Requested Log file for Narenxp

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by dave at 10:20:34 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.5494 [GMT -7:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://companyweb
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://quotesoft.webex.com/client/T27L10NSP21EP3/support/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.168.1 4.2.2.3
TCP: Interfaces\{EF08988E-1BAB-42DF-AA1B-1AE30F964F45} : DhcpNameServer = 192.168.168.1 4.2.2.3
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO-X64: CtxIEInterceptorBHO - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-10-7 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2cIo.sys [2011-10-18 17024]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-10-20 116536]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2011-5-27 374304]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2011-5-27 292384]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-23 655944]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250056]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-27 18:19:03 9230024 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-25 00:14:30 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-25 00:10:56 -------- d-----w- C:\Users\Dave\AppData\Local\Secunia PSI
2012-07-25 00:10:28 -------- d-----w- C:\Program Files (x86)\Secunia
2012-07-24 14:46:32 -------- d-----w- C:\Users\Dave\AppData\Roaming\WinPatrol
2012-07-24 14:46:10 -------- d-----w- C:\ProgramData\InstallMate
2012-07-24 14:46:10 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-07-23 15:40:45 -------- d-----w- C:\Users\Dave\AppData\Roaming\Malwarebytes
2012-07-23 15:40:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-23 15:40:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-12 14:51:01 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-12 00:04:37 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 00:04:13 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-12 00:04:13 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-12 00:04:12 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-12 00:04:12 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-12 00:04:11 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-12 00:04:09 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-12 00:03:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-12 00:03:23 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-12 00:03:23 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-12 00:03:22 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-12 00:03:21 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-12 00:03:21 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-12 00:03:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-12 00:03:20 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-12 00:03:18 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-02 18:26:40 -------- d-----w- C:\Users\Dave\AppData\Local\Google
2012-07-02 18:26:01 -------- d-----w- C:\Users\Dave\AppData\Local\Deployment
.
==================== Find3M ====================
.
2012-07-27 18:19:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 18:19:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-25 00:14:15 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-12 14:48:21 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 14:48:21 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-12 14:48:21 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-06-12 19:05:18 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-06-11 20:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 20:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 20:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 20:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 20:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 20:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 20:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 10:28:13.77 ===============

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

ComboFix 12-07-31.06 - dave 08/03/2012 9:20.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8167.6504 [GMT -7:00]
Running from: u:\downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\h5yNKZ6t2VqOUs
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Recent\585920-Sheet-P102BS-FIRSTFLOORPLUMBINGWASTEPLAN-SOUTH.pdf.tif
c:\users\Dave\Favorites\.url
c:\windows\SysWow64\~GLH02ef.TMP
c:\windows\SysWow64\~GLH02f0.TMP
c:\windows\SysWow64\~GLH02f1.TMP
c:\windows\SysWow64\~GLH02f2.TMP
c:\windows\SysWow64\~GLH02f3.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 16:51 . 2012-08-03 16:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-08-03 16:51 . 2012-08-03 16:51 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-08-03 16:51 . 2012-08-03 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 00:17 . 2012-08-03 16:55 -------- d-----w- c:\programdata\boost_interprocess
2012-08-01 00:09 . 2012-08-01 15:32 -------- d-----r- c:\users\Dave\YouSendIt
2012-08-01 00:09 . 2012-08-01 00:09 -------- d-----w- c:\users\Dave\AppData\Roaming\YouSendIt
2012-08-01 00:09 . 2012-08-01 00:09 -------- d-----w- c:\users\Dave\AppData\Local\YouSendIt
2012-08-01 00:09 . 2012-08-01 00:09 -------- d-----w- c:\program files (x86)\YouSendIt Desktop App
2012-07-27 18:19 . 2012-08-02 16:19 9231560 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-25 00:14 . 2012-07-25 00:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-25 00:14 . 2012-07-25 00:14 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-25 00:14 . 2012-07-25 00:14 -------- d-----w- c:\program files (x86)\Java
2012-07-25 00:10 . 2012-07-25 00:10 -------- d-----w- c:\users\Dave\AppData\Local\Secunia PSI
2012-07-25 00:10 . 2012-07-25 00:10 -------- d-----w- c:\program files (x86)\Secunia
2012-07-24 14:46 . 2012-07-24 14:46 -------- d-----w- c:\users\Dave\AppData\Roaming\WinPatrol
2012-07-24 14:46 . 2012-07-24 14:46 -------- d-----w- c:\programdata\InstallMate
2012-07-24 14:46 . 2012-07-24 14:46 -------- d-----w- c:\program files (x86)\BillP Studios
2012-07-23 15:40 . 2012-07-23 15:40 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes
2012-07-23 15:40 . 2012-07-23 15:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 15:40 . 2012-07-23 15:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 14:51 . 2012-07-12 14:51 -------- d-----w- c:\programdata\ATI
2012-07-12 14:51 . 2012-07-12 14:51 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-12 00:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 00:04 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-12 00:04 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-12 00:04 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-12 00:04 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-12 00:04 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 00:04 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 00:03 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-12 00:03 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 00:03 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 00:03 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 00:03 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 00:03 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 00:03 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 00:03 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-12 00:03 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 00:03 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 16:19 . 2012-04-13 14:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 16:19 . 2011-10-18 17:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 00:14 . 2012-01-10 17:39 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 14:48 . 2012-06-12 19:04 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 14:48 . 2012-06-12 19:04 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 14:48 . 2012-06-12 19:04 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-12 19:05 . 2012-06-12 19:04 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-06-11 20:50 . 2012-06-11 20:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50 . 2012-06-11 20:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 20:50 . 2012-06-11 20:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 20:50 . 2012-06-11 20:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-09-08 17:32 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-09-08 17:16 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-09-08 16:52 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-04 06:28 . 2011-10-07 20:04 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-15 04:01 . 2012-06-12 19:03 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 19:03 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 19:03 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-05-23 08:59 2677368 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-05-23 08:59 2677368 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-05-23 08:59 2677368 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2012-05-23 08:59 2677368 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-08 1255736]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2011-04-19 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-06-17 15408]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 93272]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-10-20 116536]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-18 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2011-05-27 374304]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2011-05-27 292384]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2011-05-27 63528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:19]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277146241-1169819029-3851680343-1149Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 18:26]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2277146241-1169819029-3851680343-1149UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-05-23 08:59 2788984 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-05-23 08:59 2788984 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-05-23 08:59 2788984 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2012-05-23 08:59 2788984 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-12 57928]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-07-13 384232]
"Yousendit Sync Agent"="c:\program files (x86)\YouSendIt Desktop App\YSIAgent.exe" [2012-05-23 5344376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.168.1 4.2.2.3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-08-03 10:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 17:16
.
Pre-Run: 420,090,634,240 bytes free
Post-Run: 421,617,176,576 bytes free
.
- - End Of File - - A1A0B87E3AAD2588391E0E78FAB515DF

I forgot to add status report, after copying combo fix log, the offending pop-ups appeared on screen. I will be here to monitor repies from you without delay, again thanks for your help

Hello newagedavey11

Good job!! I see it removed a couple of the virus files - but you have not let me know how the computer is doing after you ran combofix

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Dl,ed TDSKILLER, tried to open, nothing happened. Tried to run as administer, nothing. r clicked and got winpatrol info, which stated "access denied to specified path, and that I may not have the permission to access file. I can get a screen shot of exact message if needed.

Same results with aswMBR

restart the computer and let me know if it does the same thing

where are you trying to run these programs from?


gringo

I think by default they were downloaded to the downloads file in the users folder. I should tell you that I am on a computer at work and there is a C:/ drive, a U:/ drive and a Z:/ drive the last 2 drives are network drives. After trying to run TDSKILLER and aswMBR out of U:/ drive I drug both programs to desktop and tried to open them with no response from either. I get the same message from Winpatrol when I query, stating that the path is not found and that I probably do not have the proper permissions.

Move tdsskiller.exe and aswMBR.exe to this folder:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do so.

Run aswMBR.exe and tdsskiller.exe as per the previous instructions.

Obviously, you will have to navigate to their new location to run them. Let me know if you have trouble.

Ok, I may not have done this right, but nonetheless here is what I did. Made a new folder on desktop named CProgram FilesMalwarebytes' Anti-MalwareChameleon. Then I dragged TDSKILLER, and aswMBR into folder. Then opened up Run, and pasted command that you had specified, got a dos prompt, which said press any key to continue, which i did, then after some lines came up in box got another prompt to press key, box disappeared. I then went to folder on desktop which had desired programs double clicked on them and sadly got no response from either.Again I sincerely appreciate your help and await your instruction.

Greetings

Made a new folder on desktop named CProgram FilesMalwarebytes' Anti-MalwareChameleon. this is not correct I did not ask to make any folders

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

When you see something like the above it is telling you the address on the computer

to get to the address like your house you have to follow each step

C:\ - click on the start botton (lower left of screen) - now click on "computer" - you should see something at the top that has C: in its name - double click on it

now once you have done that you should see folders

look for the folder Program Files (x86)\ - double click on it and it will open to show you more folders

Malwarebytes' Anti-Malware\ <-- open this folder

Chameleon <-- open this folder - now it is inside of this folder that I want you to put tdsskiller.exe and aswMBR.exe

and then continue

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do so.

Run aswMBR.exe and tdsskiller.exe as per the previous instructions.

Obviously, you will have to navigate to their new location to run them. Let me know if you have trouble.

Thank you for your instruction, Followed instruction to the letter, tried to drag TDSKILLER to Chameleon folder and got the message box stating I needed permission to perform this action. Hit retry several times, no luck. Same results with aswMBR.

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

OTL logfile created on: 8/3/2012 2:03:40 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dave\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.82% Memory free
15.95 Gb Paging File | 13.51 Gb Available in Paging File | 84.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 392.68 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive U: | 465.65 Gb Total Space | 392.68 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive Z: | 736.17 Gb Total Space | 679.50 Gb Free Space | 92.30% Space Free | Partition Type: NTFS

Computer Name: DAVE-2011 | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dave\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\SpamBayes\bin\outlook_addin.dll ()
MOD - C:\Program Files (x86)\SpamBayes\lib\win32com.shell.shell.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\win32com.mapi.mapi.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\win32gui.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\win32api.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\win32trace.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\win32clipboard.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\timer.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\pythoncom25.dll ()
MOD - C:\Program Files (x86)\SpamBayes\lib\pywintypes25.dll ()
MOD - C:\Program Files (x86)\SpamBayes\lib\_bsddb.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\_socket.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\_ssl.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\_hashlib.pyd ()
MOD - C:\Program Files (x86)\SpamBayes\lib\PIL._imaging.pyd ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (SentinelProtectionServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (SentinelSecurityRuntime) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (Sunbelt Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (BS_I2cIo) -- C:\Windows\SysNative\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (BS_I2cIo) -- C:\Windows\SysWOW64\drivers\BS_I2cIo.sys (BIOSTAR Group)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\..\SearchScopes\{C5EF0A27-EC65-489A-A74F-2148DD038FF7}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: StumbleUpon = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\

O1 HOSTS File: ([2012/08/03 09:54:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4:64bit: - HKLM..\Run: [Yousendit Sync Agent] C:\Program Files (x86)\YouSendIt Desktop App\YSIAgent.exe (YouSendit Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O15 - HKU\S-1-5-21-2277146241-1169819029-3851680343-1149\..Trusted Domains: plumbingsystems.net ([remote] https in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://quotesoft.webex.com/client/T27L10NSP21EP3/support/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.168.1 4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psw.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF08988E-1BAB-42DF-AA1B-1AE30F964F45}: DhcpNameServer = 192.168.168.1 4.2.2.3
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 14:02:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.com
[2012/08/03 13:24:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dave\Desktop\aswMBR.exe
[2012/08/03 13:24:08 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/08/03 11:50:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/03 11:30:33 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Dave\Desktop\FixTDSS (1).exe
[2012/08/03 09:11:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/03 09:11:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/03 09:11:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/03 09:10:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/03 09:08:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/03 09:07:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/31 17:32:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Shared1Folder_files
[2012/07/31 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Shared Folder_files
[2012/07/31 17:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/31 17:09:36 | 000,000,000 | R--D | C] -- C:\Users\Dave\YouSendIt
[2012/07/31 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\YouSendIt
[2012/07/31 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\YouSendIt
[2012/07/31 17:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouSendIt Desktop App
[2012/07/31 17:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouSendIt Desktop App
[2012/07/27 11:19:03 | 009,231,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/26 09:05:45 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\PROGRAMS
[2012/07/24 17:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/24 17:14:30 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/07/24 17:14:30 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/24 17:14:30 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/24 17:14:30 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/24 17:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/24 17:10:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Secunia PSI
[2012/07/24 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/07/24 07:46:32 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\WinPatrol
[2012/07/24 07:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/07/24 07:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/24 07:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/07/23 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
[2012/07/23 08:40:26 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Tools
[2012/07/23 08:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/23 08:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/23 08:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/12 14:52:20 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Equinox DTLA
[2012/07/12 07:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/12 07:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/12 07:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/11 17:04:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 17:04:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 17:03:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 17:01:42 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 17:01:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

========== Files - Modified Within 30 Days ==========

[2012/08/03 14:01:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.com
[2012/08/03 13:43:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2277146241-1169819029-3851680343-1149UA.job
[2012/08/03 13:26:52 | 000,036,168 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/08/03 13:19:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 12:01:13 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 12:01:13 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 11:54:24 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/08/03 11:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 11:53:54 | 2127,945,727 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 11:23:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dave\Desktop\aswMBR.exe
[2012/08/03 09:54:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/03 07:59:19 | 000,029,410 | ---- | M] () -- C:\Users\Dave\Desktop\LLUCapture.JPG
[2012/08/03 07:43:59 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2277146241-1169819029-3851680343-1149Core.job
[2012/08/02 12:29:01 | 000,091,667 | ---- | M] () -- C:\Users\Dave\Desktop\SCHEDCapture.JPG
[2012/08/02 10:40:20 | 000,188,161 | ---- | M] () -- C:\Users\Dave\Desktop\1258 PSHEETS P0.pdf
[2012/08/02 09:19:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 09:19:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 09:19:03 | 009,231,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/02 08:50:17 | 139,460,994 | ---- | M] () -- C:\Users\Dave\Desktop\1258 PSHEETS P3.tif
[2012/08/02 08:48:20 | 139,460,994 | ---- | M] () -- C:\Users\Dave\Desktop\1258 PSHEETS P2.tif
[2012/08/02 08:47:02 | 139,460,994 | ---- | M] () -- C:\Users\Dave\Desktop\1258 PSHEETS P1.tif
[2012/08/02 07:55:19 | 000,034,903 | ---- | M] () -- C:\Users\Dave\Desktop\2Capture.JPG
[2012/08/02 07:54:33 | 000,014,975 | ---- | M] () -- C:\Users\Dave\Desktop\1Capture.JPG
[2012/08/02 07:39:29 | 000,195,965 | ---- | M] () -- C:\Users\Dave\Desktop\1258 PSHEETS P3.pdf
[2012/08/02 07:39:20 | 000,202,867 | ---- | M] () -- C:\Users\Dave\Desktop\1258 PSHEETS P2.pdf
[2012/08/01 14:43:55 | 000,105,337 | ---- | M] () -- C:\Users\Dave\Desktop\CaptureVIRUS4.JPG
[2012/08/01 14:42:44 | 000,104,118 | ---- | M] () -- C:\Users\Dave\Desktop\CaptureVIRUS3.JPG
[2012/08/01 14:41:07 | 000,053,780 | ---- | M] () -- C:\Users\Dave\Desktop\CaptureVIRUS1.JPG
[2012/08/01 11:02:16 | 000,049,316 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/01 09:09:23 | 000,100,935 | ---- | M] () -- C:\Users\Dave\Desktop\CaptureVIRUS.JPG
[2012/08/01 09:00:50 | 001,554,045 | ---- | M] () -- C:\Users\Dave\Desktop\LLU MG-3 (07-23-12).pdf
[2012/08/01 09:00:44 | 000,503,161 | ---- | M] () -- C:\Users\Dave\Desktop\LLU MG-2 (07-23-12).pdf
[2012/08/01 09:00:35 | 000,485,597 | ---- | M] () -- C:\Users\Dave\Desktop\LLU MG-1 (07-23-12).pdf
[2012/07/31 17:32:13 | 000,165,404 | ---- | M] () -- C:\Users\Dave\Desktop\Shared1Folder.htm
[2012/07/31 17:25:09 | 000,187,137 | ---- | M] () -- C:\Users\Dave\Desktop\Shared Folder.htm
[2012/07/31 17:09:34 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\YouSendIt Desktop App.lnk
[2012/07/31 15:51:15 | 000,272,145 | ---- | M] () -- C:\Users\Dave\Desktop\00430000 P3_1 PLUMBING ROOF PLAN.pdf
[2012/07/31 15:48:36 | 000,394,912 | ---- | M] () -- C:\Users\Dave\Desktop\00410005 P2_4 ENLARGED PLUMBING WASTE FLOOR PLAN.pdf
[2012/07/31 15:47:49 | 000,332,934 | ---- | M] () -- C:\Users\Dave\Desktop\00420005 P2_5 ENLARGED PLUMBING WASTE FLOOR PLAN.pdf
[2012/07/31 15:46:35 | 000,292,832 | ---- | M] () -- C:\Users\Dave\Desktop\00400005 P2_3 ENLARGED PLUMBING WASTE & VENT FLOOR PLAN.pdf
[2012/07/31 15:43:32 | 000,412,286 | ---- | M] () -- C:\Users\Dave\Desktop\00390005 P2_2 ENLARGED PLUMBING WASTE & VENT FLOOR PLAN.pdf
[2012/07/31 14:55:03 | 000,562,894 | ---- | M] () -- C:\Users\Dave\Desktop\00360000 P0_1 LEGEND SCHEDULE NOTES.pdf
[2012/07/31 11:24:14 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Dave\Desktop\FixTDSS (1).exe
[2012/07/31 11:04:34 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/07/26 09:44:46 | 054,432,770 | ---- | M] () -- C:\Users\Dave\Documents\SCH1 Del Mar Plaza One.tif
[2012/07/24 17:14:15 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/07/24 17:14:15 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/24 17:14:15 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/24 17:14:15 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/24 17:14:15 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/24 17:10:32 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/07/23 08:40:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 08:32:13 | 000,000,072 | ---- | M] () -- C:\ProgramData\-h5yNKZ6t2VqOUsr
[2012/07/23 08:32:13 | 000,000,072 | ---- | M] () -- C:\ProgramData\-h5yNKZ6t2VqOUs
[2012/07/23 08:01:41 | 000,000,679 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/07/17 12:20:08 | 000,029,184 | ---- | M] () -- C:\Users\Dave\Documents\ACC ONT.msg
[2012/07/12 07:48:21 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/12 07:48:21 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/12 07:48:21 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/12 07:32:27 | 000,344,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/03 13:26:52 | 000,036,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/08/03 09:11:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/03 09:11:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/03 09:11:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/03 09:11:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/03 09:11:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/03 07:59:19 | 000,029,410 | ---- | C] () -- C:\Users\Dave\Desktop\LLUCapture.JPG
[2012/08/02 12:29:01 | 000,091,667 | ---- | C] () -- C:\Users\Dave\Desktop\SCHEDCapture.JPG
[2012/08/02 08:50:17 | 139,460,994 | ---- | C] () -- C:\Users\Dave\Desktop\1258 PSHEETS P3.tif
[2012/08/02 08:48:20 | 139,460,994 | ---- | C] () -- C:\Users\Dave\Desktop\1258 PSHEETS P2.tif
[2012/08/02 08:47:02 | 139,460,994 | ---- | C] () -- C:\Users\Dave\Desktop\1258 PSHEETS P1.tif
[2012/08/02 08:44:40 | 000,195,965 | ---- | C] () -- C:\Users\Dave\Desktop\1258 PSHEETS P3.pdf
[2012/08/02 08:44:37 | 000,202,867 | ---- | C] () -- C:\Users\Dave\Desktop\1258 PSHEETS P2.pdf
[2012/08/02 07:55:19 | 000,034,903 | ---- | C] () -- C:\Users\Dave\Desktop\2Capture.JPG
[2012/08/02 07:54:33 | 000,014,975 | ---- | C] () -- C:\Users\Dave\Desktop\1Capture.JPG
[2012/08/02 07:39:02 | 000,188,161 | ---- | C] () -- C:\Users\Dave\Desktop\1258 PSHEETS P0.pdf
[2012/08/01 14:43:55 | 000,105,337 | ---- | C] () -- C:\Users\Dave\Desktop\CaptureVIRUS4.JPG
[2012/08/01 14:42:44 | 000,104,118 | ---- | C] () -- C:\Users\Dave\Desktop\CaptureVIRUS3.JPG
[2012/08/01 14:41:07 | 000,053,780 | ---- | C] () -- C:\Users\Dave\Desktop\CaptureVIRUS1.JPG
[2012/08/01 10:45:20 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/01 10:45:20 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\TweakUAC.lnk
[2012/08/01 09:22:16 | 000,485,597 | ---- | C] () -- C:\Users\Dave\Desktop\LLU MG-1 (07-23-12).pdf
[2012/08/01 09:22:13 | 000,503,161 | ---- | C] () -- C:\Users\Dave\Desktop\LLU MG-2 (07-23-12).pdf
[2012/08/01 09:22:10 | 001,554,045 | ---- | C] () -- C:\Users\Dave\Desktop\LLU MG-3 (07-23-12).pdf
[2012/08/01 09:09:23 | 000,100,935 | ---- | C] () -- C:\Users\Dave\Desktop\CaptureVIRUS.JPG
[2012/07/31 17:32:13 | 000,165,404 | ---- | C] () -- C:\Users\Dave\Desktop\Shared1Folder.htm
[2012/07/31 17:25:09 | 000,187,137 | ---- | C] () -- C:\Users\Dave\Desktop\Shared Folder.htm
[2012/07/31 17:09:34 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\YouSendIt Desktop App.lnk
[2012/07/31 15:51:23 | 000,272,145 | ---- | C] () -- C:\Users\Dave\Desktop\00430000 P3_1 PLUMBING ROOF PLAN.pdf
[2012/07/31 15:48:40 | 000,394,912 | ---- | C] () -- C:\Users\Dave\Desktop\00410005 P2_4 ENLARGED PLUMBING WASTE FLOOR PLAN.pdf
[2012/07/31 15:47:54 | 000,332,934 | ---- | C] () -- C:\Users\Dave\Desktop\00420005 P2_5 ENLARGED PLUMBING WASTE FLOOR PLAN.pdf
[2012/07/31 15:46:47 | 000,292,832 | ---- | C] () -- C:\Users\Dave\Desktop\00400005 P2_3 ENLARGED PLUMBING WASTE & VENT FLOOR PLAN.pdf
[2012/07/31 15:43:51 | 000,412,286 | ---- | C] () -- C:\Users\Dave\Desktop\00390005 P2_2 ENLARGED PLUMBING WASTE & VENT FLOOR PLAN.pdf
[2012/07/31 14:55:19 | 000,562,894 | ---- | C] () -- C:\Users\Dave\Desktop\00360000 P0_1 LEGEND SCHEDULE NOTES.pdf
[2012/07/26 09:44:46 | 054,432,770 | ---- | C] () -- C:\Users\Dave\Documents\SCH1 Del Mar Plaza One.tif
[2012/07/24 17:10:32 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/07/24 17:10:32 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/07/23 17:00:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/23 17:00:14 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/07/23 17:00:14 | 000,001,754 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tseries BIOS Update.lnk
[2012/07/23 17:00:14 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/23 17:00:14 | 000,001,508 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/07/23 17:00:14 | 000,001,419 | ---- | C] () -- C:\Users\Public\Desktop\Express Piping.lnk
[2012/07/23 17:00:14 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/07/23 17:00:14 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/23 17:00:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/07/23 17:00:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/23 17:00:14 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/07/23 17:00:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/07/23 17:00:14 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copernic Agent Personal.lnk
[2012/07/23 17:00:14 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/07/23 14:17:25 | 000,001,427 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bidmail.Viewer Application.lnk
[2012/07/23 08:40:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 08:01:42 | 000,000,072 | ---- | C] () -- C:\ProgramData\-h5yNKZ6t2VqOUsr
[2012/07/23 08:01:42 | 000,000,072 | ---- | C] () -- C:\ProgramData\-h5yNKZ6t2VqOUs
[2012/07/23 08:01:41 | 000,000,679 | ---- | C] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/07/17 12:20:08 | 000,029,184 | ---- | C] () -- C:\Users\Dave\Documents\ACC ONT.msg
[2012/05/23 16:10:30 | 000,472,949 | ---- | C] () -- C:\Users\Dave\M0.2.pdf
[2012/03/26 09:49:15 | 000,000,275 | ---- | C] () -- C:\Windows\PivotLayoutQXPDefault.ini
[2012/03/26 09:49:15 | 000,000,097 | ---- | C] () -- C:\Windows\PivotProfiles.ini
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/03 12:04:58 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/03 12:04:58 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/26 14:00:03 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\HPPLVS.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/24 12:07:12 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLGFILE14N.INI
[2011/10/20 14:28:21 | 001,360,384 | ---- | C] () -- C:\Windows\SysWow64\ltwen14n.dll
[2011/10/20 14:28:20 | 000,843,776 | ---- | C] () -- C:\Windows\SysWow64\lteay14n.dll
[2011/10/20 14:28:20 | 000,688,128 | ---- | C] () -- C:\Windows\SysWow64\ltcry14n.dll
[2011/10/20 14:28:20 | 000,144,384 | ---- | C] () -- C:\Windows\SysWow64\lttls14n.dll
[2011/10/18 11:40:28 | 000,759,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/18 11:26:56 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\EXPORTMODELLER.DLL
[2011/10/18 11:26:56 | 000,049,223 | ---- | C] () -- C:\Windows\SysWow64\CRTSLV.DLL
[2011/10/18 06:48:05 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2011/10/17 19:16:23 | 000,049,316 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/17 17:55:46 | 000,000,858 | RHS- | C] () -- C:\Users\Dave\ntuser.pol
[2011/10/17 17:50:22 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Tszd.dll
[2011/10/17 17:50:22 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2011/10/17 17:50:05 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\CRUTL14.DLL
[2011/10/17 17:50:04 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\PG32CONV.DLL
[2011/10/17 17:50:04 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/10/07 12:37:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >
I could not dl file from your link, and could not access website from Google. Finally went thru Copernic Search and got to Old Timers Site and got OTL. Ran scan and got both logs. Here is the log requested, and I have the other log if needed.