Infection causing frequent advert popups and redirects

[mdwhitby]

Hi

My PC has an infection that is causing frequent advert pop ups to appear in both the bottom left and right when visiting many sites. Also less frequently I will get redirected to random websites when browsing legitimate sites.

Any assistance would be much appreciated as I have been trying to sort for a few months.

As requested below are copied the contents of DDS.txt and Attach.txt.

DDS.txt is as follows:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16482

Run by oem at 15:38:45 on 2013-03-16

Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.4094.2476 [GMT 0:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\dashost.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\taskhost.exe

C:\WINDOWS\System32\dwm.exe

C:\WINDOWS\system32\atieclxx.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Windows\System32\WWAHost.exe

C:\WINDOWS\WinStore\WSHost.exe

C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\taskeng.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Program Files (x86)\AVG\AVG2013\fixcfg.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://dub002.mail.live.com/default.aspx?id=64855

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll

uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRunServicesOnce: [~cc34806374] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc34806374.dll,_clearCacheRunDLL@16 1353023499 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc34806374.dll.lock"

uRunServicesOnce: [~cc24826483] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc24826483.dll,_clearCacheRunDLL@16 1354130049 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc24826483.dll.lock"

uRunServicesOnce: [~cc94799422] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc94799422.dll,_clearCacheRunDLL@16 1354209639 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc94799422.dll.lock"

uRunServicesOnce: [~cc36067371] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc36067371.dll,_clearCacheRunDLL@16 1354576164 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc36067371.dll.lock"

uRunServicesOnce: [~cc65945527] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc65945527.dll,_clearCacheRunDLL@16 1355097571 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc65945527.dll.lock"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: cambridgeshire.gov.uk

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://nsp2.cambridgeshire.gov.uk/component/citrix-client/v3/en_US/icaweb.cab

DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/event/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras.cpsn.org.uk/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{7097DB8D-F47C-4546-8950-4BE60127AA80} : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{F0C46F0B-D66B-4473-A132-E96FEC29D148} : DHCPNameServer = 192.168.2.1 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\Drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\Drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\Drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\Drivers\avgrkx64.sys [2012-9-14 40800]

R1 AppleCharger;AppleCharger;C:\WINDOWS\System32\Drivers\AppleCharger.sys [2010-8-19 21544]

R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\Drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\Drivers\avgwfpa.sys [2012-11-26 208736]

R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-9-28 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-8-19 219360]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-22 1153368]

R3 athur;Qualcomm Atheros AR9271 Wireless Network Adapter Service;C:\WINDOWS\System32\Drivers\athuw8x.sys [2013-3-15 3744256]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2012-8-21 91648]

R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\Drivers\xusb22.sys [2012-7-26 89088]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\Drivers\avgboota.sys [2012-10-26 20912]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2012-12-16 23552]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-03-16 14:42:01 192784 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10196.bin

2013-03-15 19:18:33 3744256 ----a-w- C:\WINDOWS\System32\drivers\athuw8x.sys

2013-03-11 17:44:41 710504 ----a-w- C:\WINDOWS\isRS-000.tmp

2013-03-11 17:44:20 -------- d-----w- C:\Users\oem\AppData\Local\Programs

2013-03-11 16:21:05 -------- d-----w- C:\Users\oem\AppData\Roaming\AVG2013

2013-03-11 16:17:19 -------- d-----w- C:\ProgramData\AVG2013

2013-03-11 16:14:01 -------- d-----w- C:\Users\oem\AppData\Local\MFAData

2013-03-11 16:14:01 -------- d-----w- C:\Users\oem\AppData\Local\Avg2013

2013-03-10 18:33:22 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-03-04 09:19:49 -------- d-----w- C:\Users\oem\AppData\Roaming\webex

2013-02-27 22:47:01 -------- d-----w- C:\ProgramData\WebEx

2013-02-27 22:32:28 1010688 ----a-w- C:\WINDOWS\System32\reseteng.dll

2013-02-27 22:32:27 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll

2013-02-27 22:32:27 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll

2013-02-24 18:51:03 -------- d-----w- C:\Users\oem\AppData\Roaming\Juniper Networks

2013-02-22 13:47:20 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys

2013-02-22 13:44:17 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2013-02-22 13:43:32 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys

2013-02-22 13:33:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-22 13:33:58 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

.

==================== Find3M ====================

.

2013-02-21 07:29:31 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2013-02-21 07:29:30 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2013-01-21 11:12:12 2177664 ----a-w- C:\WINDOWS\System32\coin93.dll

2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll

2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

2013-01-16 00:25:17 1437696 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll

2013-01-16 00:23:19 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll

2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys

2013-01-10 01:29:54 1934056 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys

2013-01-10 01:29:21 785504 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys

2013-01-09 23:26:53 83968 ----a-w- C:\WINDOWS\SysWow64\wiaacmgr.exe

2013-01-09 23:26:46 1611776 ----a-w- C:\WINDOWS\SysWow64\mmc.exe

2013-01-09 23:26:35 410624 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll

2013-01-09 23:26:35 261120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll

2013-01-09 23:26:25 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll

2013-01-09 23:26:25 202752 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll

2013-01-09 23:26:23 1752064 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll

2013-01-09 23:26:20 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll

2013-01-09 23:26:08 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll

2013-01-09 23:26:04 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll

2013-01-09 23:26:03 436736 ----a-w- C:\WINDOWS\SysWow64\MP4SDECD.DLL

2013-01-09 23:25:55 582144 ----a-w- C:\WINDOWS\SysWow64\gpprefcl.dll

2013-01-09 23:23:32 95232 ----a-w- C:\WINDOWS\System32\wiaacmgr.exe

2013-01-09 23:23:25 2094592 ----a-w- C:\WINDOWS\System32\mmc.exe

2013-01-09 23:23:18 256000 ----a-w- C:\WINDOWS\System32\WSDMon.dll

2013-01-09 23:23:16 1964544 ----a-w- C:\WINDOWS\System32\wlidsvc.dll

2013-01-09 23:23:14 594944 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll

2013-01-09 23:23:14 406016 ----a-w- C:\WINDOWS\System32\Windows.Media.dll

2013-01-09 23:23:09 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll

2013-01-09 23:23:08 279040 ----a-w- C:\WINDOWS\System32\srm.dll

2013-01-09 23:23:07 1886208 ----a-w- C:\WINDOWS\System32\setupapi.dll

2013-01-09 23:23:05 728064 ----a-w- C:\WINDOWS\System32\samsrv.dll

2013-01-09 23:22:53 464384 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll

2013-01-09 23:22:53 151040 ----a-w- C:\WINDOWS\System32\netprofm.dll

2013-01-09 23:22:43 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll

2013-01-09 23:22:41 666112 ----a-w- C:\WINDOWS\System32\MP4SDECD.DLL

2013-01-09 23:22:35 438272 ----a-w- C:\WINDOWS\System32\lsm.dll

2013-01-09 23:22:29 894464 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll

2013-01-09 23:22:29 159232 ----a-w- C:\WINDOWS\System32\inetpp.dll

2013-01-09 23:22:26 49152 ----a-w- C:\WINDOWS\System32\drivers\UMDF\HidBthLE.dll

2013-01-09 23:22:25 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll

2013-01-09 23:22:05 1918464 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll

2013-01-09 03:59:47 341504 ----a-w- C:\WINDOWS\System32\drivers\HdAudio.sys

2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll

2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll

2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll

2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll

2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll

2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll

2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll

2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll

2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll

2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll

2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll

2011-06-18 17:59:37 215552 ----a-w- C:\Program Files\~WRD0001.tmp

.

============= FINISH: 15:39:33.95 ===============

Attach.txt is as follows:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 27/10/2012 22:02:05

System Uptime: 11/03/2013 17:45:32 (118 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-880GMA-UD2H

Processor: AMD Phenom™ II X6 1055T Processor | Socket M2 | 3500/250mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 513.249 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 339.242 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP16: 11/02/2013 14:40:38 - Windows Update

RP17: 27/02/2013 22:16:09 - Windows Update

RP18: 04/03/2013 08:45:29 - Windows Update

RP19: 10/03/2013 18:33:44 - Windows Update

RP20: 15/03/2013 19:04:45 - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Advertising Center

Amazon MP3 Downloader 1.0.9

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

AVG 2013

Batman: Arkham Asylum Game of the Year Edition

Blacklight - Tango Down

Blacklight: Tango Down

Browser Configuration Utility

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Tool

Canon Inkjet Printer Driver Add-On Module

Canon MP Navigator EX 4.0

Canon MP495 series MP Drivers

Canon MP495 series User Registration

Canon My Printer

Canon Solution Menu EX

CarneyVale: Showtime

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCS64 V3.8

Cisco WebEx Meetings

Citrix Presentation Server Web Client for Win32

Crazy Taxi 3

D3DX10

DiRT2

Dropbox

FlatOut: Ultimate Carnage

Google Earth

Google Update Helper

ImagXpress

Java Auto Updater

Java™ 6 Update 31

Java™ 6 Update 31 (64-bit)

Juniper Networks, Inc. Setup Client

Juniper Terminal Services Client

Junk Mail filter update

LightScribe System Software

Logitech Harmony Remote Software (x86)

Logitech Harmony Remote Software 7

Mahjong Wisdom

MakeMKV v1.7.9

Malwarebytes Anti-Malware version 1.70.0.1100

Menu Templates - Starter Kit

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MKVtoolnix 4.0.0

Moffsoft FreeCalc

Movie Templates - Starter Kit

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NEC Electronics USB 3.0 Host Controller Driver

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

NVIDIA PhysX

OLYMPUS Digital Camera Updater

Olympus ib

OLYMPUS Viewer 2

ON_OFF Charge B10.0409.1

OpenAL

OpenOffice.org 3.2

Osmos

OutRun2006 Coast 2 Coast

PeerBlock 1.1 (r518)

Pure Networks Platform

Rapport

Rapture3D 2.3.22 Game

RegCure Pro

Remote Control USB Driver

SpeedFan (remove only)

Spybot - Search & Destroy

Stamp ID3 Tag Editor

Steam

The Lord of the Rings FREE Trial

Tinker

Vancouver 2010

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.2

Vuze

Vuze Remote Toolbar

Where's Wally

Windows 7 Upgrade Advisor

Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

WinRAR archiver

Xvid Video Codec

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

11/03/2013 18:06:26, Error: Service Control Manager [7000] - The pbfilter service failed to start due to the following error: The system cannot find the file specified.

11/03/2013 17:46:29, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

11/03/2013 17:46:22, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

11/03/2013 16:19:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

11/03/2013 16:19:04, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[gringo_pr]

Hello mdwhitby

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from

here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download

AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
  • Quit all programs that you may have started.
    
  • Please disconnect any USB or external drives from the computer before you run this scan!
    
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    
  • For Windows XP, double-click to start.
    
  • Wait until Prescan has finished ...
    
  • Then Click on "Scan" button
    
  • Wait until the Status box shows "Scan Finished"
    
  • click on "delete"
    
  • Wait until the Status box shows "Deleting Finished"
    
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    
  • The log should be found in RKreport[1].txt on your Desktop
    
  • Exit/Close RogueKiller+
    

Gringo

[mdwhitby]

Hi Gringo,

Many thanks for your assistance. I have managed to run all three of the programs and the reports are copied below. The pop ups are still very much present after running all three - I have not experienced a redirect but that was much less frequent in any case.

Regards

Mark

checkup.txt:

Results of screen317's Security Check version 0.99.61

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG AntiVirus Free Edition 2013

Windows Defender

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

AdwCleaner[s1].txt

# AdwCleaner v2.114 - Logfile created 03/17/2013 at 14:11:41

# Updated 05/03/2013 by Xplode

# Operating system : Windows 8 Pro (64 bits)

# User : oem - OEM-PC

# Boot Mode : Normal

# Running from : C:\Users\oem\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\WINDOWS\SysWOW64\conduitEngine.tmp

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\ConduitEngine

Folder Deleted : C:\Program Files (x86)\Vuze_Remote

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\oem\AppData\Local\Conduit

Folder Deleted : C:\Users\oem\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\oem\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\oem\AppData\LocalLow\Vuze_Remote

Folder Deleted : C:\Users\oem\AppData\LocalLow\Vuze_Remote

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3F6403C-21C4-4572-9C4A-DC3799628614}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3F6403C-21C4-4572-9C4A-DC3799628614}

Key Deleted : HKLM\Software\Vuze_Remote

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F6403C-21C4-4572-9C4A-DC3799628614}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07CD8AA9-7800-4E06-8C26-41DE2802CFF8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08A7CD93-4306-4D73-BE6E-E4FE27DD2433}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5152B037-BFE6-49B8-9506-0077FED72164}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [4759 octets] - [17/03/2013 14:11:41]

########## EOF - C:\AdwCleaner[s1].txt - [4819 octets] ##########

RKreport[1]_S_03172013_02d1421.txt:

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : oem [Admin rights]

Mode : Scan -- Date : 03/17/2013 14:21:09

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[RUN][HJNAME] [ON_E:Default]HKCU[...]\RunOnce : mctadmin (C:\Windows\System32\mctadmin.exe) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> E:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

149.5.18.172 www.google-analytics.com.

149.5.18.172 ad-emea.doubleclick.net.

149.5.18.172 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] d51f4686c184ea994eb9fd2d6b31e56e

[bSP] 530f3aca1387a78cea9069c2fd17e1a5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] a9b0f207d3ba0561655122029c9eb6cb

[bSP] 890cc6b9773dab82c4f966f8282edf4b : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03172013_02d1421.txt >>

RKreport[1]_S_03172013_02d1421.txt

[gringo_pr]

Hello mdwhitby

we will run this now, it will help remove some files from the computer.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

• Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  
• Click the Script tab and copy/paste the following text there:
  

DeleteFile:
C:\WINDOWS\system32\drivers\etc\hosts

• Click Execute Now. Your computer will need to reboot in order to replace the files.
  
• When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
  

Gringo

[mdwhitby]

Hi

Blitzblank was ran with above script. Here is the report:

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application

MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\etc\hosts", destinationFile = "(null)", replaceWithDummy = 0

RemoveFile: ZwDeleteFile failed: status = c0000121

[gringo_pr]

Hello mdwhitby

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[mdwhitby]

Hi

Combofix would not run as it is not compatible with Windows 8 and cannot be run in compatibility mode.

My PC still has the advert pop ups and redirects.

Regards

Mark

[gringo_pr]

Hello Mark

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
    

  [*]Please post the contents of OTL.txt in your next reply.

Gringo

[mdwhitby]

Hello Gringo

Here we go, the output from running OTL.exe contained in the OTL.txt report:

OTL logfile created on: 18/03/2013 08:54:07 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oem\Desktop

64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16519)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.28% Memory free

8.00 Gb Paging File | 6.25 Gb Available in Paging File | 78.10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 513.85 Gb Free Space | 55.17% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 339.24 Gb Free Space | 36.42% Space Free | Partition Type: NTFS

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\oem\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)

PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()

MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()

MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)

SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)

SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)

SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)

SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)

SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)

SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)

SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)

SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)

SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)

SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)

SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)

SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)

SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)

SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)

SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)

SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)

SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)

DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)

DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)

DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)

DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\Drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (athur) -- C:\Windows\SysNative\Drivers\athuw8x.sys (Qualcomm Atheros Communications, Inc.)

DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)

DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\Drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\Drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)

DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\Drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)

DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)

DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)

DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)

DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)

DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)

DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)

DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)

DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)

DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)

DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)

DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)

DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)

DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)

DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)

DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)

DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)

DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)

DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)

DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)

DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)

DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)

DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)

DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)

DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)

DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)

DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)

DRV:64bit: - (xusb22) -- C:\Windows\SysNative\Drivers\xusb22.sys (Microsoft Corporation)

DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)

DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)

DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)

DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)

DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)

DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)

DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)

DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)

DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)

DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\Drivers\netr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\Drivers\AppleCharger.sys ()

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\Drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (purendis) -- C:\Windows\SysNative\Drivers\purendis.sys (Cisco Systems, Inc.)

DRV:64bit: - (pnarp) -- C:\Windows\SysNative\Drivers\pnarp.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://dub002.mail.live.com/default.aspx?id=64855

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 DA D8 2D B1 44 CB 01 [binary data]

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..\SearchScopes,DefaultScope = {04F1B6DA-66B0-45FD-937E-FD3F272E2378}

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..\SearchScopes\{04F1B6DA-66B0-45FD-937E-FD3F272E2378}: "URL" = http://www.bing.com/search?q={searchTerms}&form=OSDSRC

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2012/03/26 17:45:19 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 149.5.18.172 www.google-analytics.com.

O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.

O1 - Hosts: 149.5.18.172 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\RunServicesOnce: [~cc24826483] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc24826483.dll,_clearCacheRunDLL@16 1354130049 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc24826483.dll.lock" File not found

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\RunServicesOnce: [~cc34806374] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc34806374.dll,_clearCacheRunDLL@16 1353023499 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc34806374.dll.lock" File not found

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\RunServicesOnce: [~cc36067371] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc36067371.dll,_clearCacheRunDLL@16 1354576164 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc36067371.dll.lock" File not found

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\RunServicesOnce: [~cc65945527] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc65945527.dll,_clearCacheRunDLL@16 1355097571 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc65945527.dll.lock" File not found

O4 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000..\RunServicesOnce: [~cc94799422] rundll32 C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc94799422.dll,_clearCacheRunDLL@16 1354209639 "ROD=C:\Users\oem\AppData\Local\Netilla\CacheCleaner\~cc94799422.dll.lock" File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..Trusted Domains: cambridgeshire.gov.uk ([]https in Trusted sites)

O15 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..Trusted Domains: cambridgeshire.gov.uk ([ras001] https in Trusted sites)

O15 - HKU\S-1-5-21-2050783474-713050606-3144304951-1000\..Trusted Domains: cambridgeshire.gov.uk ([ras002] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://nsp2.cambridgeshire.gov.uk/component/citrix-client/v3/en_US/icaweb.cab (Citrix ICA Client)

O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab (PrintEngine ActiveX Control v4.2)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/event/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ras.cpsn.org.uk/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7097DB8D-F47C-4546-8950-4BE60127AA80}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C46F0B-D66B-4473-A132-E96FEC29D148}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 08:53:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe

[2013/03/17 22:08:19 | 005,041,875 | ---- | C] (Swearware) -- C:\Users\oem\Desktop\ComboFix.exe

[2013/03/17 20:38:53 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\oem\Desktop\BlitzBlank.exe

[2013/03/17 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\oem\Documents\CIPFA Audit and Assurance

[2013/03/17 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\RK_Quarantine

[2013/03/17 14:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/03/17 14:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/03/15 19:22:13 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll

[2013/03/15 19:22:12 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll

[2013/03/15 19:22:11 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll

[2013/03/15 19:22:10 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll

[2013/03/15 19:22:10 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll

[2013/03/15 19:22:10 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys

[2013/03/15 19:21:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll

[2013/03/15 19:21:48 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll

[2013/03/15 19:21:48 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll

[2013/03/15 19:21:48 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll

[2013/03/15 19:21:48 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll

[2013/03/15 19:21:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll

[2013/03/15 19:21:47 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll

[2013/03/15 19:21:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll

[2013/03/15 19:21:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll

[2013/03/15 19:21:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe

[2013/03/15 19:21:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll

[2013/03/15 19:21:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll

[2013/03/15 19:21:43 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll

[2013/03/15 19:21:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll

[2013/03/15 19:21:37 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll

[2013/03/15 19:21:35 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll

[2013/03/15 19:21:33 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll

[2013/03/15 19:21:32 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2013/03/15 19:21:31 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll

[2013/03/15 19:21:29 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlroamextension.dll

[2013/03/15 19:21:29 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWanAPI.dll

[2013/03/15 19:21:29 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netprofmsvc.dll

[2013/03/15 19:21:29 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll

[2013/03/15 19:21:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncsi.dll

[2013/03/15 19:21:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll

[2013/03/15 19:21:27 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll

[2013/03/15 19:21:27 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS

[2013/03/15 19:21:27 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlroamextension.dll

[2013/03/15 19:21:27 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWanAPI.dll

[2013/03/15 19:21:27 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll

[2013/03/15 19:21:27 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys

[2013/03/15 19:21:27 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hotspotauth.dll

[2013/03/15 19:21:27 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsRasterService.dll

[2013/03/15 19:21:27 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll

[2013/03/15 19:21:27 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll

[2013/03/15 19:21:27 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll

[2013/03/15 19:21:27 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsRasterService.dll

[2013/03/15 19:21:27 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskkill.exe

[2013/03/15 19:21:27 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tasklist.exe

[2013/03/15 19:21:27 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys

[2013/03/15 19:21:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpd_ci.dll

[2013/03/15 19:21:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys

[2013/03/15 19:21:26 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tasklist.exe

[2013/03/15 19:21:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\taskkill.exe

[2013/03/15 19:21:26 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\crashdmp.sys

[2013/03/15 19:21:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmproxy.dll

[2013/03/15 19:21:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmsprep.dll

[2013/03/15 19:21:13 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll

[2013/03/15 19:21:13 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll

[2013/03/15 19:18:33 | 003,744,256 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athuw8x.sys

[2013/03/15 19:06:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/03/11 17:44:20 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Programs

[2013/03/11 16:21:05 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\AVG2013

[2013/03/11 16:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/03/11 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\MFAData

[2013/03/11 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Avg2013

[2013/03/04 09:19:54 | 000,000,000 | -HSD | C] -- C:\Users\oem\Documents\cache

[2013/03/04 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\webex

[2013/03/04 08:41:20 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mmc.exe

[2013/03/04 08:41:20 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll

[2013/03/04 08:41:18 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmc.exe

[2013/03/04 08:41:18 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpprefcl.dll

[2013/03/04 08:41:17 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll

[2013/03/04 08:41:17 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srmstormod.dll

[2013/03/04 08:41:14 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setupapi.dll

[2013/03/04 08:41:11 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP4SDECD.DLL

[2013/03/04 08:41:11 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll

[2013/03/04 08:41:11 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gpprefcl.dll

[2013/03/04 08:41:11 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsm.dll

[2013/03/04 08:41:11 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll

[2013/03/04 08:41:11 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys

[2013/03/04 08:41:11 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srmstormod.dll

[2013/03/04 08:41:11 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys

[2013/03/04 08:41:11 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetpp.dll

[2013/03/04 08:41:11 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys

[2013/03/04 08:41:11 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys

[2013/03/04 08:41:10 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll

[2013/03/04 08:41:10 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP4SDECD.DLL

[2013/03/04 08:41:10 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll

[2013/03/04 08:41:10 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srm.dll

[2013/03/04 08:41:10 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srm.dll

[2013/03/04 08:41:10 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll

[2013/03/04 08:41:10 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll

[2013/03/04 08:41:10 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncbservice.dll

[2013/03/04 08:41:10 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxm.dll

[2013/03/04 08:41:10 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wiaacmgr.exe

[2013/03/04 08:41:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wiaacmgr.exe

[2013/03/04 08:41:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhsvc.dll

[2013/03/04 08:41:10 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhapi.dll

[2013/03/04 08:41:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxp.dll

[2013/03/04 08:41:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\keepaliveprovider.dll

[2013/02/27 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx

[2013/02/27 22:32:28 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll

[2013/02/27 22:32:27 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll

[2013/02/27 22:32:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll

[2013/02/24 18:51:21 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks

[2013/02/24 18:51:03 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Juniper Networks

[2013/02/22 13:44:17 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 08:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe

[2013/03/18 08:51:27 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/18 08:42:46 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/17 22:25:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/17 22:13:08 | 005,041,875 | ---- | M] (Swearware) -- C:\Users\oem\Desktop\ComboFix.exe

[2013/03/17 21:36:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/03/17 20:48:05 | 000,848,230 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/03/17 20:48:05 | 000,722,260 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/03/17 20:48:05 | 000,136,434 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2013/03/17 20:42:28 | 000,299,328 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/03/17 20:42:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/03/17 20:42:24 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/17 20:39:41 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\oem\Desktop\BlitzBlank.exe

[2013/03/17 14:18:38 | 000,815,616 | ---- | M] () -- C:\Users\oem\Desktop\RogueKiller.exe

[2013/03/17 14:11:07 | 000,597,667 | ---- | M] () -- C:\Users\oem\Desktop\adwcleaner.exe

[2013/03/17 14:05:18 | 000,890,798 | ---- | M] () -- C:\Users\oem\Desktop\SecurityCheck.exe

[2013/03/11 18:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job

[2013/03/11 17:44:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/11 16:19:03 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/03/11 10:52:26 | 000,011,473 | ---- | M] () -- C:\Users\oem\Documents\Savings.ods

[2013/03/05 23:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2013/03/05 23:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2013/03/02 08:22:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll

[2013/03/02 02:44:30 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll

[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/17 20:42:26 | 000,299,328 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/03/17 14:18:28 | 000,815,616 | ---- | C] () -- C:\Users\oem\Desktop\RogueKiller.exe

[2013/03/17 14:11:07 | 000,597,667 | ---- | C] () -- C:\Users\oem\Desktop\adwcleaner.exe

[2013/03/17 14:05:10 | 000,890,798 | ---- | C] () -- C:\Users\oem\Desktop\SecurityCheck.exe

[2013/03/11 17:44:40 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/11 16:19:03 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/03/04 08:41:10 | 000,386,577 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2012/10/28 22:26:59 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2012/10/27 20:34:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/10/12 02:32:18 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat

[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2012/07/22 14:56:14 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll

[2012/03/09 04:31:26 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat

[2012/03/09 04:31:26 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat

[2011/08/14 16:49:59 | 000,645,632 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll

[2011/08/14 16:49:59 | 000,240,640 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll

[2010/09/24 15:26:10 | 000,000,163 | ---- | C] () -- C:\Users\oem\AppData\Roaming\default.rss

[2010/09/24 15:26:09 | 000,000,000 | ---- | C] () -- C:\Users\oem\AppData\Roaming\downloads.m3u

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 23:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 23:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Mark

[gringo_pr]

Hello mdwhitby

first download FileASSASSIN and run the program

• copy and paste the following text into the text field
  

C:\WINDOWS\system32\drivers\etc\hosts

• Under "Attempt FileASSASSIN's method of file procesing" make sure all four boxes are checked
  Click on "execute"
  

restart the computer and let me know how things are

Gringo

[mdwhitby]

Hi Gringo

With all 4 boxes ticked I ran into an error:

An error occurred in function Delete file

FindRemoteFileHandles returned NULL value. This may affect deletion of file. Please report this to the FileASSASSIN support team.

It then reported:

The file could not be deleted!

Regards

Mark

[gringo_pr]

Hello mdwhitby

:Avenger by Swandog:

• Download

Avenger by Swandog and unzip it to your Desktop.
Note: This program must be run from an account with Administrator priviledges.
Open the Avenger folder and double click Avenger.exe to launch the programme.
Copy the text in the code box below and Paste it into the Input script here: box.

Files to delete:
C:\WINDOWS\system32\drivers\etc\hosts

• Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  
• Ensure the following:
  
  • Scan for Rootkits is checked.
    
  • Automatically disable any rootkits found is Unchecked.
    

  [*]Press the Execute key.

  [*]Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.

  [*]Post the log back here please. (it can also be found at C:\avenger.txt)

Gringo

[mdwhitby]

Hi

Sorry, Avenger is another program that is not supported in Windows 8

It immediately closes stating the operating systems it works with.

Mark

[gringo_pr]

Hello

ok lets try and delete it by hand

I want you to go to the file and delete it yourself

C:\WINDOWS\system32\drivers\etc\hosts

click on start -> computer -> C; drive -> windows -> system32 -> drivers -> etc ->hosts <- delete this

[mdwhitby]

Hi

I thought you might suggest that next. Unfortunately the only files visible in the C:\WINDOWS\system32\drivers\etc folder are 4 files:

lmhosts.sam

networks

protocol

services

However there are 5 files in the properties of "etc" I've tried to show any hidden files but nothing extra appears.

Mark

[gringo_pr]

Hello mdwhitby

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• 
  
• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.

[*]It will make a log (FRST.txt)

I want you to post the FRST.txt report into your reply to me

Gringo

[mdwhitby]

Hi Gringo

Before I attempt that I've done a bit of digging and I have Spybot installed which automatically locks down the hosts file, which is great if the hosts file is OK, but I definitely installed Spybot after I was already infected.

Should I uninstall Spybot and see if that unlocks the hosts file before following the action in your previous post?

Mark

[mdwhitby]

Hi

And further to my previous post about Spybot, the website for downloading FRST says it is only for Vista and Windows 7, not Windows 8:

Farbar Recovery Scan Tool is a portable application designed to run in the Windows Vista and Windows 7 Recovery Environment in order to diagnose and fix boot issues

Mark

[gringo_pr]

Hello

It should still work so please try and run it for me

gringo

[mdwhitby]

Gringo

F8 is not an available option on restart on my Gigabyte BIOS - it does nothing.

DEL enters the BIOS setup

F12 enters the standard Boot Menu

F9 - Xpress Recovery2

END - Q-Flash

None of these seem to do what you have suggested, and I have looked through the motherboard manual.

Unfortunately I don't have a Windows installation disk as I upgraded Windows through the MS store online.

Regards

Mark

[gringo_pr]

Hello

Ok Lets try to get FRST to work this way

Download the following three programmes to your desktop :

1. WiNTBootIc

For 64bit systems

2. Windows 7 64bit RC

3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop

Insert a USB drive of at least 1GB

Run Wintoboot

Drag and drop the Windows 7 ISO to the programme in the space indicated

Tick the Format box and accept the warnings

Press Do It

You will see it progressing

It will let you know when it is done

Then copy FRST to the same USB

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB

Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.

Click repair my computer

Select your operating system

Select Command prompt

At the command prompt type the following :

notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst64.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[mdwhitby]

Hi Gringo

Thanks for your continuing assistance on this, much appreciated.

One of the downloads was for a recovery disk for Windows 7 but I am on Windows 8, which is why some of the earlier stuff wouldn't work if you recall.

Should I proceed or do I need the Windows 8 ISO instead.

Cheers

Mark

[gringo_pr]

try it and let me know if it works

[mdwhitby]

Cheers

That worked perfectly, here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 10 days old)

Ran by SYSTEM at 23-03-2013 12:56:55

Running from G:\

Windows 8 Pro (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)

HKLM-x32\...\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" [220336 2010-07-01] (CyberLink Corp.)

HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [642856 2008-12-12] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)

HKU\oem\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\oem\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) ===================

3 AllUserInstallAgent; C:\Windows\System32\AUInstallAgent.dll [122368 2012-07-25] (Microsoft Corporation)

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [169472 2012-11-05] (Microsoft Corporation)

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [179712 2012-09-19] (Microsoft Corporation)

2 DeviceAssociationService; C:\Windows\System32\das.dll [342016 2012-07-25] (Microsoft Corporation)

3 DeviceInstall; C:\Windows\System32\umpnpmgr.dll [107008 2012-09-19] (Microsoft Corporation)

3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [207872 2012-07-25] (Microsoft Corporation)

3 EFS; C:\Windows\System32\efssvc.dll [37376 2012-07-25] (Microsoft Corporation)

3 fhsvc; C:\Windows\System32\fhsvc.dll [116736 2012-09-19] (Microsoft Corporation)

3 KeyIso; C:\Windows\System32\keyiso.dll [59904 2012-07-25] (Microsoft Corporation)

3 KeyIso; C:\Windows\SysWow64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)

2 LSM; C:\Windows\System32\lsm.dll [438272 2013-01-09] (Microsoft Corporation)

3 NcaSvc; C:\Windows\System32\ncasvc.dll [161792 2012-07-25] (Microsoft Corporation)

3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2012-07-25] (Microsoft Corporation)

3 Netlogon; C:\Windows\System32\netlogon.dll [743936 2012-07-25] (Microsoft Corporation)

3 Netlogon; C:\Windows\SysWow64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)

3 netprofm; C:\Windows\System32\netprofmsvc.dll [467456 2013-02-02] (Microsoft Corporation)

3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-11-05] (Microsoft Corporation)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

3 StorSvc; C:\Windows\SysWow64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)

3 svsvc; C:\Windows\System32\svsvc.dll [12800 2012-07-25] (Microsoft Corporation)

3 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [178176 2012-12-05] (Microsoft Corporation)

3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [170496 2012-12-05] (Microsoft Corporation)

3 VaultSvc; C:\Windows\System32\vaultsvc.dll [283648 2012-07-25] (Microsoft Corporation)

3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)

3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)

3 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)

3 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)

3 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)

3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)

2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [263680 2012-07-25] (Microsoft Corporation)

3 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-25] (Microsoft Corporation)

3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

3 WinHttpAutoProxySvc; C:\Windows\SysWow64\winhttp.dll [516608 2012-11-05] (Microsoft Corporation)

3 wlidsvc; C:\Windows\System32\wlidsvc.dll [1964544 2013-01-09] (Microsoft Corporation)

3 WSService; C:\Windows\System32\WSService.dll [2367528 2012-09-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

0 3ware; C:\Windows\System32\Drivers\3ware.sys [106736 2012-07-25] (LSI)

0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [77040 2012-07-25] (Microsoft Corporation)

3 acpipagr; C:\Windows\System32\Drivers\acpipagr.sys [10240 2012-07-25] (Microsoft Corporation)

3 acpitime; C:\Windows\System32\Drivers\acpitime.sys [10752 2012-07-25] (Microsoft Corporation)

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21544 2010-04-06] ()

0 arc; C:\Windows\System32\Drivers\arc.sys [104688 2012-07-25] (PMC-Sierra, Inc.)

0 arcsas; C:\Windows\System32\Drivers\arcsas.sys [108272 2012-07-25] (PMC-Sierra, Inc.)

3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-21] (Qualcomm Atheros Communications, Inc.)

3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)

0 Avgboota; C:\Windows\System32\Drivers\Avgboota.sys [20912 2012-10-25] (AVG Technologies CZ, s.r.o.)

1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)

0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)

0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)

1 Avgwfpa; C:\Windows\System32\Drivers\Avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)

1 BasicDisplay; C:\Windows\System32\Drivers\BasicDisplay.sys [48640 2012-07-25] (Microsoft Corporation)

1 BasicRender; C:\Windows\System32\Drivers\BasicRender.sys [29696 2012-07-25] (Microsoft Corporation)

3 BthAvrcpTg; C:\Windows\System32\Drivers\BthAvrcpTg.sys [37632 2013-02-01] (Microsoft Corporation)

3 BthHFEnum; C:\Windows\System32\Drivers\BthHFEnum.sys [51200 2012-07-25] (Microsoft Corporation)

3 bthhfhid; C:\Windows\System32\Drivers\bthhfhid.sys [29952 2012-11-26] (Microsoft Corporation)

0 CLFS; C:\Windows\System32\Drivers\CLFS.sys [361200 2012-07-25] (Microsoft Corporation)

3 condrv; C:\Windows\System32\Drivers\condrv.sys [33792 2012-07-25] (Microsoft Corporation)

1 dam; C:\Windows\System32\Drivers\dam.sys [58088 2012-10-10] (Microsoft Corporation)

0 EhStorClass; C:\Windows\System32\Drivers\EhStorClass.sys [81136 2012-07-25] (Microsoft Corporation)

0 EhStorTcgDrv; C:\Windows\System32\Drivers\EhStorTcgDrv.sys [113904 2012-07-25] (Microsoft Corporation)

3 FxPPM; C:\Windows\System32\Drivers\FxPPM.sys [22528 2012-11-05] (Microsoft Corporation)

3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-25] (Microsoft Corporation)

3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [120040 2012-09-19] (Microsoft Corporation)

3 hidi2c; C:\Windows\System32\Drivers\hidi2c.sys [39936 2012-11-19] (Microsoft Corporation)

3 hyperkbd; C:\Windows\System32\Drivers\hyperkbd.sys [11776 2012-07-25] (Microsoft Corporation)

3 HyperVideo; C:\Windows\System32\Drivers\HyperVideo.sys [24576 2012-07-25] (Microsoft Corporation)

3 kdnic; C:\Windows\System32\Drivers\kdnic.sys [18432 2012-07-25] (Microsoft Corporation)

0 LSI_SSS; C:\Windows\System32\Drivers\LSI_SSS.sys [81136 2012-07-25] (LSI Corporation)

3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-25] (Microsoft Corporation)

3 msgpiowin32; C:\Windows\System32\Drivers\msgpiowin32.sys [28904 2013-01-09] (Microsoft Corporation)

3 mshidumdf; C:\Windows\System32\Drivers\mshidumdf.sys [10752 2012-07-25] (Microsoft Corporation)

3 MsLldp; C:\Windows\System32\Drivers\MsLldp.sys [68608 2012-07-25] (Microsoft Corporation)

0 mvumis; C:\Windows\System32\Drivers\mvumis.sys [64240 2012-07-25] (Marvell Semiconductor, Inc.)

3 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2012-07-25] (Microsoft Corporation)

3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation)

2 Ndu; C:\Windows\System32\Drivers\Ndu.sys [97792 2012-07-25] (Microsoft Corporation)

1 npsvctrig; C:\Windows\System32\Drivers\npsvctrig.sys [23552 2012-07-25] (Microsoft Corporation)

0 pdc; C:\Windows\System32\Drivers\pdc.sys [69864 2013-02-06] (Microsoft Corporation)

3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [589824 2012-06-02] (Realtek )

3 sdstor; C:\Windows\System32\Drivers\sdstor.sys [56552 2012-10-10] (Microsoft Corporation)

3 SerCx; C:\Windows\System32\Drivers\SerCx.sys [62976 2012-07-25] (Microsoft Corporation)

0 spaceport; C:\Windows\System32\Drivers\spaceport.sys [283888 2012-07-25] (Microsoft Corporation)

3 SpbCx; C:\Windows\System32\Drivers\SpbCx.sys [59392 2012-07-25] (Microsoft Corporation)

0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)

0 storahci; C:\Windows\System32\Drivers\storahci.sys [77552 2012-07-25] (Microsoft Corporation)

3 storvsp; C:\Windows\System32\Drivers\storvsp.sys [67584 2012-07-25] (Microsoft Corporation)

3 UASPStor; C:\Windows\System32\Drivers\UASPStor.sys [97008 2012-07-25] (Microsoft Corporation)

3 UCX01000; C:\Windows\System32\Drivers\UCX01000.sys [212200 2012-09-19] (Microsoft Corporation)

3 USBHUB3; C:\Windows\System32\Drivers\USBHUB3.sys [446184 2013-02-02] (Microsoft Corporation)

3 USBXHCI; C:\Windows\System32\Drivers\USBXHCI.sys [337128 2012-09-19] (Microsoft Corporation)

3 VerifierExt; C:\Windows\System32\Drivers\VerifierExt.sys [106224 2012-07-25] (Microsoft Corporation)

3 Vid; C:\Windows\System32\Drivers\Vid.sys [203776 2012-07-25] (Microsoft Corporation)

3 vmbusr; C:\Windows\System32\Drivers\vmbusr.sys [117248 2012-07-25] (Microsoft Corporation)

3 vpci; C:\Windows\System32\Drivers\vpci.sys [67824 2012-07-25] (Microsoft Corporation)

3 vpcivsp; C:\Windows\System32\Drivers\vpcivsp.sys [66048 2012-07-25] (Microsoft Corporation)

0 VSTXRAID; C:\Windows\System32\Drivers\VSTXRAID.sys [322800 2012-07-25] (VIA Corporation)

3 WdBoot; C:\Windows\System32\Drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)

3 WdFilter; C:\Windows\System32\Drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)

0 WFPLWFS; C:\Windows\System32\Drivers\WFPLWFS.sys [96496 2012-07-25] (Microsoft Corporation)

3 wpcfltr; C:\Windows\System32\Drivers\wpcfltr.sys [45056 2012-07-25] (Microsoft Corporation)

3 WpdUpFltr; C:\Windows\System32\Drivers\WpdUpFltr.sys [19968 2012-07-25] (Microsoft Corporation)

3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)

3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)

3 xusb22; C:\Windows\System32\Drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)

4 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [x]

3 idsvc; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-23 04:41 - 2013-03-23 04:41 - 01466241 ____A (Farbar) C:\Users\oem\Desktop\FRST64.exe

2013-03-23 04:40 - 2013-03-23 04:41 - 172855296 ____A C:\Users\oem\Desktop\RepairDiscWindows7-64-bit.iso

2013-03-23 04:40 - 2013-03-23 04:40 - 00857600 ____A C:\Users\oem\Desktop\WiNToBootic.exe

2013-03-21 13:37 - 2013-03-21 13:49 - 07800832 ____A C:\Users\oem\Desktop\Mar 2013 Employer Services.ppt

2013-03-21 13:35 - 2013-02-11 16:17 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-03-19 13:27 - 2013-03-19 13:28 - 00013824 __ASH C:\Users\oem\Documents\Thumbs.db

2013-03-19 13:23 - 2013-03-19 13:26 - 07439360 ____A C:\Users\oem\Documents\Mar 2013 Employer Services.ppt

2013-03-18 16:07 - 2013-03-18 16:07 - 00731136 ____A C:\Users\oem\Desktop\avenger.exe

2013-03-18 13:16 - 2013-03-18 13:16 - 00001055 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2013-03-18 13:16 - 2013-03-18 13:16 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2013-03-18 01:00 - 2013-03-18 01:01 - 00095598 ____A C:\Users\oem\Desktop\Extras.Txt

2013-03-18 00:59 - 2013-03-18 00:59 - 00099742 ____A C:\Users\oem\Desktop\OTL.Txt

2013-03-18 00:53 - 2013-03-18 00:53 - 00602112 ____A (OldTimer Tools) C:\Users\oem\Desktop\OTL.exe

2013-03-17 14:08 - 2013-03-17 14:13 - 05041875 ____A (Swearware) C:\Users\oem\Desktop\ComboFix.exe

2013-03-17 12:42 - 2013-03-17 12:42 - 00299328 ____A C:\Windows\System32\FNTCACHE.DAT

2013-03-17 12:41 - 2013-03-17 12:41 - 00000516 ____A C:\blitzblank.log

2013-03-17 12:38 - 2013-03-17 12:39 - 01153912 ____A (Emsi Software GmbH) C:\Users\oem\Desktop\BlitzBlank.exe

2013-03-17 08:59 - 2013-03-18 08:33 - 00000000 ____D C:\Users\oem\Documents\CIPFA Audit and Assurance

2013-03-17 06:23 - 2013-03-17 06:23 - 00002525 ____A C:\Users\oem\Desktop\RKreport[2]_D_03172013_02d1423.txt

2013-03-17 06:21 - 2013-03-17 06:21 - 00002516 ____A C:\Users\oem\Desktop\RKreport[1]_S_03172013_02d1421.txt

2013-03-17 06:19 - 2013-03-17 06:21 - 00000000 ____D C:\Users\oem\Desktop\RK_Quarantine

2013-03-17 06:18 - 2013-03-17 06:18 - 00815616 ____A C:\Users\oem\Desktop\RogueKiller.exe

2013-03-17 06:17 - 2013-03-17 06:17 - 00004884 ____A C:\Users\oem\Desktop\AdwCleaner[s1].txt

2013-03-17 06:11 - 2013-03-17 06:11 - 00597667 ____A C:\Users\oem\Desktop\adwcleaner.exe

2013-03-17 06:11 - 2013-03-17 06:11 - 00004884 ____A C:\AdwCleaner[s1].txt

2013-03-17 06:09 - 2013-03-17 06:09 - 00000912 ____A C:\Users\oem\Desktop\checkup.txt

2013-03-17 06:05 - 2013-03-17 06:05 - 00890798 ____A C:\Users\oem\Desktop\SecurityCheck.exe

2013-03-17 06:00 - 2013-03-17 06:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-16 07:37 - 2013-03-16 07:38 - 00688992 ____R (Swearware) C:\Users\oem\Downloads\dds.scr

2013-03-15 11:22 - 2013-02-11 17:29 - 14296064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-03-15 11:22 - 2013-02-11 16:55 - 19205632 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-03-15 11:22 - 2013-02-06 20:09 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys

2013-03-15 11:22 - 2013-02-06 19:34 - 10115072 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll

2013-03-15 11:22 - 2013-02-06 19:33 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-03-15 11:22 - 2013-02-06 19:33 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll

2013-03-15 11:22 - 2013-02-06 17:34 - 08856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2013-03-15 11:22 - 2013-02-06 17:33 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-03-15 11:22 - 2013-02-06 17:33 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2013-03-15 11:21 - 2013-03-02 00:22 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2013-03-15 11:21 - 2013-03-01 18:44 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll

2013-03-15 11:21 - 2013-02-11 17:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2013-03-15 11:21 - 2013-02-11 16:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll

2013-03-15 11:21 - 2013-02-11 16:25 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-03-15 11:21 - 2013-02-05 14:31 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys

2013-03-15 11:21 - 2013-02-05 14:29 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys

2013-03-15 11:21 - 2013-02-05 14:28 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys

2013-03-15 11:21 - 2013-02-05 14:28 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys

2013-03-15 11:21 - 2013-02-04 20:58 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-03-15 11:21 - 2013-02-04 20:57 - 01128960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 13761536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 02877952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 01658368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-03-15 11:21 - 2013-02-04 20:56 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-03-15 11:21 - 2013-02-04 19:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-03-15 11:21 - 2013-02-04 17:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2013-03-15 11:21 - 2013-02-04 14:40 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-03-15 11:21 - 2013-02-04 14:39 - 02246656 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-03-15 11:21 - 2013-02-04 14:39 - 01351680 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-03-15 11:21 - 2013-02-04 14:39 - 00907776 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll

2013-03-15 11:21 - 2013-02-04 14:39 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-03-15 11:21 - 2013-02-04 14:38 - 15418368 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-03-15 11:21 - 2013-02-04 14:38 - 03966464 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-03-15 11:21 - 2013-02-04 14:38 - 02166272 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-03-15 11:21 - 2013-02-04 14:38 - 00854528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-03-15 11:21 - 2013-02-04 14:38 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-03-15 11:21 - 2013-02-02 03:19 - 00496872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys

2013-03-15 11:21 - 2013-02-02 03:19 - 00446184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS

2013-03-15 11:21 - 2013-02-02 03:19 - 00329960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys

2013-03-15 11:21 - 2013-02-02 03:19 - 00061672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys

2013-03-15 11:21 - 2013-02-02 02:54 - 01933544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-03-15 11:21 - 2013-02-02 02:28 - 02226408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-03-15 11:21 - 2013-02-02 02:28 - 00993512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2013-03-15 11:21 - 2013-02-02 00:40 - 10792448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2013-03-15 11:21 - 2013-02-02 00:40 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll

2013-03-15 11:21 - 2013-02-02 00:40 - 00370688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll

2013-03-15 11:21 - 2013-02-02 00:40 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll

2013-03-15 11:21 - 2013-02-02 00:40 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll

2013-03-15 11:21 - 2013-02-02 00:40 - 00155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll

2013-03-15 11:21 - 2013-02-02 00:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe

2013-03-15 11:21 - 2013-02-02 00:40 - 00079360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe

2013-03-15 11:21 - 2013-02-02 00:39 - 05090816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00325632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00015872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll

2013-03-15 11:21 - 2013-02-02 00:39 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll

2013-03-15 11:21 - 2013-02-02 00:38 - 00567808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll

2013-03-15 11:21 - 2013-02-02 00:24 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\taskkill.exe

2013-03-15 11:21 - 2013-02-02 00:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\tasklist.exe

2013-03-15 11:21 - 2013-02-02 00:23 - 13643264 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00731648 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\wlroamextension.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00105472 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll

2013-03-15 11:21 - 2013-02-02 00:23 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\wersvc.dll

2013-03-15 11:21 - 2013-02-02 00:22 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll

2013-03-15 11:21 - 2013-02-02 00:22 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2013-03-15 11:21 - 2013-02-02 00:21 - 05977600 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-03-15 11:21 - 2013-02-02 00:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll

2013-03-15 11:21 - 2013-02-02 00:21 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2013-03-15 11:21 - 2013-02-02 00:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll

2013-03-15 11:21 - 2013-02-02 00:20 - 00729600 ____A (Microsoft Corporation) C:\Windows\System32\duser.dll

2013-03-15 11:21 - 2013-02-02 00:20 - 00260096 ____A (Microsoft Corporation) C:\Windows\System32\hotspotauth.dll

2013-03-15 11:21 - 2013-02-01 23:30 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-03-15 11:21 - 2013-02-01 23:25 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys

2013-03-15 11:21 - 2013-02-01 23:25 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys

2013-03-15 11:21 - 2013-02-01 23:25 - 00037632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys

2013-03-15 11:21 - 2013-02-01 21:41 - 01437184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2013-03-15 11:21 - 2013-02-01 21:31 - 01690624 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll

2013-03-15 11:18 - 2012-11-21 09:41 - 03744256 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athuw8x.sys

2013-03-15 11:11 - 2013-03-15 11:11 - 00000000 ____D C:\Users\oem\Downloads\TL-WN822N_V2_win8-beta

2013-03-11 09:44 - 2013-03-11 09:44 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-11 08:21 - 2013-03-11 08:21 - 00000000 ____D C:\Users\oem\AppData\Roaming\AVG2013

2013-03-11 08:19 - 2013-03-11 08:19 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-03-11 08:17 - 2013-03-11 08:19 - 00000000 ____D C:\ProgramData\AVG2013

2013-03-11 08:14 - 2013-03-11 08:34 - 00000000 ____D C:\Users\oem\AppData\Local\Avg2013

2013-03-11 08:14 - 2013-03-11 08:14 - 00000000 ____D C:\Users\oem\AppData\Local\MFAData

2013-03-04 01:19 - 2013-03-18 08:33 - 00000000 __SHD C:\Users\oem\Documents\cache

2013-03-04 01:19 - 2013-03-18 08:33 - 00000000 ____D C:\Users\oem\AppData\Roaming\webex

2013-03-04 00:41 - 2013-01-09 17:53 - 00028904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys

2013-03-04 00:41 - 2013-01-09 17:40 - 01448168 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-03-04 00:41 - 2013-01-09 17:40 - 00303848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-03-04 00:41 - 2013-01-09 17:39 - 00194280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys

2013-03-04 00:41 - 2013-01-09 17:39 - 00124648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys

2013-03-04 00:41 - 2013-01-09 17:29 - 00785504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2013-03-04 00:41 - 2013-01-09 17:29 - 00091880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2013-03-04 00:41 - 2013-01-09 15:26 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 01752064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 01611776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe

2013-03-04 00:41 - 2013-01-09 15:26 - 00890880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 00436736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2013-03-04 00:41 - 2013-01-09 15:26 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 00261120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 00202752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll

2013-03-04 00:41 - 2013-01-09 15:26 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe

2013-03-04 00:41 - 2013-01-09 15:26 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll

2013-03-04 00:41 - 2013-01-09 15:25 - 00582144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 19791360 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 02094592 ____A (Microsoft Corporation) C:\Windows\System32\mmc.exe

2013-03-04 00:41 - 2013-01-09 15:23 - 01964544 ____A (Microsoft Corporation) C:\Windows\System32\wlidsvc.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 01886208 ____A (Microsoft Corporation) C:\Windows\System32\setupapi.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00728064 ____A (Microsoft Corporation) C:\Windows\System32\samsrv.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00594944 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00406016 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00279040 ____A (Microsoft Corporation) C:\Windows\System32\srm.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00274432 ____A (Microsoft Corporation) C:\Windows\System32\srmstormod.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\WSDMon.dll

2013-03-04 00:41 - 2013-01-09 15:23 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\wiaacmgr.exe

2013-03-04 00:41 - 2013-01-09 15:22 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\msctf.dll

2013-03-04 00:41 - 2013-01-09 15:22 - 00894464 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll

2013-03-04 00:41 - 2013-01-09 15:22 - 00820736 ____A (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll

2013-03-04 00:41 - 2013-01-09 15:22 - 00666112 ____A (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL

2013-03-04 00:41 - 2013-01-09 15:22 - 00438272 ____A (Microsoft Corporation) C:\Windows\System32\lsm.dll

2013-03-04 00:41 - 2013-01-09 15:22 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\inetpp.dll

2013-03-04 00:41 - 2013-01-08 19:59 - 00341504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys

2013-03-04 00:41 - 2013-01-04 16:08 - 00386577 ____A C:\Windows\System32\ApnDatabase.xml

2013-03-04 00:41 - 2012-11-01 21:19 - 00171520 ____A (Microsoft Corporation) C:\Windows\System32\ncbservice.dll

2013-03-04 00:41 - 2012-11-01 21:18 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\httpprxm.dll

2013-03-04 00:41 - 2012-11-01 21:18 - 00062464 ____A (Microsoft Corporation) C:\Windows\System32\adhsvc.dll

2013-03-04 00:41 - 2012-11-01 21:18 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\adhapi.dll

2013-03-04 00:41 - 2012-11-01 21:18 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\httpprxp.dll

2013-03-04 00:41 - 2012-11-01 21:18 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\keepaliveprovider.dll

2013-02-27 14:47 - 2013-02-27 14:47 - 00000000 ____D C:\ProgramData\WebEx

2013-02-27 14:32 - 2012-12-14 20:55 - 01010688 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll

2013-02-27 14:32 - 2012-12-14 20:55 - 00443392 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll

2013-02-27 14:32 - 2012-12-14 20:55 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll

2013-02-24 10:51 - 2013-02-24 10:51 - 00000000 ____D C:\Users\oem\AppData\Roaming\Juniper Networks

2013-02-22 05:44 - 2013-01-13 19:56 - 06967016 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

==================== One Month Modified Files and Folders =======

2013-03-23 04:52 - 2012-07-25 21:26 - 00524288 __ASH C:\Windows\System32\config\BBI

2013-03-23 04:51 - 2012-07-25 23:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-23 04:51 - 2012-07-25 23:21 - 00554410 ____A C:\Windows\setupact.log

2013-03-23 04:51 - 2011-12-27 13:48 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-03-23 04:50 - 2012-10-27 12:32 - 00020998 ____A C:\Windows\PFRO.log

2013-03-23 04:49 - 2012-10-27 12:55 - 01593659 ____A C:\Windows\WindowsUpdate.log

2013-03-23 04:41 - 2013-03-23 04:41 - 01466241 ____A (Farbar) C:\Users\oem\Desktop\FRST64.exe

2013-03-23 04:41 - 2013-03-23 04:40 - 172855296 ____A C:\Users\oem\Desktop\RepairDiscWindows7-64-bit.iso

2013-03-23 04:40 - 2013-03-23 04:40 - 00857600 ____A C:\Users\oem\Desktop\WiNToBootic.exe

2013-03-23 04:36 - 2012-04-22 00:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-23 04:25 - 2011-12-27 13:48 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-03-23 04:25 - 2010-10-17 05:58 - 00000000 ____D C:\ProgramData\MFAData

2013-03-22 10:12 - 2010-08-25 19:57 - 00000000 ____D C:\Users\oem\AppData\Roaming\vlc

2013-03-22 10:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru

2013-03-22 10:00 - 2012-05-06 09:38 - 00000464 ____A C:\Windows\Tasks\ParetoLogic Registration3.job

2013-03-21 13:49 - 2013-03-21 13:37 - 07800832 ____A C:\Users\oem\Desktop\Mar 2013 Employer Services.ppt

2013-03-21 13:38 - 2012-10-27 13:06 - 00130560 __ASH C:\Users\oem\Desktop\Thumbs.db

2013-03-21 13:29 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-03-19 15:13 - 2010-08-25 16:36 - 00000000 ____D C:\Program Files (x86)\Vuze

2013-03-19 13:58 - 2012-10-27 13:02 - 00000000 ____D C:\Users\oem\AppData\Local\Packages

2013-03-19 13:28 - 2013-03-19 13:27 - 00013824 __ASH C:\Users\oem\Documents\Thumbs.db

2013-03-19 13:26 - 2013-03-19 13:23 - 07439360 ____A C:\Users\oem\Documents\Mar 2013 Employer Services.ppt

2013-03-19 12:39 - 2012-07-25 23:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-18 16:07 - 2013-03-18 16:07 - 00731136 ____A C:\Users\oem\Desktop\avenger.exe

2013-03-18 13:16 - 2013-03-18 13:16 - 00001055 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk

2013-03-18 13:16 - 2013-03-18 13:16 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2013-03-18 13:16 - 2012-07-25 21:26 - 00262144 __ASH C:\Windows\System32\config\ELAM

2013-03-18 08:33 - 2013-03-17 08:59 - 00000000 ____D C:\Users\oem\Documents\CIPFA Audit and Assurance

2013-03-18 08:33 - 2013-03-04 01:19 - 00000000 __SHD C:\Users\oem\Documents\cache

2013-03-18 08:33 - 2013-03-04 01:19 - 00000000 ____D C:\Users\oem\AppData\Roaming\webex

2013-03-18 01:01 - 2013-03-18 01:00 - 00095598 ____A C:\Users\oem\Desktop\Extras.Txt

2013-03-18 00:59 - 2013-03-18 00:59 - 00099742 ____A C:\Users\oem\Desktop\OTL.Txt

2013-03-18 00:53 - 2013-03-18 00:53 - 00602112 ____A (OldTimer Tools) C:\Users\oem\Desktop\OTL.exe

2013-03-17 14:13 - 2013-03-17 14:08 - 05041875 ____A (Swearware) C:\Users\oem\Desktop\ComboFix.exe

2013-03-17 12:42 - 2013-03-17 12:42 - 00299328 ____A C:\Windows\System32\FNTCACHE.DAT

2013-03-17 12:41 - 2013-03-17 12:41 - 00000516 ____A C:\blitzblank.log

2013-03-17 12:39 - 2013-03-17 12:38 - 01153912 ____A (Emsi Software GmbH) C:\Users\oem\Desktop\BlitzBlank.exe

2013-03-17 08:54 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache

2013-03-17 06:23 - 2013-03-17 06:23 - 00002525 ____A C:\Users\oem\Desktop\RKreport[2]_D_03172013_02d1423.txt

2013-03-17 06:21 - 2013-03-17 06:21 - 00002516 ____A C:\Users\oem\Desktop\RKreport[1]_S_03172013_02d1421.txt

2013-03-17 06:21 - 2013-03-17 06:19 - 00000000 ____D C:\Users\oem\Desktop\RK_Quarantine

2013-03-17 06:18 - 2013-03-17 06:18 - 00815616 ____A C:\Users\oem\Desktop\RogueKiller.exe

2013-03-17 06:17 - 2013-03-17 06:17 - 00004884 ____A C:\Users\oem\Desktop\AdwCleaner[s1].txt

2013-03-17 06:12 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ToastData

2013-03-17 06:11 - 2013-03-17 06:11 - 00597667 ____A C:\Users\oem\Desktop\adwcleaner.exe

2013-03-17 06:11 - 2013-03-17 06:11 - 00004884 ____A C:\AdwCleaner[s1].txt

2013-03-17 06:09 - 2013-03-17 06:09 - 00000912 ____A C:\Users\oem\Desktop\checkup.txt

2013-03-17 06:06 - 2010-09-15 05:24 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-03-17 06:05 - 2013-03-17 06:05 - 00890798 ____A C:\Users\oem\Desktop\SecurityCheck.exe

2013-03-17 06:00 - 2013-03-17 06:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-17 06:00 - 2010-08-25 16:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-03-16 07:38 - 2013-03-16 07:37 - 00688992 ____R (Swearware) C:\Users\oem\Downloads\dds.scr

2013-03-16 07:36 - 2012-08-20 05:28 - 00000000 ___RD C:\Users\oem\Dropbox

2013-03-16 06:53 - 2010-08-19 09:56 - 00000000 ____D C:\Users\oem\AppData\Local\VirtualStore

2013-03-15 11:11 - 2013-03-15 11:11 - 00000000 ____D C:\Users\oem\Downloads\TL-WN822N_V2_win8-beta

2013-03-11 09:46 - 2012-05-18 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-11 09:44 - 2013-03-11 09:44 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-11 08:34 - 2013-03-11 08:14 - 00000000 ____D C:\Users\oem\AppData\Local\Avg2013

2013-03-11 08:21 - 2013-03-11 08:21 - 00000000 ____D C:\Users\oem\AppData\Roaming\AVG2013

2013-03-11 08:21 - 2010-08-25 16:38 - 00000000 ____D C:\Program Files (x86)\AVG

2013-03-11 08:20 - 2012-07-12 13:46 - 00000000 ___HD C:\$AVG

2013-03-11 08:19 - 2013-03-11 08:19 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-03-11 08:19 - 2013-03-11 08:17 - 00000000 ____D C:\ProgramData\AVG2013

2013-03-11 08:18 - 2012-07-26 00:12 - 00000000 ___HD C:\Windows\ELAMBKUP

2013-03-11 08:14 - 2013-03-11 08:14 - 00000000 ____D C:\Users\oem\AppData\Local\MFAData

2013-03-11 02:52 - 2012-06-04 02:16 - 00011473 ____A C:\Users\oem\Documents\Savings.ods

2013-03-10 10:45 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB

2013-03-10 10:45 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\en-GB

2013-03-05 15:07 - 2012-11-02 14:05 - 00692568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-05 15:07 - 2012-11-02 14:05 - 00078168 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-03-02 00:22 - 2013-03-15 11:21 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2013-03-01 18:44 - 2013-03-15 11:21 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll

2013-02-27 14:47 - 2013-02-27 14:47 - 00000000 ____D C:\ProgramData\WebEx

2013-02-24 10:51 - 2013-02-24 10:51 - 00000000 ____D C:\Users\oem\AppData\Roaming\Juniper Networks

2013-02-24 10:48 - 2010-08-25 16:36 - 00000000 ____D C:\Users\oem\AppData\Roaming\Azureus

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe

[2012-12-16 13:06] - [2012-10-10 21:46] - 0517120 ____A (Microsoft Corporation) BCF2036A0DD579E47C008C133550283E

C:\Windows\System32\wininit.exe

[2012-07-25 16:03] - [2012-07-25 19:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\explorer.exe

[2012-12-16 13:06] - [2012-10-10 23:35] - 2380944 ____A (Microsoft Corporation) E13A31D5254C25406A7946BDD9B06364

C:\Windows\SysWOW64\explorer.exe

[2012-12-16 13:06] - [2012-10-10 21:56] - 2115952 ____A (Microsoft Corporation) 953ADECFF08202A01EFC6110214FDE02

C:\Windows\System32\svchost.exe

[2012-10-28 14:27] - [2012-09-19 22:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\SysWOW64\svchost.exe

[2012-10-28 14:27] - [2012-09-19 21:55] - 0023040 ____A (Microsoft Corporation) A46DC432F81473F526E3994AA483E366

C:\Windows\System32\services.exe

[2012-10-28 14:27] - [2012-09-19 22:33] - 0410624 ____A (Microsoft Corporation) 8F226143046435C75C033B0C52E90FFE

C:\Windows\System32\User32.dll

[2012-10-28 14:27] - [2012-09-19 22:33] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

C:\Windows\SysWOW64\User32.dll

[2012-10-28 14:26] - [2012-09-19 20:10] - 1126912 ____A (Microsoft Corporation) BA1C3ACD929A71E88B49C2B6E38F92B3

C:\Windows\System32\userinit.exe

[2012-07-25 16:06] - [2012-07-25 19:08] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247

C:\Windows\SysWOW64\userinit.exe

[2012-07-25 16:08] - [2012-07-25 19:21] - 0021504 ____A (Microsoft Corporation) 9F6289D194A04A09671FEED4B6CB6EF7

C:\Windows\System32\Drivers\volsnap.sys

[2012-07-25 18:30] - [2012-07-25 20:57] - 0332016 ____A (Microsoft Corporation) 2FB3CDFD5EAF4CD9D4AFAF96877D13AE

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-04 00:48:19

Restore point made on: 2013-03-10 10:34:26

Restore point made on: 2013-03-15 11:05:47

Restore point made on: 2013-03-21 14:04:28

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 4093.55 MB

Available physical RAM: 3476.09 MB

Total Pagefile: 4091.7 MB

Available Pagefile: 3457.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:513.3 GB) NTFS

2 Drive d: (Media) (Fixed) (Total:931.51 GB) (Free:339.24 GB) NTFS

4 Drive g: () (Removable) (Total:1.87 GB) (Free:1.67 GB) NTFS

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 931 GB 0 B

Disk 2 Online 1912 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 7A5E63C4

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: F6161AED

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D Media NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1910 MB 1792 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G NTFS Removable 1910 MB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: 7A5E63C4

Partition 1:

=========

Hex: 8020210007DF130C0008000000200300

Active: YES

Type: 07 (NTFS)

Size: 100 MB

Partition 2:

=========

Hex: 00DF140C07FEFFFF0028030000386D74

Active: NO

Type: 07 (NTFS)

Size: 931 GB

==============================

Partitions of Disk 1:

===============

Disk ID: F6161AED

Partition 1:

=========

Hex: 0020210007FEFFFF0008000000587074

Active: NO

Type: 07 (NTFS)

Size: 932 GB

==============================

Partitions of Disk 2:

===============

Disk ID: C3072E18

Partition 1:

=========

Hex: 80010100073FD2C9000E000000B23B00

Active: YES

Type: 07 (NTFS)

Size: 2 GB

Last Boot: 2013-03-21 14:04

==================== End Of Log =============================

[gringo_pr]

Hello mdwhitby

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
C:\WINDOWS\system32\drivers\etc\hosts

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo