 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\L\xadqgnnk 78336 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\oemid 130 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U 0 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\U\80000032.@ 73216 bytes
File C:\Windows\$NtUninstallKB9130$\2727051553\version 842 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U9BMHDI\background_gradient[2] 453 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U9BMHDI\bullet[2] 447 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MN4SDEE\bullet[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6M0OIET\httpErrorPagesScripts[1] 0 bytes
File C:\Windows\Temp\~DF6B742880D68DE119.TMP 0 bytes
File C:\Windows\Temp\~DFB66948AF3F29F320.TMP 0 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Ed at 16:36:58 on 2012-02-29
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\TEMP\mtbuaj\setup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\W2ww4sH.com
C:\Windows\system32\W2WW4S~1.COM
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\W2ww4sH.com
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ed\Downloads\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{21C6F387-FCEA-420A-86F4-973DBEC97120} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{238FBD14-0FEC-4186-932C-E1225B93772E} : DhcpNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: wemneka - c:\windows\system32\config\systemprofile\appdata\local\wemneka.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ed\appdata\roaming\mozilla\firefox\profiles\x7uoiu9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\foxit software\foxit phantompdf\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwangwang.dll
FF - plugin: c:\program files\trademanager\npwangwang.dll
FF - plugin: c:\users\ed\appdata\roaming\mozilla\firefox\profiles\x7uoiu9s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\ed\appdata\roaming\mozilla\firefox\profiles\x7uoiu9s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
2 AMService;AMService
R? avgtdi;EUSBMSD
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? mcafeeframework;Tpkmpsvc
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? osppsvc;Office Software Protection Platform
R? PEVSystemStart;Avpnnic
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? umpusbvista;Texas Instruments USB Serial Driver
R? vet-filt;Wdmaud
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? AVGIDSEH;AVGIDSEH
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? avgwd;AVG WatchDog
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? Realtek11nCU;Realtek11nCU
S? RTL8167;Realtek 8167 NT Driver
S? RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2012-02-29 11:02:24 -------- d-----w- c:\users\ed\appdata\roaming\Malwarebytes
2012-02-29 11:02:05 -------- d-----w- c:\programdata\Malwarebytes
2012-02-29 11:02:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 11:02:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 05:34:02 83456 ----a-w- c:\windows\system32\W2ww4sH.com
2012-02-29 02:03:52 83456 ----a-w- c:\windows\system32\W2ww4sH.com_
2012-02-28 22:32:21 -------- d--h--w- C:\$AVG
2012-02-28 22:31:21 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-28 20:21:00 -------- d-----w- c:\users\ed\appdata\local\ReliefJet Essentials
2012-02-28 19:47:03 -------- d--h--w- c:\programdata\Common Files
2012-02-28 19:46:59 -------- d-----w- c:\users\ed\appdata\roaming\AVG2012
2012-02-28 19:45:13 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-28 19:45:13 -------- d-----w- c:\programdata\AVG2012
2012-02-28 19:43:53 -------- d-----w- c:\program files\AVG
2012-02-28 19:36:43 -------- d-----w- c:\programdata\MFAData
2012-02-28 10:23:19 -------- d-----w- c:\users\ed\appdata\local\{928C28D1-CF31-40B0-80C6-40ED46AAD963}
2012-02-28 10:23:07 -------- d-----w- c:\users\ed\appdata\local\{59D9C12F-AE5C-45A0-B534-62DAC15E1F5E}
2012-02-27 16:49:36 -------- d-----w- c:\users\ed\appdata\local\{306C849C-CB13-48A1-863E-C353BF9A5A5C}
2012-02-27 16:49:24 -------- d-----w- c:\users\ed\appdata\local\{1EEB30EC-52DA-4E18-A50C-AF2326DB4178}
2012-02-27 16:49:12 -------- d-----w- c:\users\ed\appdata\roaming\Windows Live Writer
2012-02-27 16:49:12 -------- d-----w- c:\users\ed\appdata\local\Windows Live Writer
2012-02-27 16:38:08 -------- d-----w- c:\users\ed\appdata\local\Windows Live
2012-02-27 16:38:00 -------- d-----w- c:\program files\common files\Windows Live
2012-02-26 15:30:20 -------- d-----w- C:\Jan
2012-02-26 13:51:56 -------- d-----w- c:\program files\MSXML 4.0
2012-02-24 23:01:36 -------- d-----w- c:\users\ed\appdata\roaming\Nokia Suite
2012-02-24 22:59:00 -------- d-----w- c:\users\ed\appdata\local\NokiaAccount
2012-02-24 22:50:02 -------- d-----w- c:\users\ed\appdata\local\Nokia
2012-02-24 22:49:00 -------- d-----w- c:\programdata\Nokia
2012-02-24 22:49:00 -------- d-----w- c:\program files\common files\Nokia
2012-02-24 22:48:01 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-24 22:47:40 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-24 22:47:20 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-24 22:46:44 -------- d-----w- c:\programdata\NokiaInstallerCache
2012-02-24 22:46:44 -------- d-----w- c:\program files\Nokia
2012-02-24 22:17:10 -------- d-----w- c:\users\ed\appdata\roaming\Blackberry Desktop
2012-02-24 22:05:47 -------- d-----w- c:\users\ed\appdata\local\Research In Motion
2012-02-24 22:05:46 -------- d-----w- c:\users\ed\appdata\roaming\Research In Motion
2012-02-24 22:04:04 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-24 22:03:33 -------- d-----w- c:\programdata\Research In Motion
2012-02-24 22:03:20 -------- d-----w- c:\program files\Research In Motion
2012-02-24 22:03:20 -------- d-----w- c:\program files\common files\Research In Motion
2012-02-24 17:20:47 -------- d-----w- c:\windows\system32\aliedit
2012-02-24 17:20:39 -------- d-----w- c:\program files\Trademanager
2012-02-24 17:17:47 -------- d-----w- c:\users\ed\appdata\local\Alibaba
2012-02-18 11:19:03 -------- d-----w- c:\users\ed\appdata\roaming\Scooter Software
2012-02-18 11:18:56 -------- d-----w- c:\program files\Beyond Compare 3
2012-02-18 03:10:38 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c968969d-d305-4e77-a2be-728079485787}\mpengine.dll
2012-02-17 17:57:03 -------- d-----w- c:\program files\IMAPSize
2012-02-17 17:09:45 -------- d-----w- c:\users\ed\appdata\roaming\Helios
2012-02-17 17:09:11 49152 ----a-r- c:\users\ed\appdata\roaming\microsoft\installer\{b6ec7388-e277-4a5b-8c8f-71067a41ba64}\NewShortcut1.exe
2012-02-17 17:09:11 49152 ----a-r- c:\users\ed\appdata\roaming\microsoft\installer\{b6ec7388-e277-4a5b-8c8f-71067a41ba64}\ARPPRODUCTICON.exe
2012-02-17 17:09:08 -------- d-----w- c:\program files\TextPad 5
2012-02-15 17:24:18 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-02-15 17:21:11 -------- d-----w- c:\users\ed\appdata\local\ElevatedDiagnostics
2012-02-15 17:02:07 -------- d-----w- c:\program files\HP
2012-02-15 15:18:35 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:16:33 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-04 12:59:55 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-02-04 12:59:55 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-04 12:59:19 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-02-04 12:59:01 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-02-01 22:42:55 -------- d-----w- c:\users\ed\appdata\roaming\River Past G2
2012-01-31 21:54:25 -------- d-----w- c:\users\ed\appdata\local\Adobe
2012-01-31 21:53:37 -------- d-----w- c:\users\ed\appdata\roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
2012-01-31 21:53:25 -------- d-----w- c:\program files\MrSmooth
2012-01-31 21:52:29 -------- d-----w- c:\program files\Mr Smooth
.
==================== Find3M ====================
.
2012-02-17 19:51:03 286720 ------w- c:\windows\Setup1.exe
2012-02-17 19:50:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-28 19:37:18 87608 ----a-w- c:\users\ed\appdata\roaming\inst.exe
2012-01-28 19:37:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-28 19:37:18 47360 ----a-w- c:\users\ed\appdata\roaming\pcouffin.sys
2012-01-27 00:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:58:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 13:27:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-07 17:23:59 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-07 15:11:00 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 10:01:56 0 ----a-w- c:\windows\ativpsrm.bin
2012-01-06 08:00:00 545 ----a-w- c:\windows\UC.PIF
2012-01-06 08:00:00 545 ----a-w- c:\windows\RAR.PIF
2012-01-06 08:00:00 545 ----a-w- c:\windows\PKZIP.PIF
2012-01-06 08:00:00 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-01-06 08:00:00 545 ----a-w- c:\windows\LHA.PIF
2012-01-06 08:00:00 545 ----a-w- c:\windows\ARJ.PIF
2011-12-29 18:00:00 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14:02 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-19 14:12:00 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 14:11:58 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 14:11:58 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 14:11:58 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 14:11:56 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:45:35.16 ===============
 
....cont

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 05/01/2012 23:12:18
System Uptime: 29/02/2012 12:18:24 (4 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Phenom(tm) 9850 Quad-Core Processor | Socket M2 | 1300/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 53.721 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 28/02/2012 20:19:56 - Installed ReliefJet Essentials for Outlook
.
==== Installed Programs ======================
.
5Spice Analysis 1.65
7-Zip 9.20
Acronis True Image Home
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVG 2012
Beyond Compare Version 3.3.3
BlackBerry Desktop Software 6.1
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ConvertXtoDVD 4.0.9.322
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
File Shredder 2.0
Foxit PhantomPDF
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HP Product Detection
IMAPSize 0.3.7
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
K-Lite Codec Pack 8.1.0 (Full)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC100_CRT_SP1_x86
MozBackup 1.5.1
Mozilla Firefox 9.0.1 (x86 en-GB)
Mozilla Thunderbird 10.0.2 (x86 en-GB)
Mr Smooth v1.0
MrSmooth
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Suite
Oracle VM VirtualBox 4.1.8
PC Connectivity Solution
Polipo 1.0.4.1
Pool-Mate Link
Pool-Mate Pro Vista and Windows 7
Pool-Mate Pro Vista and Windows 7 (C:\Program Files\Pool-Mate Pro\)
REALTEK Wireless LAN Driver and Utility
ReliefJet Essentials for Outlook
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.5
Texas Instruments TUSB3410 drivers.
TextPad 5
Tor 0.2.2.35
Total Commander (Remove or Repair)
TrueCrypt
TUSB3410
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Vidalia 0.2.15
VirtualCloneDrive
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xilisoft Video Converter Ultimate 6
Youtube Downloader HD v. 2.8
.
==== Event Viewer Messages From Past Week ========
.
29/02/2012 16:45:46, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
29/02/2012 16:36:20, Error: Service Control Manager [7023] - The HECI service terminated with the following error: Access is denied.
29/02/2012 12:26:01, Error: Service Control Manager [7023] - The Hpzipr12 service terminated with the following error: Access is denied.
29/02/2012 12:25:07, Error: Service Control Manager [7023] - The SNDO763 service terminated with the following error: Access is denied.
29/02/2012 12:23:47, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
29/02/2012 12:19:02, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Zenos1 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The ZDPSp50 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Wlancig service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Wdmaud service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Vet-filt service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-http service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The UVCFTR service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The USB11LDR service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The UimBus service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Tpkmpsvc service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Szserver service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The SWNC5E00 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The SrvcEPIOMngr service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The SQLWriter service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Sis162u service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Si3132r5 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Sgeclient service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The SenFiltService service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Scdemu service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Rvsinst service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Rdpnp service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Procexp90 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Pnkbstra service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Nim32 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Monfilt service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Ma_cmidi_installerservice service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Ltxred service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The LoopBeMidi1 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Lmimirr service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The KS0108 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The K750mgmt service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Hpwirelessmgr service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Fips service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The FETNDIS service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The EUSBMSD service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Emproxy service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The DynDNS_Updater_Service service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Dell1100_FUService service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Dcstor32 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Db2das00 service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Cvsnt service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Compaq_rba service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The CdaD10BA service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Bt3cser service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Beatjammusicstreamingserver service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Bdfdll service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Aw_host service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Avsinc service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The Avpnnic service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The ALYac_PZSrv service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The A016mdm service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7023] - The 3dkeybd service terminated with the following error: The specified module could not be found.
29/02/2012 12:19:01, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
29/02/2012 12:19:01, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
29/02/2012 12:18:59, Error: Service Control Manager [7023] - The W550mdfl service terminated with the following error: The specified module could not be found.
29/02/2012 12:11:31, Error: Service Control Manager [7023] - The Sgeclient service terminated with the following error: Access is denied.
29/02/2012 11:56:32, Error: Service Control Manager [7023] - The Pnkbstra service terminated with the following error: Access is denied.
29/02/2012 11:41:31, Error: Service Control Manager [7023] - The A016mdm service terminated with the following error: Access is denied.
29/02/2012 11:26:31, Error: Service Control Manager [7023] - The Avsinc service terminated with the following error: Access is denied.
29/02/2012 11:11:32, Error: Service Control Manager [7023] - The UimBus service terminated with the following error: Access is denied.
29/02/2012 10:56:32, Error: Service Control Manager [7023] - The Si3132r5 service terminated with the following error: Access is denied.
29/02/2012 10:41:33, Error: Service Control Manager [7023] - The Rvsinst service terminated with the following error: Access is denied.
29/02/2012 10:26:32, Error: Service Control Manager [7023] - The KS0108 service terminated with the following error: Access is denied.
29/02/2012 10:11:32, Error: Service Control Manager [7023] - The Zenos1 service terminated with the following error: Access is denied.
29/02/2012 10:07:21, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
29/02/2012 10:04:33, Error: Service Control Manager [7023] - The W550mdfl service terminated with the following error: Access is denied.
29/02/2012 09:56:32, Error: Service Control Manager [7023] - The Fips service terminated with the following error: Access is denied.
29/02/2012 09:41:32, Error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-http service terminated with the following error: Access is denied.
29/02/2012 09:26:31, Error: Service Control Manager [7023] - The DynDNS_Updater_Service service terminated with the following error: Access is denied.
29/02/2012 09:14:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek11nCU service.
29/02/2012 09:11:31, Error: Service Control Manager [7023] - The Sis162u service terminated with the following error: Access is denied.
29/02/2012 08:56:31, Error: Service Control Manager [7023] - The Db2das00 service terminated with the following error: Access is denied.
29/02/2012 08:41:31, Error: Service Control Manager [7023] - The CdaD10BA service terminated with the following error: Access is denied.
29/02/2012 08:26:31, Error: Service Control Manager [7023] - The Ma_cmidi_installerservice service terminated with the following error: Access is denied.
29/02/2012 08:11:31, Error: Service Control Manager [7023] - The USB11LDR service terminated with the following error: Access is denied.
29/02/2012 07:56:31, Error: Service Control Manager [7023] - The Compaq_rba service terminated with the following error: Access is denied.
29/02/2012 07:55:31, Error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: Access is denied.
29/02/2012 07:47:44, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x8cbfc000, 0x00000000, 0x861d07f0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-133536-01.
29/02/2012 07:47:28, Error: Service Control Manager [7023] - The SrvcEPIOMngr service terminated with the following error: Access is denied.
29/02/2012 07:47:27, Error: Service Control Manager [7023] - The ZDPSp50 service terminated with the following error: Access is denied.
29/02/2012 07:47:27, Error: Service Control Manager [7023] - The Wdmaud service terminated with the following error: Access is denied.
29/02/2012 07:47:27, Error: Service Control Manager [7023] - The SenFiltService service terminated with the following error: Access is denied.
29/02/2012 07:47:27, Error: Service Control Manager [7023] - The Rdpnp service terminated with the following error: Access is denied.
29/02/2012 07:47:27, Error: Service Control Manager [7023] - The Ltxred service terminated with the following error: Access is denied.
29/02/2012 07:47:26, Error: Service Control Manager [7023] - The Sysmonlog service terminated with the following error: Access is denied.
29/02/2012 07:47:26, Error: Service Control Manager [7023] - The Lmimirr service terminated with the following error: Access is denied.
29/02/2012 07:47:26, Error: Service Control Manager [7023] - The Dcstor32 service terminated with the following error: Access is denied.
29/02/2012 07:47:25, Error: Service Control Manager [7023] - The Scdemu service terminated with the following error: Access is denied.
29/02/2012 07:47:25, Error: Service Control Manager [7023] - The Dell1100_FUService service terminated with the following error: Access is denied.
29/02/2012 07:47:25, Error: Service Control Manager [7023] - The Cvsnt service terminated with the following error: Access is denied.
29/02/2012 07:47:25, Error: Service Control Manager [7023] - The Bt3cser service terminated with the following error: Access is denied.
29/02/2012 07:47:24, Error: Service Control Manager [7023] - The Iaimfp3 service terminated with the following error: Access is denied.
29/02/2012 07:47:23, Error: Service Control Manager [7023] - The Vet-filt service terminated with the following error: Access is denied.
29/02/2012 07:47:23, Error: Service Control Manager [7023] - The Szserver service terminated with the following error: Access is denied.
29/02/2012 07:47:23, Error: Service Control Manager [7023] - The Procexp90 service terminated with the following error: Access is denied.
29/02/2012 07:47:23, Error: Service Control Manager [7023] - The Hpwirelessmgr service terminated with the following error: Access is denied.
29/02/2012 07:47:23, Error: Service Control Manager [7023] - The Bdfdll service terminated with the following error: Access is denied.
29/02/2012 07:47:22, Error: Service Control Manager [7023] - The Tpkmpsvc service terminated with the following error: Access is denied.
29/02/2012 07:47:22, Error: Service Control Manager [7023] - The K750mgmt service terminated with the following error: Access is denied.
29/02/2012 07:47:22, Error: Service Control Manager [7023] - The FETNDIS service terminated with the following error: Access is denied.
29/02/2012 07:47:22, Error: Service Control Manager [7023] - The ALYac_PZSrv service terminated with the following error: Access is denied.
29/02/2012 07:47:21, Error: Service Control Manager [7023] - The UVCFTR service terminated with the following error: Access is denied.
29/02/2012 07:47:21, Error: Service Control Manager [7023] - The Monfilt service terminated with the following error: Access is denied.
29/02/2012 07:47:20, Error: Service Control Manager [7023] - The SQLWriter service terminated with the following error: Access is denied.
29/02/2012 01:27:12, Error: Service Control Manager [7023] - The Aw_host service terminated with the following error: Access is denied.
29/02/2012 01:12:24, Error: Service Control Manager [7023] - The Wlancig service terminated with the following error: Access is denied.
29/02/2012 00:59:11, Error: Service Control Manager [7023] - The Emproxy service terminated with the following error: Access is denied.
29/02/2012 00:57:06, Error: Service Control Manager [7023] - The LoopBeMidi1 service terminated with the following error: Access is denied.
29/02/2012 00:42:22, Error: Service Control Manager [7023] - The EUSBMSD service terminated with the following error: Access is denied.
29/02/2012 00:27:13, Error: Service Control Manager [7023] - The Beatjammusicstreamingserver service terminated with the following error: Access is denied.
29/02/2012 00:26:14, Error: Service Control Manager [7023] - The Avpnnic service terminated with the following error: Access is denied.
29/02/2012 00:12:03, Error: Service Control Manager [7023] - The 3dkeybd service terminated with the following error: Access is denied.
28/02/2012 22:51:34, Error: Service Control Manager [7023] - The SWNC5E00 service terminated with the following error: Access is denied.
28/02/2012 22:32:22, Error: Service Control Manager [7023] - The Nim32 service terminated with the following error: Access is denied.
28/02/2012 22:31:23, Error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: Access is denied.
26/02/2012 15:16:17, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
25/02/2012 10:44:27, Error: VDS Dynamic Provider [22] - The provider encountered an error while converting the basic disk to a dynamic disk. status=C00000BB, Disk number=3
25/02/2012 10:40:01, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
25/02/2012 08:54:33, Error: Ntfs [137] - The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.
25/02/2012 08:54:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
24/02/2012 22:47:55, Error: Service Control Manager [7030] - The ServiceLayer service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
24/02/2012 22:11:59, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
24/02/2012 12:03:17, Error: Ntfs [137] - The default transaction resource manager on volume L: encountered a non-retryable error and could not start. The data contains the error code.
22/02/2012 23:24:50, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Click on SCAN.
    [/b]
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-29 17:52:25
-----------------------------
17:52:25.401 OS Version: Windows 6.1.7601 Service Pack 1
17:52:25.401 Number of processors: 4 586 0x203
17:52:25.404 ComputerName: ED-PC UserName: Ed
17:53:54.845 Initialize success
17:57:14.787 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:57:14.791 Disk 0 Vendor: Maxtor_6Y120L0 YAR41BW0 Size: 117246MB BusType: 3
17:57:14.796 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
17:57:14.798 Disk 1 Vendor: ST3400832AS 3.03 Size: 381554MB BusType: 11
17:57:15.169 Disk 0 MBR read successfully
17:57:15.175 Disk 0 MBR scan
17:57:15.181 Disk 0 Windows 7 default MBR code
17:57:15.208 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:57:15.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 117144 MB offset 206848
17:57:15.367 Disk 0 scanning sectors +240117760
17:57:15.434 Disk 0 scanning C:\Windows\system32\drivers
18:00:54.301 Service scanning
18:02:05.249 Modules scanning
18:03:09.399 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
18:04:18.438 Disk 0 trace - called modules:
18:04:18.490 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860d1fd0]<<
18:04:18.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d7e030]
18:04:18.506 3 CLASSPNP.SYS[88c6459e] -> nt!IofCallDriver -> [0x8612bb68]
18:04:18.513 \Driver\00000749[0x8612bca0] -> IRP_MJ_CREATE -> 0x860d1fd0
18:04:18.520 Scan finished successfully
18:16:18.236 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
18:16:18.242 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"


RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Ed [Admin rights]
Mode: Scan -- Date: 02/29/2012 18:18:39

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\TEMP\mtbuaj\setup.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y120L0 ATA Device +++++
--- User ---
[MBR] e7b41c3775155a035b85343ad7abc611
[BSP] 15f7d13223205021603bad74e2b87df3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 117144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3400832AS ATA Device +++++
--- User ---
[MBR] 7f7d2ae37f430e0edc48dac3bcfadcab
[BSP] f3ef6921d4329cacc5ed5a0b03a8ac3f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 381552 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-25.02 - Ed 29/02/2012 20:10:06.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1789.1124 [GMT 0:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ed\AppData\Roaming\inst.exe
c:\users\Ed\AppData\Roaming\vso_ts_preview.xml
c:\windows\$NtUninstallKB9130$\1825098505
c:\windows\$NtUninstallKB9130$\2727051553\@
c:\windows\$NtUninstallKB9130$\2727051553\cfg.ini
c:\windows\$NtUninstallKB9130$\2727051553\Desktop.ini
c:\windows\$NtUninstallKB9130$\2727051553\L\xadqgnnk
c:\windows\$NtUninstallKB9130$\2727051553\oemid
c:\windows\$NtUninstallKB9130$\2727051553\U\00000001.@
c:\windows\$NtUninstallKB9130$\2727051553\U\00000002.@
c:\windows\$NtUninstallKB9130$\2727051553\U\00000004.@
c:\windows\$NtUninstallKB9130$\2727051553\U\80000000.@
c:\windows\$NtUninstallKB9130$\2727051553\U\80000004.@
c:\windows\$NtUninstallKB9130$\2727051553\U\80000032.@
c:\windows\$NtUninstallKB9130$\2727051553\version
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\$NtUninstallKB9130$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 20:36 . 2012-02-29 01:02 83456 ----a-w- c:\windows\system32\W2ww4sH.com
2012-02-29 20:24 . 2012-02-29 20:55 -------- d-----w- c:\users\Ed\AppData\Local\temp
2012-02-29 20:24 . 2012-02-29 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\users\Ed\AppData\Roaming\Malwarebytes
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\programdata\Malwarebytes
2012-02-29 11:02 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 22:31 . 2012-02-29 19:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-28 20:21 . 2012-02-28 22:12 -------- d-----w- c:\users\Ed\AppData\Local\ReliefJet Essentials
2012-02-28 19:47 . 2012-02-28 19:47 -------- d--h--w- c:\programdata\Common Files
2012-02-28 19:43 . 2012-02-28 19:43 -------- d-----w- c:\program files\AVG
2012-02-28 19:36 . 2012-02-29 18:43 -------- d-----w- c:\programdata\MFAData
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live Writer
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Roaming\Windows Live Writer
2012-02-27 16:43 . 2012-02-27 16:46 -------- d-----w- c:\program files\Windows Live
2012-02-27 16:38 . 2012-02-28 10:23 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live
2012-02-27 16:38 . 2012-02-27 16:38 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-26 15:30 . 2012-02-26 15:38 -------- d-----w- C:\Jan
2012-02-26 13:51 . 2012-02-26 13:51 -------- d-----w- c:\program files\MSXML 4.0
2012-02-24 23:01 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia Suite
2012-02-24 22:50 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia
2012-02-24 22:50 . 2012-02-24 22:52 -------- d-----w- c:\users\Ed\AppData\Local\Nokia
2012-02-24 22:49 . 2012-02-24 22:57 -------- d-----w- c:\programdata\PC Suite
2012-02-24 22:49 . 2012-02-24 22:59 -------- d-----w- c:\users\Ed\AppData\Roaming\PC Suite
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\program files\Common Files\Nokia
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\programdata\Nokia
2012-02-24 22:48 . 2012-02-24 22:48 -------- d-----w- c:\program files\DIFX
2012-02-24 22:48 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-24 22:47 . 2012-02-24 22:47 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-24 22:47 . 2011-11-01 10:07 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-24 22:46 . 2012-02-24 22:49 -------- d-----w- c:\program files\Nokia
2012-02-24 22:17 . 2012-02-24 22:17 -------- d-----w- c:\users\Ed\AppData\Roaming\Blackberry Desktop
2012-02-24 22:05 . 2012-02-24 22:05 -------- d-----w- c:\users\Ed\AppData\Local\Research In Motion
2012-02-24 22:05 . 2012-02-24 22:11 -------- d-----w- c:\users\Ed\AppData\Roaming\Research In Motion
2012-02-24 22:04 . 2011-07-20 15:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\programdata\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Research In Motion
2012-02-24 17:20 . 2012-02-24 17:20 -------- d-----w- c:\windows\system32\aliedit
2012-02-24 17:20 . 2012-02-27 13:17 -------- d-----w- c:\program files\Trademanager
2012-02-24 17:17 . 2012-02-24 17:17 -------- d-----w- c:\users\Ed\AppData\Local\Alibaba
2012-02-18 11:19 . 2012-02-18 11:19 -------- d-----w- c:\users\Ed\AppData\Roaming\Scooter Software
2012-02-18 11:18 . 2012-02-18 11:19 -------- d-----w- c:\program files\Beyond Compare 3
2012-02-18 03:10 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C968969D-D305-4E77-A2BE-728079485787}\mpengine.dll
2012-02-17 17:57 . 2012-02-17 17:57 -------- d-----w- c:\program files\IMAPSize
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\users\Ed\AppData\Roaming\Helios
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\ARPPRODUCTICON.exe
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\program files\TextPad 5
2012-02-15 17:24 . 2009-06-22 18:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-02-15 17:21 . 2012-02-15 17:21 -------- d-----w- c:\users\Ed\AppData\Local\ElevatedDiagnostics
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\HP
2012-02-15 15:18 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:16 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 00:52 . 2012-02-14 00:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-07 08:06 . 2012-02-07 08:07 -------- d-----w- c:\users\Jan
2012-02-04 12:59 . 2012-02-04 12:59 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-02-04 12:59 . 2012-02-04 12:59 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-04 12:59 . 2012-02-04 12:59 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-02-04 12:59 . 2012-02-04 12:59 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Common Files\Acronis
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Acronis
2012-02-01 22:42 . 2012-02-01 22:42 -------- d-----w- c:\users\Ed\AppData\Roaming\River Past G2
2012-02-01 21:25 . 2012-02-01 21:25 -------- d-----w- c:\program files\7-Zip
2012-02-01 20:13 . 2012-02-01 20:13 -------- d-----w- c:\windows\Sun
2012-01-31 21:54 . 2012-01-31 21:54 -------- d-----w- c:\users\Ed\AppData\Local\Adobe
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\users\Ed\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\program files\MrSmooth
2012-01-31 21:53 . 2012-02-01 22:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-31 21:52 . 2012-01-31 21:52 -------- d-----w- c:\program files\Mr Smooth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 16:44 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 19:51 . 2012-01-15 19:35 286720 ------w- c:\windows\Setup1.exe
2012-02-17 19:50 . 2012-01-15 19:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\users\Ed\AppData\Roaming\pcouffin.sys
2012-01-27 00:21 . 2012-01-06 21:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:58 . 2012-01-07 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 13:27 . 2012-01-08 13:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-07 17:23 . 2012-01-07 17:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-07 15:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 12:50 . 2012-01-07 12:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-07 12:50 . 2012-01-07 12:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-07 12:50 . 2012-01-07 12:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-07 12:50 . 2012-01-07 12:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-07 12:50 . 2012-01-07 12:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-07 12:50 . 2012-01-07 12:50 367104 ----a-w- c:\windows\system32\html.iec
2012-01-07 12:50 . 2012-01-07 12:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-07 12:50 . 2012-01-07 12:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-07 12:50 . 2012-01-07 12:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-07 12:50 . 2012-01-07 12:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-07 12:50 . 2012-01-07 12:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-07 12:50 . 2012-01-07 12:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-07 12:50 . 2012-01-07 12:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-07 12:50 . 2012-01-07 12:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-07 12:50 . 2012-01-07 12:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\UC.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\RAR.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\LHA.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\ARJ.PIF
2011-12-29 18:00 . 2012-01-22 20:26 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2012-01-22 20:26 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-19 14:12 . 2011-12-19 14:12 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 14:11 . 2012-01-07 19:11 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 14:11 . 2012-01-07 19:11 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 14:11 . 2011-12-19 14:11 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 14:11 . 2011-12-19 14:11 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-21 07:47 . 2012-01-07 10:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wemneka]
2012-02-29 10:07 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\wemneka.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-10-20 47104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1343400]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Realtek11nCU;Realtek11nCU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-28 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 728064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
ibmsmbus
dpti2o
PEVSystemStart
avgtdi
hpdskflt
z800mdfl
s117obex
WmVirHid
Si3132
HSFHWALI
W8100PCI
X10UIF
bcm4sbxp
wdm_au8820
SymIM
dbmanagerscheduler
PciBus
uphclean
npfmntor
rslinx
thotkey
nHancer
mlkkbdntdriver
bwsvc
SE27mdm
epstnt01
mssql$soshome22
se59mgmt
roxwatch9
aswrdr
PGPsdkDriver
hpqddsvc
dlcf_device
sis162u
mxssvr
coste
pctfw1
vetefile
cdr4_2k
enxpsvc
transactional
NWSNS
atmarpc
NeroMediaHomeService.4
VAIOMediaPlatform-VideoServer-UPnP
DSDrv4
adobeversioncue
cm102u32
MSICPL
vzupsvc
fsma
AtiHdmiService
SE2Bmdfl
cdvp
licenseservice
se26nd5
mcafeeframework
VCAM
pdlndldl
vet-filt
hsfhwbs2
SaiMini
roxupnpserver
NsTrcNT
umpusbxp
tvichw32
inotask
Eplpdx02
w800mdfl
ooclevercacheagent
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\At1.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At10.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At11.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At12.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At13.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At14.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At15.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At16.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At17.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At18.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At19.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At2.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At20.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At21.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At22.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At23.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At24.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At25.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At26.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At27.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At28.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At29.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At3.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At30.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At31.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At32.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At33.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At34.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At35.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At36.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At37.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At38.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At39.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At4.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At40.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At41.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At42.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At43.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At44.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At45.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At46.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At47.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At48.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At5.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At6.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At7.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At8.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At9.job
- c:\windows\system32\W2ww4sH.com [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7uoiu9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,ce,0e,42,83,f6,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\relog_ap.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\DllHost.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Completion time: 2012-02-29 21:05:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 21:05
.
Pre-Run: 69,992,087,552 bytes free
Post-Run: 70,047,584,256 bytes free
.
- - End Of File - - 08D6CB038DD78D98446F291C941300C6
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\W2ww4sH.com
c:\windows\system32\dds_trash_log.cmd
c:\windows\System32\config\systemprofile\AppData\Local\wemneka.dll

At::

DDS::
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wemneka]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-25.02 - Ed 29/02/2012 21:59:32.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1789.972 [GMT 0:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\wemneka.dll"
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\system32\W2ww4sH.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\config\systemprofile\AppData\Local\wemneka.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\W2ww4sH.com
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 22:10 . 2012-02-29 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 20:24 . 2012-02-29 22:10 -------- d-----w- c:\users\Ed\AppData\Local\temp
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\users\Ed\AppData\Roaming\Malwarebytes
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\programdata\Malwarebytes
2012-02-29 11:02 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 02:03 . 2012-02-29 01:02 83456 ----a-w- c:\windows\system32\W2ww4sH.com_
2012-02-28 20:21 . 2012-02-28 22:12 -------- d-----w- c:\users\Ed\AppData\Local\ReliefJet Essentials
2012-02-28 19:47 . 2012-02-28 19:47 -------- d--h--w- c:\programdata\Common Files
2012-02-28 19:43 . 2012-02-28 19:43 -------- d-----w- c:\program files\AVG
2012-02-28 19:36 . 2012-02-29 18:43 -------- d-----w- c:\programdata\MFAData
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live Writer
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Roaming\Windows Live Writer
2012-02-27 16:43 . 2012-02-27 16:46 -------- d-----w- c:\program files\Windows Live
2012-02-27 16:38 . 2012-02-28 10:23 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live
2012-02-27 16:38 . 2012-02-27 16:38 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-26 15:30 . 2012-02-26 15:38 -------- d-----w- C:\Jan
2012-02-26 13:51 . 2012-02-26 13:51 -------- d-----w- c:\program files\MSXML 4.0
2012-02-24 23:01 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia Suite
2012-02-24 22:50 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia
2012-02-24 22:50 . 2012-02-24 22:52 -------- d-----w- c:\users\Ed\AppData\Local\Nokia
2012-02-24 22:49 . 2012-02-24 22:57 -------- d-----w- c:\programdata\PC Suite
2012-02-24 22:49 . 2012-02-24 22:59 -------- d-----w- c:\users\Ed\AppData\Roaming\PC Suite
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\program files\Common Files\Nokia
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\programdata\Nokia
2012-02-24 22:48 . 2012-02-24 22:48 -------- d-----w- c:\program files\DIFX
2012-02-24 22:48 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-24 22:47 . 2012-02-24 22:47 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-24 22:47 . 2011-11-01 10:07 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-24 22:46 . 2012-02-24 22:49 -------- d-----w- c:\program files\Nokia
2012-02-24 22:17 . 2012-02-24 22:17 -------- d-----w- c:\users\Ed\AppData\Roaming\Blackberry Desktop
2012-02-24 22:05 . 2012-02-24 22:05 -------- d-----w- c:\users\Ed\AppData\Local\Research In Motion
2012-02-24 22:05 . 2012-02-24 22:11 -------- d-----w- c:\users\Ed\AppData\Roaming\Research In Motion
2012-02-24 22:04 . 2011-07-20 15:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\programdata\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Research In Motion
2012-02-24 17:20 . 2012-02-24 17:20 -------- d-----w- c:\windows\system32\aliedit
2012-02-24 17:20 . 2012-02-27 13:17 -------- d-----w- c:\program files\Trademanager
2012-02-24 17:17 . 2012-02-24 17:17 -------- d-----w- c:\users\Ed\AppData\Local\Alibaba
2012-02-18 11:19 . 2012-02-18 11:19 -------- d-----w- c:\users\Ed\AppData\Roaming\Scooter Software
2012-02-18 11:18 . 2012-02-18 11:19 -------- d-----w- c:\program files\Beyond Compare 3
2012-02-18 03:10 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C968969D-D305-4E77-A2BE-728079485787}\mpengine.dll
2012-02-17 17:57 . 2012-02-17 17:57 -------- d-----w- c:\program files\IMAPSize
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\users\Ed\AppData\Roaming\Helios
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\ARPPRODUCTICON.exe
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\program files\TextPad 5
2012-02-15 17:24 . 2009-06-22 18:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-02-15 17:21 . 2012-02-15 17:21 -------- d-----w- c:\users\Ed\AppData\Local\ElevatedDiagnostics
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\HP
2012-02-15 15:18 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:16 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 00:52 . 2012-02-14 00:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-07 08:06 . 2012-02-07 08:07 -------- d-----w- c:\users\Jan
2012-02-04 12:59 . 2012-02-04 12:59 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-02-04 12:59 . 2012-02-04 12:59 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-04 12:59 . 2012-02-04 12:59 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-02-04 12:59 . 2012-02-04 12:59 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Common Files\Acronis
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Acronis
2012-02-01 22:42 . 2012-02-01 22:42 -------- d-----w- c:\users\Ed\AppData\Roaming\River Past G2
2012-02-01 21:25 . 2012-02-01 21:25 -------- d-----w- c:\program files\7-Zip
2012-02-01 20:13 . 2012-02-01 20:13 -------- d-----w- c:\windows\Sun
2012-01-31 21:54 . 2012-01-31 21:54 -------- d-----w- c:\users\Ed\AppData\Local\Adobe
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\users\Ed\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\program files\MrSmooth
2012-01-31 21:53 . 2012-02-01 22:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-31 21:52 . 2012-01-31 21:52 -------- d-----w- c:\program files\Mr Smooth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 16:44 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 19:51 . 2012-01-15 19:35 286720 ------w- c:\windows\Setup1.exe
2012-02-17 19:50 . 2012-01-15 19:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\users\Ed\AppData\Roaming\pcouffin.sys
2012-01-27 00:21 . 2012-01-06 21:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:58 . 2012-01-07 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 13:27 . 2012-01-08 13:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-07 17:23 . 2012-01-07 17:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-07 15:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 12:50 . 2012-01-07 12:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-07 12:50 . 2012-01-07 12:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-07 12:50 . 2012-01-07 12:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-07 12:50 . 2012-01-07 12:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-07 12:50 . 2012-01-07 12:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-07 12:50 . 2012-01-07 12:50 367104 ----a-w- c:\windows\system32\html.iec
2012-01-07 12:50 . 2012-01-07 12:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-07 12:50 . 2012-01-07 12:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-07 12:50 . 2012-01-07 12:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-07 12:50 . 2012-01-07 12:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-07 12:50 . 2012-01-07 12:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-07 12:50 . 2012-01-07 12:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-07 12:50 . 2012-01-07 12:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-07 12:50 . 2012-01-07 12:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-07 12:50 . 2012-01-07 12:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\UC.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\RAR.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\LHA.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\ARJ.PIF
2011-12-29 18:00 . 2012-01-22 20:26 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2012-01-22 20:26 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-19 14:12 . 2011-12-19 14:12 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 14:11 . 2012-01-07 19:11 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 14:11 . 2012-01-07 19:11 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 14:11 . 2011-12-19 14:11 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 14:11 . 2011-12-19 14:11 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-21 07:47 . 2012-01-07 10:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-10-20 47104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1343400]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Realtek11nCU;Realtek11nCU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-28 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 728064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
ibmsmbus
dpti2o
PEVSystemStart
avgtdi
hpdskflt
z800mdfl
s117obex
WmVirHid
Si3132
HSFHWALI
W8100PCI
X10UIF
bcm4sbxp
wdm_au8820
SymIM
dbmanagerscheduler
PciBus
uphclean
npfmntor
rslinx
thotkey
nHancer
mlkkbdntdriver
bwsvc
SE27mdm
epstnt01
mssql$soshome22
se59mgmt
roxwatch9
aswrdr
PGPsdkDriver
hpqddsvc
dlcf_device
sis162u
mxssvr
coste
pctfw1
vetefile
cdr4_2k
enxpsvc
transactional
NWSNS
atmarpc
NeroMediaHomeService.4
VAIOMediaPlatform-VideoServer-UPnP
DSDrv4
adobeversioncue
cm102u32
MSICPL
vzupsvc
fsma
AtiHdmiService
SE2Bmdfl
cdvp
licenseservice
se26nd5
mcafeeframework
VCAM
pdlndldl
vet-filt
hsfhwbs2
SaiMini
roxupnpserver
NsTrcNT
umpusbxp
tvichw32
inotask
Eplpdx02
w800mdfl
ooclevercacheagent
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\At10.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At12.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At14.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At16.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At18.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At2.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At20.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At22.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At24.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At26.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At28.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At30.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At32.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At34.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At36.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At38.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At4.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At40.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At42.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At44.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At46.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At48.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At6.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\At8.job
- c:\windows\system32\W2ww4sH.com_ [2012-02-29 01:02]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7uoiu9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,ce,0e,42,83,f6,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2012-02-29 22:15:19
ComboFix-quarantined-files.txt 2012-02-29 22:15
ComboFix2.txt 2012-02-29 21:05
.
Pre-Run: 70,145,544,192 bytes free
Post-Run: 70,125,527,040 bytes free
.
- - End Of File - - F8311CECE18D4A69C7C181513401D5BC
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\W2ww4sH.com_

At::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-25.02 - Ed 29/02/2012 22:57:52.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1789.1070 [GMT 0:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\W2ww4sH.com_"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 23:08 . 2012-02-29 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 20:24 . 2012-02-29 23:08 -------- d-----w- c:\users\Ed\AppData\Local\temp
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\users\Ed\AppData\Roaming\Malwarebytes
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\programdata\Malwarebytes
2012-02-29 11:02 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 02:03 . 2012-02-29 01:02 83456 ----a-w- c:\windows\system32\W2ww4sH.com__
2012-02-28 20:21 . 2012-02-28 22:12 -------- d-----w- c:\users\Ed\AppData\Local\ReliefJet Essentials
2012-02-28 19:47 . 2012-02-28 19:47 -------- d--h--w- c:\programdata\Common Files
2012-02-28 19:43 . 2012-02-28 19:43 -------- d-----w- c:\program files\AVG
2012-02-28 19:36 . 2012-02-29 18:43 -------- d-----w- c:\programdata\MFAData
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live Writer
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Roaming\Windows Live Writer
2012-02-27 16:43 . 2012-02-27 16:46 -------- d-----w- c:\program files\Windows Live
2012-02-27 16:38 . 2012-02-28 10:23 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live
2012-02-27 16:38 . 2012-02-27 16:38 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-26 15:30 . 2012-02-26 15:38 -------- d-----w- C:\Jan
2012-02-26 13:51 . 2012-02-26 13:51 -------- d-----w- c:\program files\MSXML 4.0
2012-02-24 23:01 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia Suite
2012-02-24 22:50 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia
2012-02-24 22:50 . 2012-02-24 22:52 -------- d-----w- c:\users\Ed\AppData\Local\Nokia
2012-02-24 22:49 . 2012-02-24 22:57 -------- d-----w- c:\programdata\PC Suite
2012-02-24 22:49 . 2012-02-24 22:59 -------- d-----w- c:\users\Ed\AppData\Roaming\PC Suite
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\program files\Common Files\Nokia
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\programdata\Nokia
2012-02-24 22:48 . 2012-02-24 22:48 -------- d-----w- c:\program files\DIFX
2012-02-24 22:48 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-24 22:47 . 2012-02-24 22:47 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-24 22:47 . 2011-11-01 10:07 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-24 22:46 . 2012-02-24 22:49 -------- d-----w- c:\program files\Nokia
2012-02-24 22:17 . 2012-02-24 22:17 -------- d-----w- c:\users\Ed\AppData\Roaming\Blackberry Desktop
2012-02-24 22:05 . 2012-02-24 22:05 -------- d-----w- c:\users\Ed\AppData\Local\Research In Motion
2012-02-24 22:05 . 2012-02-24 22:11 -------- d-----w- c:\users\Ed\AppData\Roaming\Research In Motion
2012-02-24 22:04 . 2011-07-20 15:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\programdata\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Research In Motion
2012-02-24 17:20 . 2012-02-24 17:20 -------- d-----w- c:\windows\system32\aliedit
2012-02-24 17:20 . 2012-02-27 13:17 -------- d-----w- c:\program files\Trademanager
2012-02-24 17:17 . 2012-02-24 17:17 -------- d-----w- c:\users\Ed\AppData\Local\Alibaba
2012-02-18 11:19 . 2012-02-18 11:19 -------- d-----w- c:\users\Ed\AppData\Roaming\Scooter Software
2012-02-18 11:18 . 2012-02-18 11:19 -------- d-----w- c:\program files\Beyond Compare 3
2012-02-18 03:10 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C968969D-D305-4E77-A2BE-728079485787}\mpengine.dll
2012-02-17 17:57 . 2012-02-17 17:57 -------- d-----w- c:\program files\IMAPSize
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\users\Ed\AppData\Roaming\Helios
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\ARPPRODUCTICON.exe
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\program files\TextPad 5
2012-02-15 17:24 . 2009-06-22 18:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-02-15 17:21 . 2012-02-15 17:21 -------- d-----w- c:\users\Ed\AppData\Local\ElevatedDiagnostics
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\HP
2012-02-15 15:18 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:16 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 00:52 . 2012-02-14 00:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-07 08:06 . 2012-02-07 08:07 -------- d-----w- c:\users\Jan
2012-02-04 12:59 . 2012-02-04 12:59 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-02-04 12:59 . 2012-02-04 12:59 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-04 12:59 . 2012-02-04 12:59 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-02-04 12:59 . 2012-02-04 12:59 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Common Files\Acronis
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Acronis
2012-02-01 22:42 . 2012-02-01 22:42 -------- d-----w- c:\users\Ed\AppData\Roaming\River Past G2
2012-02-01 21:25 . 2012-02-01 21:25 -------- d-----w- c:\program files\7-Zip
2012-02-01 20:13 . 2012-02-01 20:13 -------- d-----w- c:\windows\Sun
2012-01-31 21:54 . 2012-01-31 21:54 -------- d-----w- c:\users\Ed\AppData\Local\Adobe
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\users\Ed\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\program files\MrSmooth
2012-01-31 21:53 . 2012-02-01 22:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-31 21:52 . 2012-01-31 21:52 -------- d-----w- c:\program files\Mr Smooth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 16:44 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 19:51 . 2012-01-15 19:35 286720 ------w- c:\windows\Setup1.exe
2012-02-17 19:50 . 2012-01-15 19:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\users\Ed\AppData\Roaming\pcouffin.sys
2012-01-27 00:21 . 2012-01-06 21:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:58 . 2012-01-07 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 13:27 . 2012-01-08 13:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-07 17:23 . 2012-01-07 17:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-07 15:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 12:50 . 2012-01-07 12:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-07 12:50 . 2012-01-07 12:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-07 12:50 . 2012-01-07 12:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-07 12:50 . 2012-01-07 12:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-07 12:50 . 2012-01-07 12:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-07 12:50 . 2012-01-07 12:50 367104 ----a-w- c:\windows\system32\html.iec
2012-01-07 12:50 . 2012-01-07 12:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-07 12:50 . 2012-01-07 12:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-07 12:50 . 2012-01-07 12:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-07 12:50 . 2012-01-07 12:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-07 12:50 . 2012-01-07 12:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-07 12:50 . 2012-01-07 12:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-07 12:50 . 2012-01-07 12:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-07 12:50 . 2012-01-07 12:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-07 12:50 . 2012-01-07 12:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\UC.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\RAR.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\LHA.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\ARJ.PIF
2011-12-29 18:00 . 2012-01-22 20:26 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2012-01-22 20:26 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-19 14:12 . 2011-12-19 14:12 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 14:11 . 2012-01-07 19:11 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 14:11 . 2012-01-07 19:11 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 14:11 . 2011-12-19 14:11 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 14:11 . 2011-12-19 14:11 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-21 07:47 . 2012-01-07 10:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-10-20 47104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1343400]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Realtek11nCU;Realtek11nCU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-28 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 728064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
ibmsmbus
dpti2o
PEVSystemStart
avgtdi
hpdskflt
z800mdfl
s117obex
WmVirHid
Si3132
HSFHWALI
W8100PCI
X10UIF
bcm4sbxp
wdm_au8820
SymIM
dbmanagerscheduler
PciBus
uphclean
npfmntor
rslinx
thotkey
nHancer
mlkkbdntdriver
bwsvc
SE27mdm
epstnt01
mssql$soshome22
se59mgmt
roxwatch9
aswrdr
PGPsdkDriver
hpqddsvc
dlcf_device
sis162u
mxssvr
coste
pctfw1
vetefile
cdr4_2k
enxpsvc
transactional
NWSNS
atmarpc
NeroMediaHomeService.4
VAIOMediaPlatform-VideoServer-UPnP
DSDrv4
adobeversioncue
cm102u32
MSICPL
vzupsvc
fsma
AtiHdmiService
SE2Bmdfl
cdvp
licenseservice
se26nd5
mcafeeframework
VCAM
pdlndldl
vet-filt
hsfhwbs2
SaiMini
roxupnpserver
NsTrcNT
umpusbxp
tvichw32
inotask
Eplpdx02
w800mdfl
ooclevercacheagent
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7uoiu9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,ce,0e,42,83,f6,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2012-02-29 23:13:24
ComboFix-quarantined-files.txt 2012-02-29 23:13
ComboFix2.txt 2012-02-29 22:15
ComboFix3.txt 2012-02-29 21:05
.
Pre-Run: 69,780,140,032 bytes free
Post-Run: 69,732,491,264 bytes free
.
- - End Of File - - 7CC4470FF576FACDD6AC94009D5AD3A4
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\W2ww4sH.com__

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-25.02 - Ed 01/03/2012 17:34:09.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2813.1625 [GMT 0:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\W2ww4sH.com_"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-03-01 17:42 . 2012-03-01 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 20:24 . 2012-03-01 17:42 -------- d-----w- c:\users\Ed\AppData\Local\temp
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\users\Ed\AppData\Roaming\Malwarebytes
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\programdata\Malwarebytes
2012-02-29 11:02 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 11:02 . 2012-02-29 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 02:03 . 2012-02-29 01:02 83456 ----a-w- c:\windows\system32\W2ww4sH.com__
2012-02-28 20:21 . 2012-02-28 22:12 -------- d-----w- c:\users\Ed\AppData\Local\ReliefJet Essentials
2012-02-28 19:47 . 2012-02-28 19:47 -------- d--h--w- c:\programdata\Common Files
2012-02-28 19:43 . 2012-02-28 19:43 -------- d-----w- c:\program files\AVG
2012-02-28 19:36 . 2012-02-29 18:43 -------- d-----w- c:\programdata\MFAData
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live Writer
2012-02-27 16:49 . 2012-02-27 16:49 -------- d-----w- c:\users\Ed\AppData\Roaming\Windows Live Writer
2012-02-27 16:43 . 2012-02-27 16:46 -------- d-----w- c:\program files\Windows Live
2012-02-27 16:38 . 2012-02-28 10:23 -------- d-----w- c:\users\Ed\AppData\Local\Windows Live
2012-02-27 16:38 . 2012-02-27 16:38 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-26 15:30 . 2012-02-26 15:38 -------- d-----w- C:\Jan
2012-02-26 13:51 . 2012-02-26 13:51 -------- d-----w- c:\program files\MSXML 4.0
2012-02-24 23:01 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia Suite
2012-02-24 22:50 . 2012-02-24 23:01 -------- d-----w- c:\users\Ed\AppData\Roaming\Nokia
2012-02-24 22:50 . 2012-02-24 22:52 -------- d-----w- c:\users\Ed\AppData\Local\Nokia
2012-02-24 22:49 . 2012-02-24 22:57 -------- d-----w- c:\programdata\PC Suite
2012-02-24 22:49 . 2012-02-24 22:59 -------- d-----w- c:\users\Ed\AppData\Roaming\PC Suite
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\program files\Common Files\Nokia
2012-02-24 22:49 . 2012-02-24 22:49 -------- d-----w- c:\programdata\Nokia
2012-02-24 22:48 . 2012-02-24 22:48 -------- d-----w- c:\program files\DIFX
2012-02-24 22:48 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-24 22:47 . 2012-02-24 22:47 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-24 22:47 . 2011-11-01 10:07 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-24 22:46 . 2012-02-24 22:49 -------- d-----w- c:\program files\Nokia
2012-02-24 22:17 . 2012-02-24 22:17 -------- d-----w- c:\users\Ed\AppData\Roaming\Blackberry Desktop
2012-02-24 22:05 . 2012-02-24 22:05 -------- d-----w- c:\users\Ed\AppData\Local\Research In Motion
2012-02-24 22:05 . 2012-02-24 22:11 -------- d-----w- c:\users\Ed\AppData\Roaming\Research In Motion
2012-02-24 22:04 . 2011-07-20 15:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\programdata\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-02-24 22:03 . 2012-02-24 22:03 -------- d-----w- c:\program files\Research In Motion
2012-02-24 17:20 . 2012-02-24 17:20 -------- d-----w- c:\windows\system32\aliedit
2012-02-24 17:20 . 2012-02-27 13:17 -------- d-----w- c:\program files\Trademanager
2012-02-24 17:17 . 2012-02-24 17:17 -------- d-----w- c:\users\Ed\AppData\Local\Alibaba
2012-02-18 11:19 . 2012-02-18 11:19 -------- d-----w- c:\users\Ed\AppData\Roaming\Scooter Software
2012-02-18 11:18 . 2012-02-18 11:19 -------- d-----w- c:\program files\Beyond Compare 3
2012-02-18 03:10 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C968969D-D305-4E77-A2BE-728079485787}\mpengine.dll
2012-02-17 17:57 . 2012-02-17 17:57 -------- d-----w- c:\program files\IMAPSize
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\users\Ed\AppData\Roaming\Helios
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe
2012-02-17 17:09 . 2012-02-17 17:09 49152 ----a-r- c:\users\Ed\AppData\Roaming\Microsoft\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\ARPPRODUCTICON.exe
2012-02-17 17:09 . 2012-02-17 17:09 -------- d-----w- c:\program files\TextPad 5
2012-02-15 17:24 . 2009-06-22 18:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-02-15 17:21 . 2012-02-15 17:21 -------- d-----w- c:\users\Ed\AppData\Local\ElevatedDiagnostics
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-15 17:02 . 2012-02-15 17:02 -------- d-----w- c:\program files\HP
2012-02-15 15:18 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:16 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 00:52 . 2012-02-14 00:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-07 08:06 . 2012-02-07 08:07 -------- d-----w- c:\users\Jan
2012-02-04 12:59 . 2012-02-04 12:59 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-02-04 12:59 . 2012-02-04 12:59 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-02-04 12:59 . 2012-02-04 12:59 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-02-04 12:59 . 2012-02-04 12:59 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Common Files\Acronis
2012-02-04 12:58 . 2012-02-04 12:58 -------- d-----w- c:\program files\Acronis
2012-02-01 22:42 . 2012-02-01 22:42 -------- d-----w- c:\users\Ed\AppData\Roaming\River Past G2
2012-02-01 21:25 . 2012-02-01 21:25 -------- d-----w- c:\program files\7-Zip
2012-02-01 20:13 . 2012-02-01 20:13 -------- d-----w- c:\windows\Sun
2012-01-31 21:54 . 2012-01-31 21:54 -------- d-----w- c:\users\Ed\AppData\Local\Adobe
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\users\Ed\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
2012-01-31 21:53 . 2012-01-31 21:53 -------- d-----w- c:\program files\MrSmooth
2012-01-31 21:53 . 2012-02-01 22:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-31 21:52 . 2012-01-31 21:52 -------- d-----w- c:\program files\Mr Smooth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 16:44 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 19:51 . 2012-01-15 19:35 286720 ------w- c:\windows\Setup1.exe
2012-02-17 19:50 . 2012-01-15 19:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-28 19:37 . 2012-01-28 19:37 47360 ----a-w- c:\users\Ed\AppData\Roaming\pcouffin.sys
2012-01-27 00:21 . 2012-01-06 21:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 22:58 . 2012-01-07 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-08 13:27 . 2012-01-08 13:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-07 17:23 . 2012-01-07 17:23 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-07 15:11 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 12:50 . 2012-01-07 12:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-07 12:50 . 2012-01-07 12:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-07 12:50 . 2012-01-07 12:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-07 12:50 . 2012-01-07 12:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-07 12:50 . 2012-01-07 12:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-07 12:50 . 2012-01-07 12:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-07 12:50 . 2012-01-07 12:50 367104 ----a-w- c:\windows\system32\html.iec
2012-01-07 12:50 . 2012-01-07 12:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-07 12:50 . 2012-01-07 12:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-07 12:50 . 2012-01-07 12:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-07 12:50 . 2012-01-07 12:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-07 12:50 . 2012-01-07 12:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-07 12:50 . 2012-01-07 12:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-07 12:50 . 2012-01-07 12:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-07 12:50 . 2012-01-07 12:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-07 12:50 . 2012-01-07 12:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\UC.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\RAR.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\LHA.PIF
2012-01-06 08:00 . 2012-01-07 18:37 545 ----a-w- c:\windows\ARJ.PIF
2011-12-29 18:00 . 2012-01-22 20:26 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-21 18:14 . 2012-01-22 20:26 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-19 14:12 . 2011-12-19 14:12 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 14:11 . 2012-01-07 19:11 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 14:11 . 2012-01-07 19:11 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 14:11 . 2011-12-19 14:11 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-19 14:11 . 2011-12-19 14:11 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-21 07:47 . 2012-01-07 10:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\DRIVERS\umpusbvista.sys [2009-10-20 47104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1343400]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 91440]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Realtek11nCU;Realtek11nCU;c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-28 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 728064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 116016]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
ibmsmbus
dpti2o
PEVSystemStart
avgtdi
hpdskflt
z800mdfl
s117obex
WmVirHid
Si3132
HSFHWALI
W8100PCI
X10UIF
bcm4sbxp
wdm_au8820
SymIM
dbmanagerscheduler
PciBus
uphclean
npfmntor
rslinx
thotkey
nHancer
mlkkbdntdriver
bwsvc
SE27mdm
epstnt01
mssql$soshome22
se59mgmt
roxwatch9
aswrdr
PGPsdkDriver
hpqddsvc
dlcf_device
sis162u
mxssvr
coste
pctfw1
vetefile
cdr4_2k
enxpsvc
transactional
NWSNS
atmarpc
NeroMediaHomeService.4
VAIOMediaPlatform-VideoServer-UPnP
DSDrv4
adobeversioncue
cm102u32
MSICPL
vzupsvc
fsma
AtiHdmiService
SE2Bmdfl
cdvp
licenseservice
se26nd5
mcafeeframework
VCAM
pdlndldl
vet-filt
hsfhwbs2
SaiMini
roxupnpserver
NsTrcNT
umpusbxp
tvichw32
inotask
Eplpdx02
w800mdfl
ooclevercacheagent
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 01:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7uoiu9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:96,ce,0e,42,83,f6,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2012-03-01 17:47:30
ComboFix-quarantined-files.txt 2012-03-01 17:47
ComboFix2.txt 2012-02-29 23:13
ComboFix3.txt 2012-02-29 22:15
ComboFix4.txt 2012-02-29 21:05
.
Pre-Run: 67,854,839,808 bytes free
Post-Run: 67,807,391,744 bytes free
.
- - End Of File - - F516BD16E25E20B18E55FFEBFADA98E5
 
Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

  • Click OK at the warning.
  • Click the Script tab and copy/paste the following text there:
Code: 
DeleteFile: 
"c:\windows\system32\W2ww4sH.com__"
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post the report created by Blitzblank.
    You can find it in the root of the drive, normally C:\
 
BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\w2ww4sh.com__", destinationFile = "(null)", replaceWithDummy = 0
 
How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 01/03/2012 18:45:31 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ed\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 58.64% Memory free
5.49 Gb Paging File | 4.31 Gb Available in Paging File | 78.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 114.40 Gb Total Space | 63.19 Gb Free Space | 55.24% Space Free | Partition Type: NTFS

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 18:28:44 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/10 18:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/01/04 13:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/06/24 04:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/27 18:33:18 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:11:48 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/10/30 20:07:40 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/10/30 20:06:42 | 002,595,616 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/10 18:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/01/10 18:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/01/10 18:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012/01/10 18:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 18:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/01/10 18:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/01/10 18:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 18:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 18:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 18:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 18:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 18:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 18:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 18:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 18:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 18:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 18:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 18:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 18:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/01/10 18:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/01/10 18:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/01/10 18:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 18:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 18:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 18:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 16:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/10/29 19:53:32 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (z800mdfl)
SRV - File not found [Auto | Stopped] -- -- (X10UIF)
SRV - File not found [Auto | Stopped] -- -- (WmVirHid)
SRV - File not found [Auto | Stopped] -- -- (wdm_au8820)
SRV - File not found [Auto | Stopped] -- -- (W8100PCI)
SRV - File not found [Auto | Stopped] -- -- (w800mdfl)
SRV - File not found [Auto | Stopped] -- -- (vzupsvc)
SRV - File not found [Auto | Stopped] -- -- (vet-filt)
SRV - File not found [Auto | Stopped] -- -- (vetefile)
SRV - File not found [Auto | Stopped] -- -- (VCAM)
SRV - File not found [Auto | Stopped] -- -- (VAIOMediaPlatform-VideoServer-UPnP)
SRV - File not found [Auto | Stopped] -- -- (uphclean)
SRV - File not found [Auto | Stopped] -- -- (umpusbxp)
SRV - File not found [Auto | Stopped] -- -- (tvichw32)
SRV - File not found [Auto | Stopped] -- -- (transactional)
SRV - File not found [Auto | Stopped] -- -- (thotkey)
SRV - File not found [Auto | Stopped] -- -- (SymIM)
SRV - File not found [Auto | Stopped] -- -- (sis162u)
SRV - File not found [Auto | Stopped] -- -- (Si3132)
SRV - File not found [Auto | Stopped] -- -- (se59mgmt)
SRV - File not found [Auto | Stopped] -- -- (SE2Bmdfl)
SRV - File not found [Auto | Stopped] -- -- (SE27mdm)
SRV - File not found [Auto | Stopped] -- -- (se26nd5)
SRV - File not found [Auto | Stopped] -- -- (SaiMini)
SRV - File not found [Auto | Stopped] -- -- (s117obex)
SRV - File not found [Auto | Stopped] -- -- (rslinx)
SRV - File not found [Auto | Stopped] -- -- (roxwatch9)
SRV - File not found [Auto | Stopped] -- -- (roxupnpserver)
SRV - File not found [Auto | Stopped] -- -- (PGPsdkDriver)
SRV - File not found [Auto | Stopped] -- -- (pdlndldl)
SRV - File not found [Auto | Stopped] -- -- (pctfw1)
SRV - File not found [Auto | Stopped] -- -- (PciBus)
SRV - File not found [Auto | Stopped] -- -- (ooclevercacheagent)
SRV - File not found [Auto | Stopped] -- -- (NWSNS)
SRV - File not found [Auto | Stopped] -- -- (NsTrcNT)
SRV - File not found [Auto | Stopped] -- -- (npfmntor)
SRV - File not found [Auto | Stopped] -- -- (nHancer)
SRV - File not found [Auto | Stopped] -- -- (NeroMediaHomeService.4)
SRV - File not found [Auto | Stopped] -- -- (mssql$soshome22)
SRV - File not found [Auto | Stopped] -- -- (MSICPL)
SRV - File not found [Auto | Stopped] -- -- (mlkkbdntdriver)
SRV - File not found [Auto | Stopped] -- -- (mcafeeframework)
SRV - File not found [Auto | Stopped] -- -- (licenseservice)
SRV - File not found [Auto | Stopped] -- -- (inotask)
SRV - File not found [Auto | Stopped] -- -- (ibmsmbus)
SRV - File not found [Auto | Stopped] -- -- (hsfhwbs2)
SRV - File not found [Auto | Stopped] -- -- (HSFHWALI)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [Auto | Stopped] -- -- (hpdskflt)
SRV - File not found [Auto | Stopped] -- -- (fsma)
SRV - File not found [Auto | Stopped] -- -- (epstnt01)
SRV - File not found [Auto | Stopped] -- -- (Eplpdx02)
SRV - File not found [Auto | Stopped] -- -- (enxpsvc)
SRV - File not found [Auto | Stopped] -- -- (DSDrv4)
SRV - File not found [Auto | Stopped] -- -- (dpti2o)
SRV - File not found [Auto | Stopped] -- -- (dlcf_device)
SRV - File not found [Auto | Stopped] -- -- (dbmanagerscheduler)
SRV - File not found [Auto | Stopped] -- -- (cm102u32)
SRV - File not found [Auto | Stopped] -- -- (cdvp)
SRV - File not found [Auto | Stopped] -- -- (cdr4_2k)
SRV - File not found [Auto | Stopped] -- -- (bwsvc)
SRV - File not found [Auto | Stopped] -- -- (bcm4sbxp)
SRV - File not found [Auto | Stopped] -- -- (avgtdi)
SRV - File not found [Auto | Stopped] -- -- (atmarpc)
SRV - File not found [Auto | Stopped] -- -- (AtiHdmiService)
SRV - File not found [Auto | Stopped] -- -- (aswrdr)
SRV - File not found [Auto | Stopped] -- -- (adobeversioncue)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/07 12:21:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\AtlsAud.dll -- (mxssvr)
SRV - [2009/07/14 01:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\cltnetcnservice.dll -- (coste)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2012/02/04 12:59:55 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2012/02/04 12:59:55 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012/02/04 12:59:19 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2012/02/04 12:59:01 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2012/01/07 17:23:59 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/12/19 14:12:00 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/12/19 14:11:58 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/12/19 14:11:58 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/12/19 14:11:58 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/02/11 01:35:44 | 000,728,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 08:42:32 | 000,078,336 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/10/20 20:23:24 | 000,047,104 | ---- | M] (Texas Instruments Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpusbvista.sys -- (umpusbvista)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-772813580-1867907093-3800966155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-772813580-1867907093-3800966155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 34 32 F3 59 F5 CC 01 [binary data]
IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-772813580-1867907093-3800966155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-772813580-1867907093-3800966155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/24 22:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 10:52:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 17:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/07 17:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/01/07 10:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions
[2012/02/15 17:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7uoiu9s.default\extensions
[2012/02/15 17:00:14 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\x7uoiu9s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/08 13:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/08 13:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7UOIU9S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7UOIU9S.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI
[2011/12/21 07:47:04 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/29 13:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwangwang.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/29 22:10:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-772813580-1867907093-3800966155-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-772813580-1867907093-3800966155-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-772813580-1867907093-3800966155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C6F387-FCEA-420A-86F4-973DBEC97120}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{238FBD14-0FEC-4186-932C-E1225B93772E}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ibmsmbus - File not found
NetSvcs: dpti2o - File not found
NetSvcs: PEVSystemStart - File not found
NetSvcs: avgtdi - File not found
NetSvcs: hpdskflt - File not found
NetSvcs: z800mdfl - File not found
NetSvcs: s117obex - File not found
NetSvcs: WmVirHid - File not found
NetSvcs: Si3132 - File not found
NetSvcs: HSFHWALI - File not found
NetSvcs: W8100PCI - File not found
NetSvcs: X10UIF - File not found
NetSvcs: bcm4sbxp - File not found
NetSvcs: wdm_au8820 - File not found
NetSvcs: SymIM - File not found
NetSvcs: dbmanagerscheduler - File not found
NetSvcs: PciBus - File not found
NetSvcs: uphclean - File not found
NetSvcs: npfmntor - File not found
NetSvcs: rslinx - File not found
NetSvcs: thotkey - File not found
NetSvcs: nHancer - File not found
NetSvcs: mlkkbdntdriver - File not found
NetSvcs: bwsvc - File not found
NetSvcs: SE27mdm - File not found
NetSvcs: epstnt01 - File not found
NetSvcs: mssql$soshome22 - File not found
NetSvcs: se59mgmt - File not found
NetSvcs: roxwatch9 - File not found
NetSvcs: aswrdr - File not found
NetSvcs: PGPsdkDriver - File not found
NetSvcs: hpqddsvc - File not found
NetSvcs: dlcf_device - File not found
NetSvcs: sis162u - File not found
NetSvcs: mxssvr - C:\Windows\System32\AtlsAud.dll (Oak Technology Inc.)
NetSvcs: coste - C:\Windows\System32\cltnetcnservice.dll (Oak Technology Inc.)
NetSvcs: pctfw1 - File not found
NetSvcs: vetefile - File not found
NetSvcs: cdr4_2k - File not found
NetSvcs: enxpsvc - File not found
NetSvcs: transactional - File not found
NetSvcs: NWSNS - File not found
NetSvcs: atmarpc - File not found
NetSvcs: NeroMediaHomeService.4 - File not found
NetSvcs: VAIOMediaPlatform-VideoServer-UPnP - File not found
NetSvcs: DSDrv4 - File not found
NetSvcs: adobeversioncue - File not found
NetSvcs: cm102u32 - File not found
NetSvcs: MSICPL - File not found
NetSvcs: vzupsvc - File not found
NetSvcs: fsma - File not found
NetSvcs: AtiHdmiService - File not found
NetSvcs: SE2Bmdfl - File not found
NetSvcs: cdvp - File not found
NetSvcs: licenseservice - File not found
NetSvcs: se26nd5 - File not found
NetSvcs: mcafeeframework - File not found
NetSvcs: VCAM - File not found
NetSvcs: pdlndldl - File not found
NetSvcs: vet-filt - File not found
NetSvcs: hsfhwbs2 - File not found
NetSvcs: SaiMini - File not found
NetSvcs: roxupnpserver - File not found
NetSvcs: NsTrcNT - File not found
NetSvcs: umpusbxp - File not found
NetSvcs: tvichw32 - File not found
NetSvcs: inotask - File not found
NetSvcs: Eplpdx02 - File not found
NetSvcs: w800mdfl - File not found
NetSvcs: ooclevercacheagent - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 18:28:43 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2012/03/01 18:17:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/01 17:46:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/01 17:30:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/01 17:30:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/29 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\temp
[2012/02/29 19:39:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/29 19:39:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/29 19:38:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/29 18:45:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 18:34:17 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Ed\Desktop\ComboFix.exe
[2012/02/29 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\RK_Quarantine
[2012/02/29 11:02:24 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Malwarebytes
[2012/02/29 11:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/29 11:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/29 11:02:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/29 11:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/28 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReliefJet Essentials
[2012/02/28 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\ReliefJet Essentials
[2012/02/28 20:01:22 | 000,581,632 | ---- | C] (Joshua F. Madison) -- C:\Users\Ed\Desktop\CONVERT.EXE
[2012/02/28 19:47:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/28 19:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/28 19:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/28 19:34:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/28 18:07:01 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\email
[2012/02/28 10:23:19 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{928C28D1-CF31-40B0-80C6-40ED46AAD963}
[2012/02/28 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{59D9C12F-AE5C-45A0-B534-62DAC15E1F5E}
[2012/02/27 16:49:36 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{306C849C-CB13-48A1-863E-C353BF9A5A5C}
[2012/02/27 16:49:24 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{1EEB30EC-52DA-4E18-A50C-AF2326DB4178}
[2012/02/27 16:49:12 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Windows Live Writer
[2012/02/27 16:49:12 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Windows Live Writer
[2012/02/27 16:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/02/27 16:38:08 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Windows Live
[2012/02/27 16:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/02/26 15:30:20 | 000,000,000 | ---D | C] -- C:\Jan
[2012/02/26 13:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/02/24 23:01:36 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Nokia Suite
[2012/02/24 22:59:00 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\NokiaAccount
[2012/02/24 22:50:02 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Nokia
[2012/02/24 22:50:02 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Nokia
[2012/02/24 22:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/02/24 22:49:55 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\PC Suite
[2012/02/24 22:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012/02/24 22:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012/02/24 22:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/02/24 22:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/02/24 22:48:01 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/02/24 22:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/02/24 22:47:20 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2012/02/24 22:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012/02/24 22:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2012/02/24 22:17:10 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Blackberry Desktop
[2012/02/24 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\BlackBerry
[2012/02/24 22:05:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Research In Motion
[2012/02/24 22:05:46 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Research In Motion
[2012/02/24 22:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/02/24 22:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/02/24 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2012/02/24 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2012/02/24 17:20:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/02/24 17:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/02/24 17:17:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Alibaba
[2012/02/18 11:19:03 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Scooter Software
[2012/02/18 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
[2012/02/18 11:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
[2012/02/17 18:41:55 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\Outlook Files
[2012/02/17 18:05:07 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\thunderbird emails for import
[2012/02/17 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMAPSize
[2012/02/17 17:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMAPSize
[2012/02/17 17:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\IMAPSize
[2012/02/17 17:09:45 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Helios
[2012/02/17 17:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\TextPad 5
[2012/02/15 17:21:11 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\ElevatedDiagnostics
[2012/02/15 17:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/02/15 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/12 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\Building Regulations
[2012/02/12 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\MS Project
[2012/02/04 13:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012/02/04 12:58:52 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/02/04 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/02/04 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/02/01 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\River Past G2
[2012/02/01 21:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/02/01 21:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/02/01 20:13:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/31 21:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/31 21:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Adobe
[2012/01/31 21:53:37 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/01/31 21:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\MrSmooth
[2012/01/31 21:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr Smooth
[2012/01/31 21:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/01/31 21:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/31 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mr Smooth
[2012/01/28 19:37:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ed\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========

[2012/03/01 18:28:44 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2012/03/01 18:20:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 18:18:17 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 18:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 18:17:52 | 2212,306,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 18:16:37 | 000,010,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 18:16:36 | 000,010,320 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 22:10:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/29 21:38:24 | 000,015,535 | ---- | M] () -- C:\Users\Ed\Desktop\34119_WMT0920_IMG_01_0000.JPG
[2012/02/29 18:35:04 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Ed\Desktop\ComboFix.exe
[2012/02/29 18:16:18 | 000,000,512 | ---- | M] () -- C:\Users\Ed\Desktop\MBR.dat
[2012/02/29 12:32:14 | 000,302,592 | ---- | M] () -- C:\Users\Ed\Desktop\p5vthjdp.exe
[2012/02/29 11:02:12 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 07:45:22 | 281,060,764 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 07:43:38 | 000,000,112 | ---- | M] () -- C:\ProgramData\aSShX6D.dat
[2012/02/29 00:13:21 | 000,709,350 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/02/29 00:13:21 | 000,704,028 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/02/29 00:13:21 | 000,658,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/02/29 00:13:21 | 000,638,064 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012/02/29 00:13:21 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/29 00:13:21 | 000,463,506 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2012/02/29 00:13:21 | 000,448,308 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2012/02/29 00:13:21 | 000,414,656 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2012/02/29 00:13:21 | 000,392,790 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2012/02/29 00:13:21 | 000,376,688 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2012/02/29 00:13:21 | 000,134,804 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/02/29 00:13:21 | 000,134,204 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/02/29 00:13:21 | 000,131,808 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/02/29 00:13:21 | 000,126,452 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012/02/29 00:13:21 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/29 00:13:21 | 000,109,340 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2012/02/29 00:13:21 | 000,108,912 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2012/02/29 00:13:21 | 000,103,998 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2012/02/29 00:13:21 | 000,086,812 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2012/02/29 00:13:21 | 000,081,760 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2012/02/27 14:31:59 | 000,006,907 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\Comma Separated Values (Windows).EML
[2012/02/27 14:07:26 | 000,000,948 | ---- | M] () -- C:\Windows\Active Setup Log.BAK
[2012/02/24 22:57:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/24 22:57:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/24 22:49:07 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/02/24 22:12:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2012/02/24 22:04:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2012/02/24 22:03:38 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/02/18 11:18:57 | 000,000,953 | ---- | M] () -- C:\Users\Ed\Desktop\Beyond Compare 3.lnk
[2012/02/17 18:42:01 | 000,001,101 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/17 17:57:04 | 000,000,913 | ---- | M] () -- C:\Users\Ed\Desktop\IMAPSize.lnk
[2012/02/17 10:58:27 | 000,024,099 | ---- | M] () -- C:\Users\Ed\Desktop\Public-Swimming-Pool-Timetable-November-2011.pdf
[2012/02/17 10:55:39 | 003,465,897 | ---- | M] () -- C:\Users\Ed\Desktop\flcpooltimetablejanuary2012.pdf
[2012/02/15 16:47:29 | 000,408,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 13:36:49 | 000,227,764 | ---- | M] () -- C:\enters sink waste here.jpg
[2012/02/14 13:36:19 | 000,218,793 | ---- | M] () -- C:\spaghetti.jpg
[2012/02/14 13:35:43 | 000,225,357 | ---- | M] () -- C:\drains enter here.jpg
[2012/02/14 13:27:46 | 002,346,306 | ---- | M] () -- C:\CIMG5848.JPG
[2012/02/14 13:27:42 | 002,288,281 | ---- | M] () -- C:\CIMG5847.JPG
[2012/02/14 13:27:24 | 002,312,729 | ---- | M] () -- C:\CIMG5846.JPG
[2012/02/04 12:58:59 | 000,001,129 | ---- | M] () -- C:\Users\Ed\Desktop\Acronis True Image Home 11.0.lnk
[2012/02/02 21:31:32 | 000,000,073 | ---- | M] () -- C:\Windows\cdplayer.ini
[2012/02/02 21:31:17 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2012/01/31 22:32:32 | 000,002,056 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/01/31 21:53:25 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\MrSmooth.lnk

========== Files Created - No Company Name ==========

[2012/02/29 21:38:21 | 000,015,535 | ---- | C] () -- C:\Users\Ed\Desktop\34119_WMT0920_IMG_01_0000.JPG
[2012/02/29 19:39:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/29 19:39:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/29 19:39:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/29 19:39:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/29 19:39:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/29 18:16:18 | 000,000,512 | ---- | C] () -- C:\Users\Ed\Desktop\MBR.dat
[2012/02/29 12:32:04 | 000,302,592 | ---- | C] () -- C:\Users\Ed\Desktop\p5vthjdp.exe
[2012/02/29 11:02:12 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 01:02:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\aSShX6D.dat
[2012/02/27 16:45:45 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/02/27 14:31:59 | 000,006,907 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\Comma Separated Values (Windows).EML
[2012/02/27 14:07:15 | 000,000,948 | ---- | C] () -- C:\Windows\Active Setup Log.BAK
[2012/02/24 22:57:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/02/24 22:57:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/02/24 22:49:05 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/02/24 22:12:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2012/02/24 22:04:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2012/02/24 22:03:38 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/02/18 11:18:57 | 000,000,953 | ---- | C] () -- C:\Users\Ed\Desktop\Beyond Compare 3.lnk
[2012/02/17 18:42:01 | 000,001,101 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/17 17:57:04 | 000,000,913 | ---- | C] () -- C:\Users\Ed\Desktop\IMAPSize.lnk
[2012/02/17 17:09:12 | 000,000,957 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
[2012/02/17 10:58:59 | 000,024,099 | ---- | C] () -- C:\Users\Ed\Desktop\Public-Swimming-Pool-Timetable-November-2011.pdf
[2012/02/17 10:57:12 | 003,465,897 | ---- | C] () -- C:\Users\Ed\Desktop\flcpooltimetablejanuary2012.pdf
[2012/02/14 13:36:48 | 000,227,764 | ---- | C] () -- C:\enters sink waste here.jpg
[2012/02/14 13:36:19 | 000,218,793 | ---- | C] () -- C:\spaghetti.jpg
[2012/02/14 13:35:43 | 000,225,357 | ---- | C] () -- C:\drains enter here.jpg
[2012/02/14 13:32:35 | 002,346,306 | ---- | C] () -- C:\CIMG5848.JPG
[2012/02/14 13:32:35 | 002,312,729 | ---- | C] () -- C:\CIMG5846.JPG
[2012/02/14 13:32:35 | 002,288,281 | ---- | C] () -- C:\CIMG5847.JPG
[2012/02/04 12:58:59 | 000,001,129 | ---- | C] () -- C:\Users\Ed\Desktop\Acronis True Image Home 11.0.lnk
[2012/02/01 22:42:56 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/02/01 22:39:45 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/01/31 21:53:25 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\MrSmooth.lnk
[2012/01/28 19:37:18 | 000,007,887 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.cat
[2012/01/28 19:37:18 | 000,001,144 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\pcouffin.inf
[2012/01/24 21:31:31 | 000,003,584 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 20:27:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/22 20:26:56 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/22 20:26:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/22 20:26:55 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/08 16:56:06 | 000,007,600 | ---- | C] () -- C:\Users\Ed\AppData\Local\Resmon.ResmonCfg
[2012/01/07 12:14:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/07 12:12:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/07 12:12:18 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2012/01/07 10:34:13 | 000,448,308 | ---- | C] () -- C:\Windows\System32\perfh00B.dat
[2012/01/07 10:34:13 | 000,279,790 | ---- | C] () -- C:\Windows\System32\perfi00B.dat
[2012/01/07 10:34:13 | 000,086,812 | ---- | C] () -- C:\Windows\System32\perfc00B.dat
[2012/01/07 10:34:13 | 000,038,258 | ---- | C] () -- C:\Windows\System32\perfd00B.dat
[2012/01/07 10:34:12 | 000,463,506 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2012/01/07 10:34:12 | 000,392,790 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2012/01/07 10:34:12 | 000,376,688 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2012/01/07 10:34:12 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2012/01/07 10:34:12 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2012/01/07 10:34:12 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2012/01/07 10:34:12 | 000,103,998 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2012/01/07 10:34:12 | 000,081,760 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2012/01/07 10:34:12 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2012/01/07 10:34:12 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2012/01/07 10:34:12 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2012/01/07 10:34:11 | 000,704,028 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2012/01/07 10:34:11 | 000,658,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/01/07 10:34:11 | 000,638,064 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2012/01/07 10:34:11 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2012/01/07 10:34:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/01/07 10:34:11 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2012/01/07 10:34:11 | 000,134,204 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/01/07 10:34:11 | 000,126,452 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2012/01/07 10:34:11 | 000,108,912 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2012/01/07 10:34:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012/01/07 10:34:11 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2012/01/07 10:34:11 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2012/01/07 10:34:10 | 000,709,350 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2012/01/07 10:34:10 | 000,414,656 | ---- | C] () -- C:\Windows\System32\perfh012.dat
[2012/01/07 10:34:10 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2012/01/07 10:34:10 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat
[2012/01/07 10:34:10 | 000,134,804 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2012/01/07 10:34:10 | 000,131,808 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2012/01/07 10:34:10 | 000,109,340 | ---- | C] () -- C:\Windows\System32\perfc012.dat
[2012/01/07 10:34:10 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2012/01/07 10:34:10 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat
[2012/01/07 10:01:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/06 19:20:36 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2012/02/24 22:17:10 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Blackberry Desktop
[2012/01/08 12:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Foxit Software
[2012/01/19 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Foxreal
[2012/01/07 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\GHISLER
[2012/02/17 17:09:45 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Helios
[2012/01/31 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/02/24 23:01:35 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Nokia
[2012/02/24 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Nokia Suite
[2012/01/29 17:07:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Ousetech
[2012/02/24 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\PC Suite
[2012/02/24 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Research In Motion
[2012/02/01 22:42:55 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\River Past G2
[2012/02/18 11:19:03 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Scooter Software
[2012/01/07 17:41:42 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Thunderbird
[2012/02/07 01:19:54 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\TrueCrypt
[2012/02/28 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\uTorrent
[2012/02/11 12:18:29 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Vso
[2012/02/27 16:49:12 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Windows Live Writer
[2012/02/27 13:20:46 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Xilisoft
[2012/01/24 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Youtube Downloader HD
[2009/07/14 04:53:46 | 000,026,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/03/01 18:17:21 | 000,000,404 | ---- | M] () -- C:\blitzblank.log
[2012/02/14 13:27:24 | 002,312,729 | ---- | M] () -- C:\CIMG5846.JPG
[2012/02/14 13:27:42 | 002,288,281 | ---- | M] () -- C:\CIMG5847.JPG
[2012/02/14 13:27:46 | 002,346,306 | ---- | M] () -- C:\CIMG5848.JPG
[2012/03/01 17:47:31 | 000,019,585 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/14 13:35:43 | 000,225,357 | ---- | M] () -- C:\drains enter here.jpg
[2012/02/14 13:36:49 | 000,227,764 | ---- | M] () -- C:\enters sink waste here.jpg
[2012/03/01 18:17:52 | 2212,306,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 18:17:51 | 2949,742,592 | -HS- | M] () -- C:\pagefile.sys
[2012/02/14 13:36:19 | 000,218,793 | ---- | M] () -- C:\spaghetti.jpg

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/06/22 18:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 12:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/07 15:29:24 | 000,000,221 | -HS- | M] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/29 18:35:04 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Ed\Desktop\ComboFix.exe
[1999/08/17 15:45:32 | 000,581,632 | ---- | M] (Joshua F. Madison) -- C:\Users\Ed\Desktop\CONVERT.EXE
[2012/03/01 18:28:44 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2012/02/29 12:32:14 | 000,302,592 | ---- | M] () -- C:\Users\Ed\Desktop\p5vthjdp.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/01 18:18:17 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 18:20:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 18:17:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/14 04:53:46 | 000,026,404 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/01/07 15:27:52 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/01/07 15:27:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/01/07 15:27:51 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/01/07 15:27:52 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/01/07 15:27:51 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2012/01/07 15:27:52 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/07 15:29:22 | 000,000,402 | -HS- | M] () -- C:\Users\Ed\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/02 21:31:17 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7BB5E748

< End of report >
 
OTL Extras logfile created on: 01/03/2012 18:45:31 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Ed\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 58.64% Memory free
5.49 Gb Paging File | 4.31 Gb Available in Paging File | 78.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 114.40 Gb Total Space | 63.19 Gb Free Space | 55.24% Space Free | Partition Type: NTFS

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-772813580-1867907093-3800966155-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2BC12CCD-D362-4385-A974-6FA545FC2BBA}" = TUSB3410
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{611E3800-CE31-4953-8AD4-5657B6EE7ACF}" = Oracle VM VirtualBox 4.1.8
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A344FC3A-9422-4676-A1A6-43D1F9840A5C}" = ReliefJet Essentials for Outlook
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF81A6CC-F27F-2E0C-8B9A-5F6DA8687E0E}" = MrSmooth
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B405BC85-533C-4D65-A1BC-19294266C9D6}" = Foxit PhantomPDF
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5Spice Analysis_is1" = 5Spice Analysis 1.65
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"File Shredder_is1" = File Shredder 2.0
"IMAPSize_is1" = IMAPSize 0.3.7
"InstallShield_{2BC12CCD-D362-4385-A974-6FA545FC2BBA}" = Texas Instruments TUSB3410 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"Mozilla Thunderbird 10.0.2 (x86 en-GB)" = Mozilla Thunderbird 10.0.2 (x86 en-GB)
"Mr Smooth_is1" = Mr Smooth v1.0
"Nokia Suite" = Nokia Suite
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Polipo" = Polipo 1.0.4.1
"ST6UNST #1" = Pool-Mate Pro Vista and Windows 7
"ST6UNST #2" = Pool-Mate Pro Vista and Windows 7 (C:\Program Files\Pool-Mate Pro\)
"Tor" = Tor 0.2.2.35
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.15
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-772813580-1867907093-3800966155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.3.3
"d4f409e375485076" = Pool-Mate Link
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/02/2012 12:45:55 | Computer Name = Ed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00047732 Faulting
process id: 0x324c Faulting application start time: 0x01ccf701992176c7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: d892f972-62f4-11e1-bd6a-6cf0497d448b

Error - 29/02/2012 13:44:49 | Computer Name = Ed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00047732 Faulting
process id: 0x3764 Faulting application start time: 0x01ccf709d49edd46 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 135b1709-62fd-11e1-bd6a-6cf0497d448b

Error - 29/02/2012 14:12:32 | Computer Name = Ed-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>
with error: 12030 (0x2efe).

Error - 29/02/2012 14:12:32 | Computer Name = Ed-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>
with error: 12030 (0x2efe).

Error - 29/02/2012 15:38:46 | Computer Name = Ed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00047732 Faulting
process id: 0x1574 Faulting application start time: 0x01ccf719bbee9cee Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: fe2728b4-630c-11e1-931d-6cf0497d448b

Error - 29/02/2012 19:13:39 | Computer Name = Ed-PC | Source = Application Error | ID = 1000
Description = Faulting application name: handle.3XE, version: 3.42.0.0, time stamp:
0x492312a9 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00072840 Faulting process id:
0x1e70 Faulting application start time: 0x01ccf737be8a4e07 Faulting application path:
C:\ComboFix\handle.3XE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report
Id: 031e6f62-632b-11e1-a9d3-6cf0497d448b

Error - 29/02/2012 20:30:59 | Computer Name = Ed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 29/02/2012 20:31:10 | Computer Name = Ed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 29/02/2012 20:33:40 | Computer Name = Ed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 29/02/2012 20:33:44 | Computer Name = Ed-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The Si3132r5 service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The Wlancig service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The Ltxred service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The 3dkeybd service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The Rdpnp service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The CdaD10BA service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The SenFiltService service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The SrvcEPIOMngr service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The Aw_host service terminated with the following error: %%126

Error - 01/03/2012 14:17:56 | Computer Name = Ed-PC | Source = Service Control Manager | ID = 7023
Description = The Ma_cmidi_installerservice service terminated with the following
error: %%126


< End of report >
 
Good news :)

You can reinstall AVG now.

OTL logs are clean.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-GB..)
Mozilla Thunderbird (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 01-03-2012
Ran by Ed (administrator) on 01-03-2012 at 19:33:53
Running from "C:\Users\Ed\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
C:\Qoobox\Quarantine\C\Windows\System32\W2ww4sH.com.vir a variant of Win32/Kryptik.ABPV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\wemneka.dll.vir Win32/TrojanProxy.Agent.NIK trojan cleaned by deleting - quarantined
C:\Users\Ed\Desktop\RK_Quarantine\setup.exe.vir a variant of Win32/Kryptik.ABSQ trojan cleaned by deleting - quarantined
C:\Users\Ed\Downloads\Reliefjet_essentials_for_serial_keygen_by_FFF.zip a variant of Win32/Kryptik.ABOJ trojan deleted - quarantined
C:\Windows\System32\AtlsAud.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Windows\System32\cltnetcnservice.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\drivers\dfsc.sys a variant of Win32/Rootkit.Kryptik.JV trojan unable to clean
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_89a197c9445dfde9\dfsc.sys a variant of Win32/Rootkit.Kryptik.JV trojan cleaned by deleting (after the next restart) - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back