Win 7 64bit Ultimate, ( retail copy ).

I am not that PC savy.

Last week or so PC behaviour has become very erratic, won't boot, can't always use key board or mouse, Windows keeps asking me to if I wish to start it normaly or in safe mode but I can't select, have to keep rebooting or PC keeps what OS I would like to use, I only use Win 7 or what drive to boot from but can't select, that kind of thing.

Once I get to the desk top if I click on an icon, nothing or all the icons become highlighted and the screen starts flickering and I have to reboot.

This message sometimes crops up if I reboot, "Explorer.EXE playing log off sound". WHAT IS THIS?

Then for a day or so PC behaves normaly, boots OK.

So today I thought I would try to help myself, using add/unistall, I removed MS Net 4, a couple of tool bars, MS C visual basic +2005 or something like that as I don't do any programing and lastly one stubourn entry, an old Lexmark printer programe using regedit.

Made sure my AVs was up to date, spybot, malware and MS SE.

I then deleated all restore points and turned restore off, disconected from the internet, ran the AVs, nothing showing but a media cookie in Malware, deleated that, rebooted, connect to the internet, created restore point.

System has behaved since the above but I'm not sure if my efforts have done the trick.

Here are the logs.

MBAM LOG

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7005

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

02/07/2011 23:07:10
mbam-log-2011-07-02 (23-07-10).txt

Scan type: Quick scan
Objects scanned: 166879
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER LOG

MER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-02 23:51:17
Windows 6.1.7601 Service Pack 1
Running: GMER.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a668b1c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a668b1c@0021febd2014 0x3D 0x05 0xA4 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a668b1c@0026685fef14 0x42 0x13 0x1F 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a668b1c@002566861e09 0x5C 0x04 0x9E 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\000a3a668b1c@0013175a6fe1 0x36 0x09 0xCF 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a668b1c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a668b1c@0021febd2014 0x3D 0x05 0xA4 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a668b1c@0026685fef14 0x42 0x13 0x1F 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a668b1c@002566861e09 0x5C 0x04 0x9E 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\000a3a668b1c@0013175a6fe1 0x36 0x09 0xCF 0x67 ...

---- EOF - GMER 1.0.15 ----

asw MBR.txt

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-02 2325
-----------------------------
2325.419 OS Version: Windows x64 6.1.7601 Service Pack 1
2325.419 Number of processors: 2 586 0x6B02
2325.419 ComputerName: NONE UserName: ABLE
2325.965 Initialize success
2333.283 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
2333.283 Disk 0 Vendor: ST3360320AS 3.AAM Size: 343399MB BusType: 3
2335.326 Disk 0 MBR read successfully
2335.326 Disk 0 MBR scan
2335.342 Disk 0 Windows 7 default MBR code
2335.342 Service scanning
2336.356 Disk 0 trace - called modules:
2336.371 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
2336.371 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045fc060]
2336.387 3 CLASSPNP.SYS[fffff880015c143f] -> nt!IofCallDriver -> [0xfffffa80044a0520]
2336.387 5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044a6060]
2336.403 Scan finished successfully
2354.077 Disk 0 MBR has been saved successfully to "C:\Users\ABLE\Desktop\MBR.dat"
2354.077 The log file has been saved successfully to "C:\Users\ABLE\Desktop\aswMBR.txt"


DDS.txt

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ABLE at 0:09:54 on 2011-07-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3839.2463 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\lotus\wordpro\ltsstart.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\lotus\register\remind32.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [<NO NAME>]
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
StartupFolder: C:\Users\ABLE\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\LOTUSS~1.LNK - C:\lotus\register\remind32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\BLUETO~1.LNK - C:\Program Files (x86)\Belkin\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\LOTUSQ~1.LNK - C:\lotus\wordpro\ltsstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send Image to Photo Library
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-X64: AskBar BHO - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCre atorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-18 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atik mdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atik mpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominipor t.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys --> C:\Windows\system32\DRIVERS\ss_bbus.sys [?]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys --> C:\Windows\system32\DRIVERS\ss_bmdfl.sys [?]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys --> C:\Windows\system32\DRIVERS\ss_bmdm.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TF sExDisk.Sys [2010-10-11 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-02 2102 -------- d-----w- C:\Users\ABLE\AppData\Local\{2233D93D-096E-47A4-874D-13D285A65A5C}
2011-07-02 10:01:30 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93CAE4D8-DC50-4624-9C22-ADEADAA50E98}\mpengine.dll
2011-07-02 09:53:11 -------- d-----w- C:\Users\ABLE\AppData\Local\{36C3196C-7C05-4005-A6C8-3C5E6674ED0B}
2011-07-01 21:44:07 -------- d-----w- C:\Users\ABLE\AppData\Local\{91556284-71B1-413A-9278-47475C267B7D}
2011-06-30 22:26:45 -------- d-----w- C:\Users\ABLE\AppData\Local\{01DDA53B-B59B-41FC-88F0-FB6C316065A5}
2011-06-30 09:19:48 -------- d-----w- C:\Users\ABLE\AppData\Local\{27D4DF02-0A16-4A19-8B56-3F8169BF900C}
2011-06-29 21:19:12 -------- d-----w- C:\Users\ABLE\AppData\Local\{27CC121E-490A-4203-93B2-2C2283E77EAE}
2011-06-29 08:25:27 -------- d-----w- C:\Users\ABLE\AppData\Local\{B03C5AA1-4945-4BA2-95D2-5081B5DB2847}
2011-06-29 01:26:05 -------- d-----w- C:\Users\ABLE\AppData\Local\{A1A8A456-77AE-4067-B199-EAA5D95AC670}
2011-06-29 00:25:33 -------- d-----w- C:\3104b8adcd7f52d12602
2011-06-28 11:34:57 -------- d-----w- C:\Users\ABLE\AppData\Local\{0C08E04C-F527-4E15-8A68-91650C5C75DC}
2011-06-27 13:52:46 -------- d-----w- C:\Users\ABLE\AppData\Local\{FD2C31AE-A642-4D66-A1A5-8D7F2DACE933}
2011-06-27 01:38:15 -------- d-----w- C:\Users\ABLE\AppData\Local\{BF87B460-99A3-4D63-991C-DFBB23C3D809}
2011-06-25 15:42:48 -------- d-----w- C:\Users\ABLE\AppData\Local\{D7D2D854-3295-4D2A-84ED-AD8A1F6E1F39}
2011-06-25 02:19:52 -------- d-----w- C:\Users\ABLE\AppData\Local\{7566E27F-60EC-4D40-84BC-4B7EB0B10908}
2011-06-24 13:57:12 -------- d-----w- C:\Users\ABLE\AppData\Local\{B775554A-150B-4670-A0B3-657A90218A61}
2011-06-23 23:53:42 -------- d-----w- C:\Users\ABLE\AppData\Local\{67D96FF1-73DD-40D8-9D5E-96232FA2DF6C}
2011-06-23 23:50:02 -------- d-----w- C:\Users\ABLE\AppData\Local\{D5C7DE55-AEC1-4014-8618-BDBAEBAC4DFB}
2011-06-23 09:45:07 -------- d-----w- C:\Users\ABLE\AppData\Local\{22D5670D-D53D-4F51-B3BA-24703A9A3E38}
2011-06-23 0311 -------- d-----w- C:\Users\ABLE\AppData\Local\{AAAAB101-5A8F-4B37-BA00-C3545132A67D}
2011-06-23 03:38:59 -------- d-----w- C:\Users\ABLE\AppData\Local\{ADE1F876-919A-452C-9523-A8F8506B47B3}
2011-06-23 01:52:23 -------- d-----w- C:\Users\ABLE\AppData\Local\{334AF640-8E52-44FB-AB35-2B4FD912DA6E}
2011-06-23 01:24:36 -------- d-----w- C:\Users\ABLE\AppData\Local\{B11B0784-6C3F-49D5-B8CD-20A041E79AC1}
2011-06-23 01:17:09 -------- d-----w- C:\Users\ABLE\AppData\Local\{CE38A4A2-A2D8-45D6-BC37-81DF452AD4E7}
2011-06-23 00:18:51 -------- d-----w- C:\Users\ABLE\AppData\Local\{00DCE7B8-D218-4EDC-B852-89CE05F6EA53}
2011-06-22 10:53:36 -------- d-----w- C:\Users\ABLE\AppData\Local\{EFF1871F-74CF-449B-942E-ECEF2AA3FA59}
2011-06-21 21:55:34 -------- d-----w- C:\Users\ABLE\AppData\Local\{D88B3D79-D009-46F7-8D5E-DC756674BA68}
2011-06-21 09:15:19 -------- d-----w- C:\Users\ABLE\AppData\Local\{D8CE5159-D734-4D37-B20E-30AEC1D517C3}
2011-06-20 19:19:39 -------- d-----w- C:\Users\ABLE\AppData\Local\{5FCF0696-56C8-44FC-87E9-B43C7E5C453C}
2011-06-20 06:18:26 -------- d-----w- C:\Users\ABLE\AppData\Local\{C0E40803-F3EF-4BE1-9319-B6D18784367A}
2011-06-19 17:23:52 -------- d-----w- C:\Users\ABLE\AppData\Local\{2C120AA4-201F-4E89-B727-0BC12C8F6297}
2011-06-19 03:07:01 -------- d-----w- C:\Users\ABLE\AppData\Local\{E1426DC5-5D89-4AC0-9EAF-F412AC1CB21C}
2011-06-18 15:06:24 -------- d-----w- C:\Users\ABLE\AppData\Local\{49E1566E-A167-41B8-9178-0229ECB88220}
2011-06-18 01:32:16 -------- d-----w- C:\Users\ABLE\AppData\Local\{84B107F8-F91C-4C0A-8318-687D285ABBF0}
2011-06-17 13:25:04 -------- d-----w- C:\Users\ABLE\AppData\Local\{2DDA0272-7407-449A-A1F1-6833B38930F4}
2011-06-17 01:24:27 -------- d-----w- C:\Users\ABLE\AppData\Local\{BCDACA46-CECF-4459-86B7-D6C09E5A3410}
2011-06-16 12:36:55 -------- d-----w- C:\Users\ABLE\AppData\Local\{7A731C2A-5900-417F-942F-6E8BE8D44081}
2011-06-16 12:06:37 -------- d-----w- C:\Users\ABLE\AppData\Local\{5F606411-3227-42C6-BD68-103E5232880A}
2011-06-16 00:04:49 -------- d-----w- C:\Users\ABLE\AppData\Local\{610C2E9C-F319-48A3-8009-EC70C0486870}
2011-06-15 11:14:36 -------- d-----w- C:\Users\ABLE\AppData\Local\{04E9A8BC-88E8-4179-B19D-2A52E70FAAB9}
2011-06-14 23:14:00 -------- d-----w- C:\Users\ABLE\AppData\Local\{88657E78-8661-431F-A06D-76DA8DD3ED8E}
2011-06-14 11:11:39 -------- d-----w- C:\Users\ABLE\AppData\Local\{7260ED3F-4A7E-4281-9D42-96BC4D00F002}
2011-06-13 20:43:31 -------- d-----w- C:\Users\ABLE\AppData\Local\{8F1AC791-72B3-4B98-828A-11F4BC59A7B2}
2011-06-13 08:42:56 -------- d-----w- C:\Users\ABLE\AppData\Local\{017602F4-1F8F-4641-A563-85F9F0E19A0E}
2011-06-12 14:17:37 -------- d-----w- C:\Users\ABLE\AppData\Local\{FF73AA49-C6AB-483D-A9CF-1CE09CC77CAB}
2011-06-11 13:17:41 -------- d-----w- C:\Users\ABLE\AppData\Local\{69E460A6-A475-41BD-B6A2-D24046138218}
2011-06-10 18:42:35 -------- d-----w- C:\Users\ABLE\AppData\Local\{50F9A3AC-F30C-48F8-97EA-986E3CCF3058}
2011-06-10 02:01:41 -------- d-----w- C:\Users\ABLE\AppData\Local\{F63E1322-D838-4B9B-B27F-290E2C98ACC2}
2011-06-09 13:46:04 -------- d-----w- C:\Users\ABLE\AppData\Local\{FF2137B2-B763-4EA8-84C2-60ACA537A65E}
2011-06-09 0016 -------- d-----w- C:\Users\ABLE\AppData\Local\{8734475B-1672-4AFC-957B-EC469B4944D5}
2011-06-08 11:38:29 -------- d-----w- C:\Users\ABLE\AppData\Local\{1CC3D691-CCBF-41B0-BF58-BBDC1CA827CE}
2011-06-08 11:32:22 -------- d-----w- C:\Users\ABLE\AppData\Local\{B2312C1E-3B85-4C04-8EC5-F94630511224}
2011-06-07 23:23:52 -------- d-----w- C:\Users\ABLE\AppData\Local\{D15BC4DB-FF8B-4C0C-9E3E-AB2A00509CCC}
2011-06-07 11:35:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 11:23:17 -------- d-----w- C:\Users\ABLE\AppData\Local\{CD26B938-C65E-45AC-BB37-CC96278E76EC}
2011-06-06 09:11:51 -------- d-----w- C:\Users\ABLE\AppData\Local\{7B384D63-FEBE-4213-8006-0957382AA410}
2011-06-05 17:04:57 -------- d-----w- C:\Users\ABLE\AppData\Local\{05A884CA-93FE-4AD6-AC23-2ECE65247457}
2011-06-04 15:35:51 -------- d-----w- C:\Users\ABLE\AppData\Local\{351BE0B0-BF79-4167-BFA2-A1BB5C8EBDA3}
2011-06-03 19:42:44 -------- d-----w- C:\Users\ABLE\AppData\Local\{E9DC9610-33AD-4495-8335-D0AE243E4EA4}
2011-06-03 00:49:33 -------- d-----w- C:\Users\ABLE\AppData\Local\{AB9BC0F2-E9FA-4E3B-81C7-A3B684150160}
.
==================== Find3M ====================
.
2011-06-27 20:04:37 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 0538 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 0:10:24.08 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26/02/2010 0236
System Uptime: 02/07/2011 23:11:26 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3A78-EM
Processor: AMD Athlon(tm) Dual Core Processor 5050e | AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 335 GiB total, 247.811 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is FIXED (NTFS) - 15 GiB total, 14.865 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: RHDISK_AMD64
Device ID: ROOT\LEGACY_RHDISK_AMD64\0000
Manufacturer:
Name: RHDISK_AMD64
PNP Device ID: ROOT\LEGACY_RHDISK_AMD64\0000
Service: RHDISK_AMD64
.
==== System Restore Points ===================
.
RP488: 02/07/2011 15:05:46 - System Refresh
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Audacity 1.3.12 (Unicode)
Birdie EML to DOC Converter
BurnAware Free 3.0.6
D3DX10
Digimax A502
Ditto 3.17.0.17
Foxit PDF Editor
Foxit Reader
Foxit Toolbar
Free Mp3 Wma Converter V 1.91
Free YouTube Download version 2.10.36.517
Free YouTube to MP3 Converter version 3.9
HP Photo Idea CD
ieSpell
Junk Mail filter update
Lotus SmartSuite 97
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Search Enhancement Pack
Microsoft Word 2000 SR-1
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
NSS (remove only)
Ovi Desktop Sync Engine
OviMPlatform
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
Samsung New PC Studio
ScanSoft PaperPort 11
Spybot - Search & Destroy
Switch Sound File Converter
TrueCrypt
Uninstall 1.0.0.1
VLC media player 1.1.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip
.
==== Event Viewer Messages From Past Week ========
.
30/06/2011 10:16:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.624.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
30/06/2011 10:16:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.624.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
30/06/2011 10:16:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.624.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
29/06/2011 02:54:07, Error: Ntfs [137] - The default transaction resource manager on volume R: encountered a non-retryable error and could not start. The data contains the error code.
29/06/2011 02:40:12, Error: Ntfs [137] - The default transaction resource manager on volume Y: encountered a non-retryable error and could not start. The data contains the error code.
28/06/2011 12:16:44, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 11:51:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/06/2011 11:51:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28/06/2011 11:51:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
28/06/2011 11:51:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
28/06/2011 11:50:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28/06/2011 11:50:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
28/06/2011 11:50:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt Wanarpv6 WfpLwf
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 11:50:39, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/06/2011 21:13:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.476.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
27/06/2011 21:13:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.476.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
27/06/2011 21:05:47, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
27/06/2011 02:33:17, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
02/07/2011 23:11:44, Error: Service Control Manager [7000] - The RHDISK_AMD64 service failed to start due to the following error: The system cannot find the path specified.
02/07/2011 23:11:44, Error: Service Control Manager [7000] - The Aspi32 service failed to start due to the following error: This driver has been blocked from loading
02/07/2011 23:11:44, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\aspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
02/07/2011 14:50:43, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/07/2011 14:39:37, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ===========

So far, all looks pretty good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 11-07-02.03 - ABLE 03/07/2011 13:39:17.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3839.2664 [GMT 1:00]
Running from: c:\users\ABLE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 12:45 . 2011-07-03 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-03 12:37 . 2011-07-03 12:37 -------- d-----w- C:\32788R22FWJFW
2011-07-03 12:21 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{027D8A3A-02E3-4E78-B763-F1281B95096A}\mpengine.dll
2011-07-03 12:13 . 2011-07-03 12:13 -------- d-----w- c:\users\ABLE\AppData\Local\{E63ED7A3-0DDD-4F18-ABE4-61065A382BEC}
2011-07-03 00:28 . 2011-07-03 00:28 -------- d-----w- c:\program files (x86)\WOT
2011-07-02 21:56 . 2011-07-02 21:56 -------- d-----w- c:\users\ABLE\AppData\Local\{2233D93D-096E-47A4-874D-13D285A65A5C}
2011-07-02 09:53 . 2011-07-02 09:53 -------- d-----w- c:\users\ABLE\AppData\Local\{36C3196C-7C05-4005-A6C8-3C5E6674ED0B}
2011-07-01 21:44 . 2011-07-01 21:44 -------- d-----w- c:\users\ABLE\AppData\Local\{91556284-71B1-413A-9278-47475C267B7D}
2011-06-30 22:26 . 2011-06-30 22:26 -------- d-----w- c:\users\ABLE\AppData\Local\{01DDA53B-B59B-41FC-88F0-FB6C316065A5}
2011-06-30 09:19 . 2011-06-30 09:19 -------- d-----w- c:\users\ABLE\AppData\Local\{27D4DF02-0A16-4A19-8B56-3F8169BF900C}
2011-06-29 21:19 . 2011-06-29 21:19 -------- d-----w- c:\users\ABLE\AppData\Local\{27CC121E-490A-4203-93B2-2C2283E77EAE}
2011-06-29 08:25 . 2011-06-29 08:25 -------- d-----w- c:\users\ABLE\AppData\Local\{B03C5AA1-4945-4BA2-95D2-5081B5DB2847}
2011-06-29 01:26 . 2011-06-29 01:26 -------- d-----w- c:\users\ABLE\AppData\Local\{A1A8A456-77AE-4067-B199-EAA5D95AC670}
2011-06-29 00:25 . 2011-06-29 00:25 -------- d-----w- C:\3104b8adcd7f52d12602
2011-06-28 11:34 . 2011-06-28 11:35 -------- d-----w- c:\users\ABLE\AppData\Local\{0C08E04C-F527-4E15-8A68-91650C5C75DC}
2011-06-27 13:52 . 2011-06-27 13:52 -------- d-----w- c:\users\ABLE\AppData\Local\{FD2C31AE-A642-4D66-A1A5-8D7F2DACE933}
2011-06-27 01:38 . 2011-06-27 01:38 -------- d-----w- c:\users\ABLE\AppData\Local\{BF87B460-99A3-4D63-991C-DFBB23C3D809}
2011-06-25 15:42 . 2011-06-25 15:42 -------- d-----w- c:\users\ABLE\AppData\Local\{D7D2D854-3295-4D2A-84ED-AD8A1F6E1F39}
2011-06-25 02:19 . 2011-06-25 02:20 -------- d-----w- c:\users\ABLE\AppData\Local\{7566E27F-60EC-4D40-84BC-4B7EB0B10908}
2011-06-24 13:57 . 2011-06-24 13:57 -------- d-----w- c:\users\ABLE\AppData\Local\{B775554A-150B-4670-A0B3-657A90218A61}
2011-06-23 23:53 . 2011-06-23 23:53 -------- d-----w- c:\users\ABLE\AppData\Local\{67D96FF1-73DD-40D8-9D5E-96232FA2DF6C}
2011-06-23 23:50 . 2011-06-23 23:50 -------- d-----w- c:\users\ABLE\AppData\Local\{D5C7DE55-AEC1-4014-8618-BDBAEBAC4DFB}
2011-06-23 09:45 . 2011-06-23 09:45 -------- d-----w- c:\users\ABLE\AppData\Local\{22D5670D-D53D-4F51-B3BA-24703A9A3E38}
2011-06-23 03:56 . 2011-06-23 03:56 -------- d-----w- c:\users\ABLE\AppData\Local\{AAAAB101-5A8F-4B37-BA00-C3545132A67D}
2011-06-23 03:38 . 2011-06-23 03:38 -------- d-----w- c:\users\ABLE\AppData\Local\{ADE1F876-919A-452C-9523-A8F8506B47B3}
2011-06-23 01:52 . 2011-06-23 01:52 -------- d-----w- c:\users\ABLE\AppData\Local\{334AF640-8E52-44FB-AB35-2B4FD912DA6E}
2011-06-23 01:24 . 2011-06-23 01:24 -------- d-----w- c:\users\ABLE\AppData\Local\{B11B0784-6C3F-49D5-B8CD-20A041E79AC1}
2011-06-23 01:17 . 2011-06-23 01:17 -------- d-----w- c:\users\ABLE\AppData\Local\{CE38A4A2-A2D8-45D6-BC37-81DF452AD4E7}
2011-06-23 00:18 . 2011-06-23 00:19 -------- d-----w- c:\users\ABLE\AppData\Local\{00DCE7B8-D218-4EDC-B852-89CE05F6EA53}
2011-06-22 10:53 . 2011-06-22 10:53 -------- d-----w- c:\users\ABLE\AppData\Local\{EFF1871F-74CF-449B-942E-ECEF2AA3FA59}
2011-06-21 21:55 . 2011-06-21 21:55 -------- d-----w- c:\users\ABLE\AppData\Local\{D88B3D79-D009-46F7-8D5E-DC756674BA68}
2011-06-21 09:15 . 2011-06-21 09:15 -------- d-----w- c:\users\ABLE\AppData\Local\{D8CE5159-D734-4D37-B20E-30AEC1D517C3}
2011-06-20 19:19 . 2011-06-20 19:19 -------- d-----w- c:\users\ABLE\AppData\Local\{5FCF0696-56C8-44FC-87E9-B43C7E5C453C}
2011-06-20 06:18 . 2011-06-20 06:18 -------- d-----w- c:\users\ABLE\AppData\Local\{C0E40803-F3EF-4BE1-9319-B6D18784367A}
2011-06-19 17:23 . 2011-06-19 17:24 -------- d-----w- c:\users\ABLE\AppData\Local\{2C120AA4-201F-4E89-B727-0BC12C8F6297}
2011-06-19 03:07 . 2011-06-19 03:07 -------- d-----w- c:\users\ABLE\AppData\Local\{E1426DC5-5D89-4AC0-9EAF-F412AC1CB21C}
2011-06-18 15:06 . 2011-06-18 15:06 -------- d-----w- c:\users\ABLE\AppData\Local\{49E1566E-A167-41B8-9178-0229ECB88220}
2011-06-18 01:32 . 2011-06-18 01:32 -------- d-----w- c:\users\ABLE\AppData\Local\{84B107F8-F91C-4C0A-8318-687D285ABBF0}
2011-06-17 13:25 . 2011-06-17 13:25 -------- d-----w- c:\users\ABLE\AppData\Local\{2DDA0272-7407-449A-A1F1-6833B38930F4}
2011-06-17 01:24 . 2011-06-17 01:24 -------- d-----w- c:\users\ABLE\AppData\Local\{BCDACA46-CECF-4459-86B7-D6C09E5A3410}
2011-06-16 12:36 . 2011-06-16 12:37 -------- d-----w- c:\users\ABLE\AppData\Local\{7A731C2A-5900-417F-942F-6E8BE8D44081}
2011-06-16 12:06 . 2011-06-16 12:06 -------- d-----w- c:\users\ABLE\AppData\Local\{5F606411-3227-42C6-BD68-103E5232880A}
2011-06-16 00:04 . 2011-06-16 00:04 -------- d-----w- c:\users\ABLE\AppData\Local\{610C2E9C-F319-48A3-8009-EC70C0486870}
2011-06-15 11:14 . 2011-06-15 11:14 -------- d-----w- c:\users\ABLE\AppData\Local\{04E9A8BC-88E8-4179-B19D-2A52E70FAAB9}
2011-06-14 23:14 . 2011-06-14 23:14 -------- d-----w- c:\users\ABLE\AppData\Local\{88657E78-8661-431F-A06D-76DA8DD3ED8E}
2011-06-14 11:11 . 2011-06-14 11:11 -------- d-----w- c:\users\ABLE\AppData\Local\{7260ED3F-4A7E-4281-9D42-96BC4D00F002}
2011-06-13 20:43 . 2011-06-13 20:43 -------- d-----w- c:\users\ABLE\AppData\Local\{8F1AC791-72B3-4B98-828A-11F4BC59A7B2}
2011-06-13 08:42 . 2011-06-13 08:43 -------- d-----w- c:\users\ABLE\AppData\Local\{017602F4-1F8F-4641-A563-85F9F0E19A0E}
2011-06-12 14:17 . 2011-06-12 14:17 -------- d-----w- c:\users\ABLE\AppData\Local\{FF73AA49-C6AB-483D-A9CF-1CE09CC77CAB}
2011-06-11 13:17 . 2011-06-11 13:17 -------- d-----w- c:\users\ABLE\AppData\Local\{69E460A6-A475-41BD-B6A2-D24046138218}
2011-06-10 18:42 . 2011-06-10 18:42 -------- d-----w- c:\users\ABLE\AppData\Local\{50F9A3AC-F30C-48F8-97EA-986E3CCF3058}
2011-06-10 02:01 . 2011-06-10 02:01 -------- d-----w- c:\users\ABLE\AppData\Local\{F63E1322-D838-4B9B-B27F-290E2C98ACC2}
2011-06-09 13:46 . 2011-06-09 13:46 -------- d-----w- c:\users\ABLE\AppData\Local\{FF2137B2-B763-4EA8-84C2-60ACA537A65E}
2011-06-09 00:21 . 2011-06-09 00:21 -------- d-----w- c:\users\ABLE\AppData\Local\{8734475B-1672-4AFC-957B-EC469B4944D5}
2011-06-08 11:38 . 2011-06-08 11:38 -------- d-----w- c:\users\ABLE\AppData\Local\{1CC3D691-CCBF-41B0-BF58-BBDC1CA827CE}
2011-06-08 11:32 . 2011-06-08 11:32 -------- d-----w- c:\users\ABLE\AppData\Local\{B2312C1E-3B85-4C04-8EC5-F94630511224}
2011-06-07 23:23 . 2011-06-07 23:24 -------- d-----w- c:\users\ABLE\AppData\Local\{D15BC4DB-FF8B-4C0C-9E3E-AB2A00509CCC}
2011-06-07 11:35 . 2011-06-07 11:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 11:23 . 2011-06-07 11:23 -------- d-----w- c:\users\ABLE\AppData\Local\{CD26B938-C65E-45AC-BB37-CC96278E76EC}
2011-06-06 09:11 . 2011-06-06 09:12 -------- d-----w- c:\users\ABLE\AppData\Local\{7B384D63-FEBE-4213-8006-0957382AA410}
2011-06-05 17:04 . 2011-06-05 17:05 -------- d-----w- c:\users\ABLE\AppData\Local\{05A884CA-93FE-4AD6-AC23-2ECE65247457}
2011-06-04 15:35 . 2011-06-04 15:36 -------- d-----w- c:\users\ABLE\AppData\Local\{351BE0B0-BF79-4167-BFA2-A1BB5C8EBDA3}
2011-06-03 19:42 . 2011-06-03 19:42 -------- d-----w- c:\users\ABLE\AppData\Local\{E9DC9610-33AD-4495-8335-D0AE243E4EA4}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-06-27 20:04 . 2011-05-19 07:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2010-02-27 03:40 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 08:11 . 2010-09-18 05:36 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2010-09-18 05:36 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 22:15 . 2011-05-25 11:29 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-15 23:15 . 2011-04-15 23:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-15 23:15 . 2011-04-15 23:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-15 23:15 . 2011-04-15 23:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-15 23:15 . 2011-04-15 23:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-15 23:15 . 2011-04-15 23:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-15 23:15 . 2011-04-15 23:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-15 23:15 . 2011-04-15 23:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-15 23:15 . 2011-04-15 23:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-15 23:15 . 2011-04-15 23:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-15 23:15 . 2011-04-15 23:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-15 23:15 . 2011-04-15 23:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-15 23:15 . 2011-04-15 23:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-15 23:15 . 2011-04-15 23:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-15 23:15 . 2011-04-15 23:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-15 23:15 . 2011-04-15 23:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 23:15 . 2011-04-15 23:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-15 23:15 . 2011-04-15 23:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-15 23:15 . 2011-04-15 23:15 448512 ----a-w- c:\windows\system32\html.iec
2011-04-15 23:15 . 2011-04-15 23:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-15 23:15 . 2011-04-15 23:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-15 23:15 . 2011-04-15 23:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-15 23:15 . 2011-04-15 23:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-15 23:15 . 2011-04-15 23:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-15 23:15 . 2011-04-15 23:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-15 23:15 . 2011-04-15 23:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-15 23:15 . 2011-04-15 23:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-15 23:15 . 2011-04-15 23:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-15 23:15 . 2011-04-15 23:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-15 23:15 . 2011-04-15 23:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-15 23:15 . 2011-04-15 23:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-15 23:15 . 2011-04-15 23:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-15 23:15 . 2011-04-15 23:15 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 23:15 . 2011-04-15 23:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-15 23:15 . 2011-04-15 23:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-15 23:15 . 2011-04-15 23:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-15 23:15 . 2011-04-15 23:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-15 23:15 . 2011-04-15 23:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-15 23:15 . 2011-04-15 23:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-09 07:02 . 2011-05-10 22:40 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-22 21:51 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-10 22:40 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 22:40 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-22 21:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\ABLE\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Lotus SmartSuite 97 Registration.lnk - c:\lotus\register\remind32.exe [1995-11-6 45056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2007-2-27 982320]
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-1-10 16384]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2010-2-26 122880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 RHDISK_AMD64;RHDISK_AMD64;c:\program files (x86)\Rohos\RHDISK_AMD64.SYS [x]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TF sExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCre atorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send Image to Photo Library
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-TrueCrypt - H:\TrueCrypt Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3780535909-2582836251-3537787939-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3780535909-2582836251-3537787939-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-03 13:48:20
ComboFix-quarantined-files.txt 2011-07-03 12:48
.
Pre-Run: 265,547,706,368 bytes free
Post-Run: 265,616,830,464 bytes free
.
- - End Of File - - ED845F29AADAB1A27458E30C7E60F312


RKILL.LOG

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/07/2011 at 13:52:48.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 03/07/2011 at 13:52:54.

Looks clean as well.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL.Txt Log

OTL logfile created on: 03/07/2011 18:36:56 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\ABLE\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 67.16% Memory free
7.50 Gb Paging File | 6.24 Gb Available in Paging File | 83.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 335.25 Gb Total Space | 247.23 Gb Free Space | 73.74% Space Free | Partition Type: NTFS
Drive H: | 15.00 Gb Total Space | 14.87 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive Y: | 450.76 Gb Total Space | 410.24 Gb Free Space | 91.01% Space Free | Partition Type: NTFS

Computer Name: NONE | User Name: ABLE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/03 18:29:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ABLE\Desktop\OTL.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/09/12 04:14:14 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- H:\TRUE Crypt\TrueCrypt\TrueCrypt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2006/02/16 11:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [1997/01/10 07:23:00 | 000,016,384 | ---- | M] (Lotus Development Corporation) -- C:\lotus\wordpro\ltsstart.exe
PRC - [1995/11/06 07:23:00 | 000,045,056 | ---- | M] () -- C:\lotus\register\remind32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/03 18:29:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ABLE\Desktop\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6 975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/26 23:55:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/14 14:35:58 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/01/27 00:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 23:13:34 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/15 09:04:36 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/01/11 03:19:48 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/01/11 03:19:48 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/02 12:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.s ys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 12:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sy s -- (upperdev)
DRV:64bit: - [2010/12/02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/10 08:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/10/26 17:54:24 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/07/05 03:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
DRV:64bit: - [2007/02/25 16:08:52 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/02/25 16:08:30 | 000,087,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/02/25 16:07:00 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/12/12 11:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 95 93 EA 90 B6 CA 01 [binary data]
IE - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FE F-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/06 01:26:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB 7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/06 01:26:30 | 000,000,000 | ---D | M]

[2010/02/26 15:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ABLE\AppData\Roaming\Mozilla\Firefox\exte nsions
[2010/02/26 15:52:18 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\ABLE\AppData\Roaming\Mozilla\Firefox\exte nsions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2011/07/03 13:46:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\ABLE\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/03 18:29:05 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\ABLE\Desktop\OTL.exe
[2011/07/03 14:04:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/03 13:48:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/03 13:37:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/03 13:37:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/03 13:37:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/03 13:37:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/03 13:37:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 13:37:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/03 13:24:44 | 004,130,135 | R--- | C] (Swearware) -- C:\Users\ABLE\Desktop\ComboFix.exe
[2011/07/03 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{E63ED7A3-0DDD-4F18-ABE4-61065A382BEC}
[2011/07/03 01:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2011/07/02 23:00:26 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\ABLE\Desktop\dds.scr
[2011/07/02 23:00:05 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\ABLE\Desktop\aswMBR.exe
[2011/07/02 2202 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{2233D93D-096E-47A4-874D-13D285A65A5C}
[2011/07/02 10:53:11 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{36C3196C-7C05-4005-A6C8-3C5E6674ED0B}
[2011/07/01 22:44:07 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{91556284-71B1-413A-9278-47475C267B7D}
[2011/06/30 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{01DDA53B-B59B-41FC-88F0-FB6C316065A5}
[2011/06/30 10:19:48 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{27D4DF02-0A16-4A19-8B56-3F8169BF900C}
[2011/06/29 22:19:12 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{27CC121E-490A-4203-93B2-2C2283E77EAE}
[2011/06/29 09:25:27 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{B03C5AA1-4945-4BA2-95D2-5081B5DB2847}
[2011/06/29 02:26:05 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{A1A8A456-77AE-4067-B199-EAA5D95AC670}
[2011/06/29 01:25:33 | 000,000,000 | ---D | C] -- C:\3104b8adcd7f52d12602
[2011/06/28 12:34:57 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{0C08E04C-F527-4E15-8A68-91650C5C75DC}
[2011/06/27 14:52:46 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{FD2C31AE-A642-4D66-A1A5-8D7F2DACE933}
[2011/06/27 02:38:15 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{BF87B460-99A3-4D63-991C-DFBB23C3D809}
[2011/06/25 16:42:48 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{D7D2D854-3295-4D2A-84ED-AD8A1F6E1F39}
[2011/06/25 03:19:52 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{7566E27F-60EC-4D40-84BC-4B7EB0B10908}
[2011/06/24 14:57:12 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{B775554A-150B-4670-A0B3-657A90218A61}
[2011/06/24 00:53:42 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{67D96FF1-73DD-40D8-9D5E-96232FA2DF6C}
[2011/06/24 00:50:02 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{D5C7DE55-AEC1-4014-8618-BDBAEBAC4DFB}
[2011/06/23 10:45:07 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{22D5670D-D53D-4F51-B3BA-24703A9A3E38}
[2011/06/23 0411 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{AAAAB101-5A8F-4B37-BA00-C3545132A67D}
[2011/06/23 04:38:59 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{ADE1F876-919A-452C-9523-A8F8506B47B3}
[2011/06/23 02:52:23 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{334AF640-8E52-44FB-AB35-2B4FD912DA6E}
[2011/06/23 02:24:36 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{B11B0784-6C3F-49D5-B8CD-20A041E79AC1}
[2011/06/23 02:17:09 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{CE38A4A2-A2D8-45D6-BC37-81DF452AD4E7}
[2011/06/23 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{00DCE7B8-D218-4EDC-B852-89CE05F6EA53}
[2011/06/22 11:53:36 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{EFF1871F-74CF-449B-942E-ECEF2AA3FA59}
[2011/06/21 22:55:34 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{D88B3D79-D009-46F7-8D5E-DC756674BA68}
[2011/06/21 10:15:19 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{D8CE5159-D734-4D37-B20E-30AEC1D517C3}
[2011/06/20 20:19:39 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{5FCF0696-56C8-44FC-87E9-B43C7E5C453C}
[2011/06/20 07:18:26 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{C0E40803-F3EF-4BE1-9319-B6D18784367A}
[2011/06/19 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{2C120AA4-201F-4E89-B727-0BC12C8F6297}
[2011/06/19 04:07:01 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{E1426DC5-5D89-4AC0-9EAF-F412AC1CB21C}
[2011/06/18 16:06:24 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{49E1566E-A167-41B8-9178-0229ECB88220}
[2011/06/18 02:32:16 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{84B107F8-F91C-4C0A-8318-687D285ABBF0}
[2011/06/17 14:25:04 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{2DDA0272-7407-449A-A1F1-6833B38930F4}
[2011/06/17 02:24:27 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{BCDACA46-CECF-4459-86B7-D6C09E5A3410}
[2011/06/16 13:36:55 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{7A731C2A-5900-417F-942F-6E8BE8D44081}
[2011/06/16 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{5F606411-3227-42C6-BD68-103E5232880A}
[2011/06/16 01:04:49 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{610C2E9C-F319-48A3-8009-EC70C0486870}
[2011/06/15 12:14:36 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{04E9A8BC-88E8-4179-B19D-2A52E70FAAB9}
[2011/06/15 00:14:00 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{88657E78-8661-431F-A06D-76DA8DD3ED8E}
[2011/06/14 12:11:39 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{7260ED3F-4A7E-4281-9D42-96BC4D00F002}
[2011/06/13 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{8F1AC791-72B3-4B98-828A-11F4BC59A7B2}
[2011/06/13 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{017602F4-1F8F-4641-A563-85F9F0E19A0E}
[2011/06/12 15:17:37 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{FF73AA49-C6AB-483D-A9CF-1CE09CC77CAB}
[2011/06/11 14:17:41 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{69E460A6-A475-41BD-B6A2-D24046138218}
[2011/06/10 19:42:35 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{50F9A3AC-F30C-48F8-97EA-986E3CCF3058}
[2011/06/10 03:01:41 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{F63E1322-D838-4B9B-B27F-290E2C98ACC2}
[2011/06/09 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{FF2137B2-B763-4EA8-84C2-60ACA537A65E}
[2011/06/09 0116 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{8734475B-1672-4AFC-957B-EC469B4944D5}
[2011/06/08 12:38:29 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{1CC3D691-CCBF-41B0-BF58-BBDC1CA827CE}
[2011/06/08 12:32:22 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{B2312C1E-3B85-4C04-8EC5-F94630511224}
[2011/06/08 00:23:52 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{D15BC4DB-FF8B-4C0C-9E3E-AB2A00509CCC}
[2011/06/07 12:23:17 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{CD26B938-C65E-45AC-BB37-CC96278E76EC}
[2011/06/06 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{7B384D63-FEBE-4213-8006-0957382AA410}
[2011/06/05 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{05A884CA-93FE-4AD6-AC23-2ECE65247457}
[2011/06/04 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{351BE0B0-BF79-4167-BFA2-A1BB5C8EBDA3}
[2011/06/03 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\ABLE\AppData\Local\{E9DC9610-33AD-4495-8335-D0AE243E4EA4}

========== Files - Modified Within 30 Days ==========

[2011/07/03 18:29:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ABLE\Desktop\OTL.exe
[2011/07/03 14:18:57 | 000,723,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/03 14:18:57 | 000,625,448 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/03 14:18:57 | 000,110,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/03 14:14:25 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 14:14:25 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/03 14:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/03 14:06:52 | 3019,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/03 13:46:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/03 13:26:26 | 001,008,041 | ---- | M] () -- C:\Users\ABLE\Desktop\rkill.com
[2011/07/03 13:24:44 | 004,130,135 | R--- | M] (Swearware) -- C:\Users\ABLE\Desktop\ComboFix.exe
[2011/07/02 2354 | 000,000,512 | ---- | M] () -- C:\Users\ABLE\Desktop\MBR.dat
[2011/07/02 23:00:26 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\ABLE\Desktop\dds.scr
[2011/07/02 23:00:05 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\ABLE\Desktop\aswMBR.exe
[2011/07/02 22:57:47 | 000,302,592 | ---- | M] () -- C:\Users\ABLE\Desktop\GMER.exe
[2011/07/02 20:26:41 | 000,568,144 | ---- | M] () -- C:\Users\ABLE\Desktop\77777.lwp
[2011/07/02 14:18:09 | 000,002,592 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2011/07/01 10:26:38 | 000,030,544 | ---- | M] () -- C:\Users\ABLE\Desktop\Stuart 1.lwp
[2011/06/29 01:48:11 | 000,309,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/27 02:20:29 | 000,000,000 | ---- | M] () -- C:\Users\ABLE\AppData\Local\{C421C00E-1E0D-4BD9-B954-E57C1549E05F}
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/21 10:11:51 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/20 15:18:30 | 001,807,817 | ---- | M] () -- C:\Users\ABLE\Desktop\Murphy 3.jpg
[2011/06/20 15:18:10 | 001,495,283 | ---- | M] () -- C:\Users\ABLE\Documents\Murphy 1.jpg
[2011/06/20 15:18:10 | 001,495,283 | ---- | M] () -- C:\Users\ABLE\Desktop\Murphy 1.jpg
[2011/06/20 15:17:42 | 001,654,959 | ---- | M] () -- C:\Users\ABLE\Documents\Murphy 2.jpg
[2011/06/20 15:17:42 | 001,654,959 | ---- | M] () -- C:\Users\ABLE\Desktop\Murphy 2.jpg
[2011/06/14 05:42:22 | 000,858,493 | ---- | M] () -- C:\Users\ABLE\Documents\Completed Keith Williams document.pdf
[2011/06/13 21:32:03 | 002,649,142 | ---- | M] () -- C:\Users\ABLE\Documents\Halmax1.pdf
[2011/06/13 21:26:07 | 001,430,162 | ---- | M] () -- C:\Users\ABLE\Documents\29 Lakeside Crescent Talbots Sructural Survey.pdf
[2011/06/13 21:23:38 | 000,057,450 | ---- | M] () -- C:\Users\ABLE\Documents\29 Lakeside Crescent.eml
[2011/06/11 0026 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2011/06/10 22:46:23 | 000,001,655 | ---- | M] () -- C:\Users\ABLE\Desktop\Win 7 Forum Password.eml
[2011/06/10 19:58:38 | 000,002,846 | ---- | M] () -- C:\Users\ABLE\Documents\Thanks for the report.eml
[2011/06/10 19:43:47 | 002,649,142 | ---- | M] () -- C:\Users\ABLE\Desktop\Halmax1.pdf
[2011/06/10 00:22:32 | 000,372,884 | ---- | M] () -- C:\Users\ABLE\Documents\Letter from conveyancer re building indemnity insurance .pdf

========== Files Created - No Company Name ==========

[2011/07/03 13:37:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/03 13:37:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/03 13:37:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/03 13:37:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/03 13:37:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/03 13:26:26 | 001,008,041 | ---- | C] () -- C:\Users\ABLE\Desktop\rkill.com
[2011/07/03 01:36:48 | 000,000,217 | ---- | C] () -- C:\Users\ABLE\Desktop\Google - Copy.url
[2011/07/02 2354 | 000,000,512 | ---- | C] () -- C:\Users\ABLE\Desktop\MBR.dat
[2011/07/02 22:57:47 | 000,302,592 | ---- | C] () -- C:\Users\ABLE\Desktop\GMER.exe
[2011/07/02 22:37:27 | 000,001,655 | ---- | C] () -- C:\Users\ABLE\Desktop\Win 7 Forum Password.eml
[2011/06/28 14:22:24 | 000,030,544 | ---- | C] () -- C:\Users\ABLE\Desktop\Stuart 1.lwp
[2011/06/27 02:20:29 | 000,000,000 | ---- | C] () -- C:\Users\ABLE\AppData\Local\{C421C00E-1E0D-4BD9-B954-E57C1549E05F}
[2011/06/21 11:58:16 | 001,654,959 | ---- | C] () -- C:\Users\ABLE\Documents\Murphy 2.jpg
[2011/06/21 11:58:16 | 001,495,283 | ---- | C] () -- C:\Users\ABLE\Documents\Murphy 1.jpg
[2011/06/21 11:28:37 | 001,807,817 | ---- | C] () -- C:\Users\ABLE\Desktop\Murphy 3.jpg
[2011/06/21 11:28:37 | 001,654,959 | ---- | C] () -- C:\Users\ABLE\Desktop\Murphy 2.jpg
[2011/06/21 11:28:37 | 001,495,283 | ---- | C] () -- C:\Users\ABLE\Desktop\Murphy 1.jpg
[2011/06/14 05:48:07 | 002,649,142 | ---- | C] () -- C:\Users\ABLE\Documents\Halmax1.pdf
[2011/06/14 05:48:07 | 001,430,162 | ---- | C] () -- C:\Users\ABLE\Documents\29 Lakeside Crescent Talbots Sructural Survey.pdf
[2011/06/14 05:48:07 | 000,057,450 | ---- | C] () -- C:\Users\ABLE\Documents\29 Lakeside Crescent.eml
[2011/06/14 05:46:25 | 000,858,493 | ---- | C] () -- C:\Users\ABLE\Documents\Completed Keith Williams document.pdf
[2011/06/13 2145 | 002,649,142 | ---- | C] () -- C:\Users\ABLE\Desktop\Halmax1.pdf
[2011/06/10 19:58:09 | 000,002,846 | ---- | C] () -- C:\Users\ABLE\Documents\Thanks for the report.eml
[2011/06/10 00:30:08 | 000,372,884 | ---- | C] () -- C:\Users\ABLE\Documents\Letter from conveyancer re building indemnity insurance .pdf
[2011/02/05 01:31:11 | 000,003,584 | ---- | C] () -- C:\Users\ABLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 0645 | 000,741,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/21 03:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/26 00:20:38 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/10/04 22:38:05 | 000,000,377 | ---- | C] () -- C:\Users\ABLE\AppData\Roaming\burnaware.ini
[2010/09/19 03:26:18 | 003,417,600 | ---- | C] () -- C:\Windows\SysWow64\bsoft.dll
[2010/05/22 01:51:31 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/05/21 23:47:48 | 000,000,334 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/05/21 23:47:48 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/05/21 23:46:31 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/05/21 23:46:31 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/05/21 23:43:39 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/05/21 23:43:37 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/05/21 23:42:07 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/04/27 01:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/03/19 00:25:27 | 000,005,121 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/03/14 23:58:34 | 000,000,070 | ---- | C] () -- C:\Windows\SysWow64\NSS.ini
[2010/02/27 05:52:26 | 000,007,597 | ---- | C] () -- C:\Users\ABLE\AppData\Local\resmon.resmoncfg
[2010/02/26 15:47:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/26 06:32:31 | 001,265,664 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2A6.dll
[2010/02/26 06:32:31 | 001,228,800 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2M6.dll
[2010/02/26 06:32:31 | 001,200,128 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2M5.dll
[2010/02/26 06:32:31 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2P6.dll
[2010/02/26 06:32:31 | 001,028,096 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2P5.dll
[2010/02/26 06:32:31 | 000,000,002 | ---- | C] () -- C:\Windows\PhotoSuite.ini
[2010/02/26 06:32:14 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2PX.dll
[2010/02/26 06:32:14 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\JPEGLIB.DLL
[2010/02/26 06:32:14 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2.dll
[2010/02/26 06:32:13 | 000,332,800 | ---- | C] () -- C:\Windows\SysWow64\FPXLIB.DLL
[2010/02/26 06:32:13 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\CPUINF32.DLL
[2010/02/26 06:23:05 | 000,000,097 | ---- | C] () -- C:\Windows\lotus.ini
[2010/02/26 03:39:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/21 02:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/14 15:05:42 | 000,014,800 | ---- | C] () -- C:\Windows\SysWow64\IMSRCIta.dll
[2008/10/14 15:05:08 | 000,014,800 | ---- | C] () -- C:\Windows\SysWow64\IMSRCFra.dll
[2008/10/14 15:04:36 | 000,014,800 | ---- | C] () -- C:\Windows\SysWow64\IMSRCEsp.dll
[2008/10/14 15:04:02 | 000,014,288 | ---- | C] () -- C:\Windows\SysWow64\IMSRCEng.dll
[2008/10/14 15:03:34 | 000,014,288 | ---- | C] () -- C:\Windows\SysWow64\IMSRCDeu.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

========== LOP Check ==========

[2010/02/26 07:10:49 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\5400 Series
[2010/09/10 00:31:04 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\AndrosaSoft
[2011/02/14 00:32:50 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Audacity
[2011/05/22 23:06:05 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\DVDVideoSoftIEHelper s
[2010/02/26 15:51:34 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Foxit
[2010/06/22 22:01:05 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Foxit Software
[2010/10/26 00:20:42 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\FreeAudioPack
[2011/01/26 15:04:35 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\ieSpell
[2010/10/05 00:09:45 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\NCH Swift Sound
[2011/05/27 11:37:54 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Nitro PDF
[2010/03/26 03:58:24 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Nokia
[2010/03/26 03:58:24 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Nokia Ovi Suite
[2011/02/25 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\OpenCandy
[2010/03/26 00:13:51 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\PC Suite
[2010/05/21 23:58:20 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\PC-FAX TX
[2011/02/25 22:27:58 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\PrimoPDF
[2010/11/23 00:00:40 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\rockbox.org
[2010/10/11 02:28:14 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Samsung
[2010/05/22 0120 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\ScanSoft
[2010/04/27 01:31:06 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Teleca
[2011/05/11 21:57:01 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\TrueCrypt
[2010/11/09 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\ABLE\AppData\Roaming\Windows Live Writer
[2011/06/16 01:29:50 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/07/03 13:48:21 | 000,025,399 | ---- | M] () -- C:\ComboFix.txt
[2011/07/03 14:06:52 | 3019,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/05 06:13:19 | 000,002,136 | ---- | M] () -- C:\lxct.log
[2009/12/14 1203 | 000,000,086 | ---- | M] () -- C:\lxctjswx.log
[2009/12/14 1203 | 000,000,364 | ---- | M] () -- C:\lxctPpx.log
[2010/06/05 06:13:17 | 000,000,069 | ---- | M] () -- C:\lxctscan.log
[2011/07/03 14:06:54 | 4025,602,048 | -HS- | M] () -- C:\pagefile.sys
[2011/07/03 13:52:54 | 000,000,391 | ---- | M] () -- C:\rkill.log
[2009/05/28 17:42:09 | 000,024,576 | ---- | M] () -- C:\SAVEDBCD
[2009/05/28 17:42:09 | 000,021,504 | -HS- | M] () -- C:\SAVEDBCD.LOG
[2009/05/28 17:42:09 | 000,000,000 | -HS- | M] () -- C:\SAVEDBCD.LOG1
[2009/05/28 17:42:09 | 000,000,000 | -HS- | M] () -- C:\SAVEDBCD.LOG2

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/16 00:16:31 | 000,000,221 | -HS- | M] () -- C:\Users\ABLE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/07/02 23:00:05 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\ABLE\Desktop\aswMBR.exe
[2011/07/03 13:24:44 | 004,130,135 | R--- | M] (Swearware) -- C:\Users\ABLE\Desktop\ComboFix.exe
[2011/01/10 16:54:06 | 160,217,136 | ---- | M] (Seagate) -- C:\Users\ABLE\Desktop\DiscWizardSetup.en.exe
[2011/07/02 22:57:47 | 000,302,592 | ---- | M] () -- C:\Users\ABLE\Desktop\GMER.exe
[2010/10/24 02:46:20 | 000,667,344 | ---- | M] () -- C:\Users\ABLE\Desktop\mp3gain-win-1_2_5.exe
[2011/07/03 18:29:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\ABLE\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/24 09:52:01 | 000,000,402 | -HS- | M] () -- C:\Users\ABLE\Favorites\desktop.ini
[2011/07/02 14:54:53 | 000,000,290 | ---- | M] () -- C:\Users\ABLE\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 873 bytes -> C:\Users\ABLE\Documents\29 Lakeside Crescent.eml:OECustomProperty
@Alternate Data Stream - 761 bytes -> C:\Users\ABLE\Documents\Thanks for the report.eml:OECustomProperty
@Alternate Data Stream - 740 bytes -> C:\Users\ABLE\Desktop\Win 7 Forum Password.eml:OECustomProperty
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >

OTL. EXTRA LOG

OTL Extras logfile created on: 03/07/2011 18:36:56 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\ABLE\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 67.16% Memory free
7.50 Gb Paging File | 6.24 Gb Available in Paging File | 83.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 335.25 Gb Total Space | 247.23 Gb Free Space | 73.74% Space Free | Partition Type: NTFS
Drive H: | 15.00 Gb Total Space | 14.87 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive Y: | 450.76 Gb Total Space | 410.24 Gb Free Space | 91.01% Space Free | Partition Type: NTFS

Computer Name: NONE | User Name: ABLE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = BELKIN Bluetooth Software 6.0.1.4400
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{20F2AD58-CE1D-4994-9945-B1B3F2600254}" = Nitro PDF Reader
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C23600C7-12C4-44F7-B943-B9E738CD494B}" = Digimax A502
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" =
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask Toolbar_is1" = Foxit Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Birdie EML to DOC Converter_is1" = Birdie EML to DOC Converter
"BurnAware Free_is1" = BurnAware Free 3.0.6
"Ditto_is1" = Ditto 3.17.0.17
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91
"Free YouTube Download_is1" = Free YouTube Download version 2.10.36.517
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"HP Photo Idea CD" = HP Photo Idea CD
"ieSpell" = ieSpell
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Nokia Ovi Suite" = Nokia Ovi Suite
"NSS" = NSS (remove only)
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SmartSuite V97.0" = Lotus SmartSuite 97
"Switch" = Switch Sound File Converter
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O3 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-21-3780535909-2582836251-3537787939-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
  @Alternate Data Stream - 873 bytes -> C:\Users\ABLE\Documents\29 Lakeside Crescent.eml:OECustomProperty
  @Alternate Data Stream - 761 bytes -> C:\Users\ABLE\Documents\Thanks for the report.eml:OECustomProperty
  @Alternate Data Stream - 740 bytes -> C:\Users\ABLE\Desktop\Win 7 Forum Password.eml:OECustomProperty
  @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:0CE7F3C9
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\AskBarDis
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================== ====

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Hi Broni,

After I ran OTL again and it rebooted, all hell broke loose on the PC, it would not reboot properly, same behaviour as before, screen was flickering or another reboot, asked what OS I wanted to use and this "Explorer.exe playing Log off sound message kept appearing.

Finaly, several reboots later, go the PC stable again but was forced to save last OTL info/scan in to word doc which I have pasted here.

I know you warned Eset might take some time but 5 1/2 hours.

I don't know if it is important information for you but it did appear ESET got hung up on my Nokia OVI PC suite, for what it's worth.

Logs are below, ESET reported some infections.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d 4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03 e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3780535909-2582836251-3537787939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44E F-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3780535909-2582836251-3537787939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03 E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
ADS C:\Users\ABLE\Documents\29 Lakeside Crescent.eml:OECustomProperty deleted successfully.
ADS C:\Users\ABLE\Documents\Thanks for the report.eml:OECustomProperty deleted successfully.
ADS C:\Users\ABLE\Desktop\Win 7 Forum Password.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar\bin folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar folder moved successfully.
C:\Program Files (x86)\AskBarDis folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ABLE
->Temp folder emptied: 1954960 bytes
->Temporary Internet Files folder emptied: 86339607 bytes
->Flash cache emptied: 109893 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3922 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 39692 bytes

Total Files Cleaned = 84.00 mb


[EMPTYFLASH]

User: ABLE
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07032011_224512

Files\Folders moved on Reboot...
C:\Users\ABLE\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.

Registry entries deleted on Reboot...


Security Checkup.

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

ESET SCAN

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip Win32/Bagle.gen.zip worm
C:\Windows.old\Windows\Temp\~osB544.tmp\rlvknlg.ex e a variant of Win32/Adware.RK.AA application

Update Adobe Reader

You can download it from Adobe - Adobe Reader download - All versions
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================================== ===============

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip	
  C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip	
  C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip	
  C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip	
  C:\Windows.old\Windows\Temp\~osB544.tmp
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================== ==============

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT (Web of Trust). It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): Secunia Personal Software Inspector (PSI) - Introduction. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

12. Please, let me know, how your computer is doing.

Restore Delete

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: ABLE
->Temp folder emptied: 18783 bytes
->Temporary Internet Files folder emptied: 1721717 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: ABLE
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.25.0 log created on 07042011_065310

Files\Folders moved on Reboot...
C:\Users\ABLE\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.
C:\Users\ABLE\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ABLE\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\86Q1CPUT\login_status[1].htm moved successfully.

Registry entries deleted on Reboot...



OTL

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip moved successfully.
File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip not found.
File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip not found.
C:\Windows.old\Windows\Temp\~osB544.tmp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ABLE
->Temp folder emptied: 184817 bytes
->Temporary Internet Files folder emptied: 24898054 bytes
->Flash cache emptied: 622 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7330 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 215240 bytes

Total Files Cleaned = 24.00 mb


[EMPTYFLASH]

User: ABLE
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07042011_064646

Files\Folders moved on Reboot...
C:\Users\ABLE\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.
C:\Users\ABLE\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ABLE\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\KBTIKJSU\login_status[1].htm moved successfully.

Registry entries deleted on Reboot...

12. Please, let me know, how your computer is doing.

Whenever ready....