Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Fake police notice virus

  • 13-07-2012 12:28pm
    #1
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭


    I currently have a virus which appears as a fake police notice. Here's an article about it.

    http://www.thejournal.ie/gardai-garda-police-trojan-scam-virus-logo-locking-488837-Jun2012/

    I managed to get my laptop to run safe mode and ran a full system scan with Norton anti-virus. Unfortunately, this did not find the virus.

    When I ran my system on the normal mode, the virus is still there.

    I am now running safe mode with network capabilities so am able to connect online.

    I've looked online and a lot of the sites with advice look fairly dodgy.

    Does anyone know how to get rid of this?

    Thanks very much


Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #3
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    Thanks a million.

    Here it goes...



    OTL logfile created on: 7/13/2012 4:21:04 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Aoife\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.96 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 77.24% Memory free
    5.92 Gb Paging File | 5.38 Gb Available in Paging File | 90.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.20 Gb Total Space | 101.94 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
    Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 7.47 Gb Total Space | 2.92 Gb Free Space | 39.09% Space Free | Partition Type: FAT32

    Computer Name: EOIN-PC | User Name: Aoife | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/13 16:13:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Aoife\Desktop\OTL (2).exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/07/17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/06/09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/24 02:17:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/20 19:52:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/28 22:14:17 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/06 19:39:16 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
    SRV - [2012/01/06 19:32:46 | 000,331,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
    SRV - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
    SRV - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
    SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/08/20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/05/21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/05 00:01:56 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
    DRV:64bit: - [2012/01/05 00:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/12/08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
    DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/05/10 14:05:06 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/01/12 20:06:06 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/07/17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009/07/17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/29 05:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/06/03 04:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/05/20 04:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/05/08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/02/05 12:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2012/06/19 01:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/06/14 19:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120711.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/05/31 13:41:19 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/05/31 13:41:19 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/05/16 01:28:54 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120711.018\ex64.sys -- (NAVEX15)
    DRV - [2012/05/16 01:28:53 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120711.018\eng64.sys -- (NAVENG)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92C721E4-5B1E-4877-825E-1FBE58D8A7AB}
    IE:64bit: - HKLM\..\SearchScopes\{92C721E4-5B1E-4877-825E-1FBE58D8A7AB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
    IE - HKLM\..\SearchScopes\{C165009B-45AA-4A92-929F-01C28D07C450}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {a060276a-53be-45ec-8ebe-b94b1e803179} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {C165009B-45AA-4A92-929F-01C28D07C450}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549263
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2012/02/12 00:15:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/22 14:52:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/28 16:44:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/28 22:14:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/28 22:21:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/22 14:52:56 | 000,000,000 | ---D | M]

    [2010/01/13 13:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aoife\AppData\Roaming\mozilla\Extensions
    [2012/05/30 16:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aoife\AppData\Roaming\mozilla\Firefox\Profiles\jdoe6en1.default\extensions
    [2012/05/30 16:19:44 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Aoife\AppData\Roaming\mozilla\Firefox\Profiles\jdoe6en1.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2012/05/22 16:53:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Aoife\AppData\Roaming\mozilla\Firefox\Profiles\jdoe6en1.default\extensions\foxyproxy-basic@eric.h.jung
    [2012/05/28 22:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/04/01 15:14:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/02/01 01:00:18 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    [2011/03/26 21:56:14 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\AOIFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JDOE6EN1.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    [2012/05/28 22:14:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2009/11/06 16:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/04/09 22:19:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/06 16:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/05/28 22:14:15 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/20 12:38:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/05/28 22:14:15 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/05/28 22:14:15 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/05/28 22:14:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/05/28 22:14:15 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage:
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Aoife\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Aoife\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Aoife\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Aoife\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Late Night = C:\Users\Aoife\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0\
    CHR - Extension: Gmail = C:\Users\Aoife\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A060276A-53BE-45EC-8EBE-B94B1E803179} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
    O4 - HKCU..\Run: [SmileboxTray] C:\Users\Aoife\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [ztkhkbmjswwynpe] C:\ProgramData\ztkhkbmj.exe ()
    O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
    O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FFD58F9-D298-4C25-B002-F9E5A9E72400}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9092605-ECD9-4475-98F6-6DFCBB997D11}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/06 13:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{6d16180a-abdb-11df-a6fe-0025647eca3f}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d16180a-abdb-11df-a6fe-0025647eca3f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 08:45:39 | 001,336,632 | R--- | M] ()
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 08:45:39 | 001,336,632 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/13 16:13:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Aoife\Desktop\OTL (2).exe
    [2012/07/13 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
    [2012/07/13 15:11:36 | 000,000,000 | ---D | C] -- C:\Users\Aoife\AppData\Roaming\Malwarebytes
    [2012/07/13 15:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/13 15:11:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/13 15:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/13 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/12 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ugepssursrpbupz
    [2012/07/10 13:21:50 | 000,000,000 | ---D | C] -- C:\Users\Aoife\Documents\zzzzzReports
    [2012/06/27 21:35:12 | 000,000,000 | ---D | C] -- C:\Users\Aoife\AppData\Local\Macromedia
    [2012/06/27 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Aoife\Desktop\CV's
    [2 C:\Users\Aoife\Documents\*.tmp files -> C:\Users\Aoife\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/13 16:13:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Aoife\Desktop\OTL (2).exe
    [2012/07/13 15:40:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/13 15:40:01 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/13 15:30:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/13 15:30:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/13 15:26:14 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/13 15:26:14 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/13 15:26:14 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/13 15:19:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/13 15:11:25 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/13 13:40:22 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/13 13:11:47 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/13 13:11:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/12 17:41:47 | 000,000,051 | ---- | M] () -- C:\ProgramData\xyaglxswkiuctmh
    [2012/07/12 17:41:17 | 000,065,536 | ---- | M] () -- C:\ProgramData\ztkhkbmj.exe
    [2012/07/12 17:41:17 | 000,065,536 | ---- | M] () -- C:\ProgramData\wzitygee.exe
    [2012/07/12 17:41:17 | 000,065,536 | ---- | M] () -- C:\Users\Aoife\0.7572428093412925.exe
    [2012/07/11 21:22:14 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/10 03:46:36 | 393,671,563 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/18 19:15:36 | 000,040,276 | ---- | M] () -- C:\Users\Aoife\Documents\No 5 BUS LATEST TIMETABLE.pdf
    [2012/06/18 19:12:48 | 000,037,187 | ---- | M] () -- C:\Users\Aoife\Documents\No 8 BUS LATEST TIMETABLE.pdf
    [2012/06/17 23:48:27 | 000,343,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/17 13:32:18 | 003,211,791 | ---- | M] () -- C:\Users\Aoife\Documents\Triskel Cinema June.pdf
    [2 C:\Users\Aoife\Documents\*.tmp files -> C:\Users\Aoife\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/13 15:11:25 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/13 13:40:22 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/12 17:41:47 | 000,065,536 | ---- | C] () -- C:\ProgramData\wzitygee.exe
    [2012/07/12 17:41:46 | 000,065,536 | ---- | C] () -- C:\ProgramData\ztkhkbmj.exe
    [2012/07/12 17:41:21 | 000,000,051 | ---- | C] () -- C:\ProgramData\xyaglxswkiuctmh
    [2012/07/12 17:41:16 | 000,065,536 | ---- | C] () -- C:\Users\Aoife\0.7572428093412925.exe
    [2012/06/18 19:15:36 | 000,040,276 | ---- | C] () -- C:\Users\Aoife\Documents\No 5 BUS LATEST TIMETABLE.pdf
    [2012/06/18 19:12:48 | 000,037,187 | ---- | C] () -- C:\Users\Aoife\Documents\No 8 BUS LATEST TIMETABLE.pdf
    [2012/06/17 13:32:18 | 003,211,791 | ---- | C] () -- C:\Users\Aoife\Documents\Triskel Cinema June.pdf
    [2012/03/31 09:31:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
    [2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/11/22 23:59:10 | 000,023,992 | ---- | C] () -- C:\Users\Aoife\Buttimer Aud 1.aup
    [2011/09/22 19:45:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
    [2011/09/22 14:43:49 | 000,208,222 | ---- | C] () -- C:\Windows\hpoins47.dat
    [2011/08/13 14:09:47 | 000,000,310 | ---- | C] () -- C:\Users\Aoife\cvdm.dat
    [2011/08/01 17:17:22 | 000,000,013 | ---- | C] () -- C:\Users\Aoife\cvdm.err
    [2011/01/16 22:05:38 | 000,199,139 | ---- | C] () -- C:\Windows\hpoins31.dat
    [2011/01/16 19:20:06 | 000,199,139 | ---- | C] () -- C:\Windows\hpoins31.dat.temp
    [2011/01/16 19:20:06 | 000,000,873 | ---- | C] () -- C:\Windows\hpomdl31.dat.temp
    [2010/08/29 17:22:56 | 000,000,000 | ---- | C] () -- C:\Users\Aoife\AppData\Roaming\wklnhst.dat
    [2010/04/09 23:03:20 | 011,570,164 | ---- | C] () -- C:\Users\Aoife\10 Glitter.mp3
    [2010/04/09 23:03:20 | 007,567,160 | ---- | C] () -- C:\Users\Aoife\09 Deceptapunk.mp3
    [2010/04/09 23:03:20 | 007,139,796 | ---- | C] () -- C:\Users\Aoife\08 Autoshottie.mp3
    [2010/04/09 23:03:20 | 000,212,198 | ---- | C] () -- C:\Users\Aoife\cover.jpg
    [2010/04/09 19:17:02 | 009,793,837 | ---- | C] () -- C:\Users\Aoife\07 Tigerfox.mp3
    [2010/04/09 19:17:02 | 009,261,984 | ---- | C] () -- C:\Users\Aoife\06 Strangers.mp3
    [2010/04/09 19:17:02 | 008,469,952 | ---- | C] () -- C:\Users\Aoife\04 Auricom.mp3
    [2010/04/09 19:17:02 | 008,263,062 | ---- | C] () -- C:\Users\Aoife\02 I am lion.mp3
    [2010/04/09 19:17:02 | 007,426,098 | ---- | C] () -- C:\Users\Aoife\05 Derp.mp3
    [2010/04/09 19:17:02 | 006,868,123 | ---- | C] () -- C:\Users\Aoife\01 Goose.mp3
    [2010/04/09 19:17:02 | 006,641,380 | ---- | C] () -- C:\Users\Aoife\03 Tip the can.mp3
    [2010/04/01 15:17:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/04/01 15:10:56 | 000,003,584 | ---- | C] () -- C:\Users\Aoife\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/16 21:58:52 | 000,000,632 | RHS- | C] () -- C:\Users\Aoife\ntuser.pol

    ========== LOP Check ==========

    [2012/01/30 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\Aoife\AppData\Roaming\Audacity
    [2012/01/12 15:56:42 | 000,000,000 | ---D | M] -- C:\Users\Aoife\AppData\Roaming\Samsung
    [2012/07/09 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\Aoife\AppData\Roaming\Smilebox
    [2011/12/31 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\Aoife\AppData\Roaming\Spotify
    [2010/08/29 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Aoife\AppData\Roaming\Template
    [2010/01/22 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Aoife\AppData\Roaming\WildTangent
    [2012/07/13 15:19:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >


  • #4
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    And here's the Extras bit..


    OTL Extras logfile created on: 7/13/2012 4:21:04 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Aoife\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.96 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 77.24% Memory free
    5.92 Gb Paging File | 5.38 Gb Available in Paging File | 90.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.20 Gb Total Space | 101.94 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
    Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 7.47 Gb Total Space | 2.92 Gb Free Space | 39.09% Space Free | Partition Type: FAT32

    Computer Name: EOIN-PC | User Name: Aoife | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{16A3E9BF-4909-4BAA-85A6-50A8F879A029}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{23996942-9C8B-4ED1-9947-85D535AC6052}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{24B3C289-C07F-4D16-B211-39774B6470C2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3176CA50-CB99-445B-A055-E9F4C7443E64}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{3187BC79-8A31-4EBF-AA1C-649736663B47}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3EB55E9A-981E-4329-920D-319A37B52085}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{84A1BD1F-152C-4AD5-A272-FFE407E696FF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{86C980F5-BE59-426A-A864-32B90F7783EC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9B57B36E-D0CE-4766-9A87-A0B8486F8BCD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{A62BB871-14D7-4386-9276-D283D9C2CE86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{B05F9F6A-74B0-442C-A97B-5B29E326ACF4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{BC677D41-324A-4C96-A094-4C871CD8087B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C22CF0DC-02AD-4AAE-A058-059CA849CD85}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C2AC1FB4-D0FE-4B63-B102-A77C4881D951}" = lport=138 | protocol=17 | dir=in | app=system |
    "{C4CDC859-FDD8-4B68-9A86-094CACC848B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C4D07C16-69E4-46E9-8198-A374871DFAFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DF79C9AE-228A-468A-AFBC-BDFFC8411FB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E6D05DAB-0B37-4AE2-BF42-C418A2CCF7E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F0C7CC60-48BC-49A0-9322-C5CE278261ED}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F2742826-A125-4785-98E9-480B86B687B5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F2A62B38-BE8D-4672-98A8-BA23FAF338E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F5DAA3B2-D7EC-4E83-B535-4B1C1F7CB11A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FC16FCDB-BA8C-4DFA-9360-6BB9A92C9471}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FC1E7A13-F790-4DFC-BC64-0BA0CF125575}" = lport=139 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{056307E4-06E4-4373-85F5-70F1A5ECBE34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{1876E542-46EB-4008-9F9D-C068E37D5D0F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{1A00ED21-0671-48DD-B62D-A705BF434650}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1B3AC736-24F5-441B-A504-34AB445952A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{23670E1B-E1E0-41FA-84A7-66968674F873}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{2B96A1AD-B2A9-4160-9CA6-2552CE807C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{2DA6BF68-3837-4D13-BA23-FF0F0819E292}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
    "{2E2F0392-3598-43F0-95A5-C720E88621FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{3221DF24-8417-4C46-BA09-0AABA10AEA04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{3838438E-8179-4EF1-ACD4-DD0357AAFAED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3AD0DBDD-53A2-439A-B44D-822A7B98D470}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{469146C6-1358-4E02-86AB-DCAB0EC24304}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4887ED27-6199-47C7-AB9F-004264DA02AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A694D93-82F2-43FD-972B-F641429F06C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{50BCD4E5-0BE3-4509-9983-4660C35EB247}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{55D94E01-2F36-402A-B9BD-FFD1FA2F7ED4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{62A7419F-F7ED-4940-BC1C-A56B02F3F0F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{64A2A917-2B2E-49A8-9D17-BB9216F6CEB5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{6C9F2880-281B-4EE5-9798-88FE5EB8CA75}" = protocol=17 | dir=in | app=c:\users\aoife\appdata\local\temp\7zs70f0\hpdiagnosticcoreui.exe |
    "{70CD90E1-4652-4B37-AF81-A2158E9DD2DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7958837A-FD2A-4BC4-9489-BE9E479E3C3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{9AD6BA9D-D1E5-4D6C-90F0-64BBBA94B91E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{9B4E4F7F-5137-4970-910F-74956D00A58F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{9DD65E21-944A-4EA8-BB1B-9F85A07A9D42}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A09DE444-F1EC-491F-9AC7-628E5E74509B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A4E3D558-6FDB-4789-901A-CD7337E8ADA5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{A86FCCF1-39EC-4CC5-A2D9-4EF0889067FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{A9AFFC2E-AF34-43CC-AD3B-8E5DFBFEC9BD}" = protocol=6 | dir=in | app=c:\users\aoife\appdata\local\temp\7zs70f0\hpdiagnosticcoreui.exe |
    "{AACD0F97-1EF5-4D84-96B5-C4CB45F88609}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{AC140356-250C-4272-924B-C7084600D1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{B6B00FEE-48BD-46B5-96DA-8440631E83E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B9911EAF-A6E7-4DB7-8741-0270FD0AE28F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BD56EC71-3192-432A-BEDB-251AF396C1BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BED270C2-03FB-4E65-ACB8-4F2CC05F7BF4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C06F34E4-D482-4733-B2F0-45C5EBA22D83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{C21857A7-676C-4E6D-9808-09FD49043348}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C42FEF7F-32FF-4FAF-8360-1AE94AEF6042}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{C5667FB4-9F5D-40F4-866E-01396F02D80A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C94DA928-5DA9-4C37-AB88-9787E4EA21F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{D9BCE31D-5FC3-4EBE-AB0C-60CD72FBE91D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{D9C4C646-727A-4DA8-8E11-E26F4BF4ADE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{E010D4D2-CA71-4E8F-9D71-BFB56B3750F2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{E0AC4EEB-B115-4C84-8E9F-2D395480F6F3}" = dir=in | app=c:\users\aoife\appdata\local\temp\7zs5509\setup\hpznui40.exe |
    "{E0F5CDD6-C311-4DC3-96BC-BDD1257BEA5C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E174557A-7473-414D-8EF8-F2D6F2EA43CB}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{E2509AA8-628C-43F4-A6EE-8A41C4C4C05E}" = protocol=6 | dir=out | app=system |
    "{E319F6AA-4AFD-4CAB-8597-E1064F763A67}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{E832FD89-37E2-4D95-8E7E-4ACAE1613F06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ED7DA85A-E2A6-48F5-BB68-E74EA3EB15FF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EDBA6C6D-3413-4139-9102-9F2C45A21706}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F33E7C3F-3A88-4F41-AD81-FEF98DEC09C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{F798D7A8-A7E4-4B77-9E7A-B3A7CCF82B63}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F7D6A71F-2C0E-4878-839E-721A4054558E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F97802E6-F8ED-4D25-B7F0-61329869074F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{FEA3FB8F-A0C8-48D0-8B6B-A0C06590EE86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{FFB54314-D883-4406-BB98-263854067D82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{0F916CCA-DDEA-4F7D-93DC-AAE8F89FE318}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "TCP Query User{427225E6-7228-4A15-B24F-E6A1DBFC3B58}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{6EC99F01-FA45-49B6-BD87-AA746C895795}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "TCP Query User{9E657B9D-0867-4A04-B75D-8F325EA7EAB5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{A2329D6E-9FC5-4B58-AD58-B023C89709DE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "TCP Query User{B7D49DBD-9CA3-4CD1-8FC5-6453CEEA8089}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "TCP Query User{BDD23EA1-7DD5-4030-AB75-42083592F510}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{6B2D7AAC-4A21-45BF-85CB-D413BF808263}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "UDP Query User{7D26CAF4-BD5E-48AF-9FDE-22F2443ED26A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
    "UDP Query User{AA419578-3846-4A46-902A-F5C71AE2D19C}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "UDP Query User{C9E39986-F438-4E09-848A-E9C7D4E80B2B}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "UDP Query User{D7B13AEA-396D-4D13-A8DC-280ECC5D5466}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{FBA01E89-A6D2-4CE0-B027-1562B484A2A7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{FC488CDC-AF39-4667-87B5-2BE177D63FF5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{E5A24F8D-40E1-45CB-B509-81186D795735}" = HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{543BDDCD-E230-4F37-881B-4900B833BBD7}" = C6300
    "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.213
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CE9B20A-6C15-48A3-99A5-02C9A3E389EF}" = PS_AIO_04_C6300_Software_Min
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A85DF75-64F2-4352-9534-8A76F8C1E511}_is1" = The Official Driver Theory Test 5th Edition (Revised October 2011)
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
    "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Dell Webcam Central" = Dell Webcam Central
    "ExpatShield" = Expat Shield 2.24
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NAV" = Norton AntiVirus
    "RealPlayer 15.0" = RealPlayer
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Smilebox" = Smilebox
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/8/2012 11:55:14 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1887

    Error - 7/8/2012 11:55:17 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/8/2012 11:55:17 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6770

    Error - 7/8/2012 11:55:17 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6770

    Error - 7/8/2012 11:55:23 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/8/2012 11:55:23 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 12714

    Error - 7/8/2012 11:55:23 AM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 12714

    Error - 7/8/2012 1:20:30 PM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/8/2012 1:20:30 PM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2200

    Error - 7/8/2012 1:20:30 PM | Computer Name = Eoin-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2200

    [ Broadcom Wireless LAN Events ]
    Error - 5/31/2012 4:08:27 PM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 21:08:27, Thu, May 31, 12 Error - Unable to gain access to user store


    Error - 6/10/2012 12:40:08 PM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 17:40:08, Sun, Jun 10, 12 Error - Unable to gain access to user store


    Error - 6/18/2012 8:42:49 AM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 13:42:49, Mon, Jun 18, 12 Error - Unable to gain access to user store


    Error - 6/27/2012 7:16:57 AM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 12:16:57, Wed, Jun 27, 12 Error - Unable to gain access to user store


    Error - 7/12/2012 9:38:16 PM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 02:38:16, Fri, Jul 13, 12 Error - Unable to get current user admin
    status

    Error - 7/12/2012 9:41:52 PM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 02:41:52, Fri, Jul 13, 12 Error - Unable to get current user admin
    status

    Error - 7/13/2012 10:21:09 AM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 15:21:09, Fri, Jul 13, 12 Error - Unable to get current user admin
    status

    Error - 7/13/2012 10:24:47 AM | Computer Name = Eoin-PC | Source = WLAN-Tray | ID = 0
    Description = 15:24:47, Fri, Jul 13, 12 Error - Unable to get current user admin
    status

    [ Dell Events ]
    Error - 5/20/2012 5:02:13 PM | Computer Name = Eoin-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 9/20/2010 12:42:10 PM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 18:42:09 - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 9/20/2010 12:42:11 PM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 18:42:11 - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 9/4/2011 12:56:36 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 05:56:35 - Error connecting to the internet. 05:56:36 - Unable
    to contact server..

    Error - 9/4/2011 12:56:46 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 05:56:41 - Error connecting to the internet. 05:56:41 - Unable
    to contact server..

    Error - 9/4/2011 1:56:50 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 06:56:50 - Error connecting to the internet. 06:56:50 - Unable
    to contact server..

    Error - 9/4/2011 1:56:56 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 06:56:55 - Error connecting to the internet. 06:56:55 - Unable
    to contact server..

    Error - 9/4/2011 2:57:01 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 07:57:01 - Error connecting to the internet. 07:57:01 - Unable
    to contact server..

    Error - 9/4/2011 2:57:07 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 07:57:06 - Error connecting to the internet. 07:57:06 - Unable
    to contact server..

    Error - 9/4/2011 3:57:12 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 08:57:12 - Error connecting to the internet. 08:57:12 - Unable
    to contact server..

    Error - 9/4/2011 3:57:18 AM | Computer Name = Eoin-PC | Source = MCUpdate | ID = 0
    Description = 08:57:17 - Error connecting to the internet. 08:57:17 - Unable
    to contact server..

    [ System Events ]
    Error - 7/13/2012 11:16:43 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:18:49 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:18:49 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:18:49 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:23:49 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:23:49 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:23:49 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:25:57 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:25:57 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 7/13/2012 11:25:57 AM | Computer Name = Eoin-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068


    < End of report >


  • #5
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    EDIT: VOID.


  • #6
    areyawell
    Banned (with Prison Access) Posts: 1,435 ✭✭✭areyawell


    1) Download a program called Rkill.exe
    2) Download a program called malwares anti malware
    3) Run RKill and then run malwares anit malware(Make sure its updated with latest virus definition

    Do this in safe mode as well obviously.
    This should work hopefully for that type of virus. If not let us know here.


  • Advertisement
  • #7
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    zenno wrote: »
    All you had to do was download and install malwarebytes and scan. It would remove it there and then. http://www.malwarebytes.org/
    areyawell wrote: »
    1) Download a program called Rkill.exe
    2) Download a program called malwares anti malware
    3) Run RKill and then run malwares anit malware(Make sure its updated with latest virus definition

    This should work hopefully for that type of virus. If not let us know here.

    Yeah I'll give this a try, thanks!

    I tried malwarebytes but because I'm running on safe mode it would not let me scan.

    I'll try the Rkill one.

    Thanks


  • #8
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    That's strange as malwarebytes can scan in safe-mode no problem. Looks like that virus is blocking it so. It's never easy is it.


  • #9
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    No luck with Rkill..

    This message came up in Notepad:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 13/07/2012 at 16:39:42.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Users\Aoife\Desktop\OTL (2).exe


    Rkill completed on 13/07/2012 at 16:39:49.


  • #10
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    Actually I've manage to run the Malwarebytes program so fingers crossed this will root the virus out!


  • #11
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    Do a full scan it will take longer but better, if you just done a quick scan there do a full one thereafter.


  • Advertisement
  • #12
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    zenno wrote: »
    Do a full scan it will take longer but better, if you just done a quick scan there do a full one thereafter.

    Thanks!Ya I just did a quick scan. It found 2 viruses and deleted them. Then I restarted my laptop and the virus was still there. So i'll run a full scan now and hope that works.


  • #13
    areyawell
    Banned (with Prison Access) Posts: 1,435 ✭✭✭areyawell


    you need to the two, not just rkill.exe on its own. Rkill kills all processes by the virus and stops it spreading You still need to run the scan using an antimalware program to remove the virus. Run the scan with an antilmare program while Rkill is running on the computer


  • #14
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Post the MBAM log


  • #15
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    If it still can't remove the virus on the full scan of malwarebytes then follow 'areyawells' instructions as he/she has said.


  • #16
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    do this after the mbam step


    open OTL, copy and paste the following into the Custom Scan/Fixes box


    :OTL
    O4 - HKCU..\Run: [ztkhkbmjswwynpe] C:\ProgramData\ztkhkbmj.exe ()
    O32 - AutoRun File - [2008/05/06 13:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{6d16180a-abdb-11df-a6fe-0025647eca3f}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d16180a-abdb-11df-a6fe-0025647eca3f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 08:45:39 | 001,336,632 | R--- | M] ()
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 08:45:39 | 001,336,632 | R--- | M] ()
    [2012/07/12 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ugepssursrpbupz
    [2 C:\Users\Aoife\Documents\*.tmp files -> C:\Users\Aoife\Documents\*.tmp -> ]
    [2012/07/12 17:41:47 | 000,000,051 | ---- | M] () -- C:\ProgramData\xyaglxswkiuctmh
    [2012/07/12 17:41:17 | 000,065,536 | ---- | M] () -- C:\ProgramData\ztkhkbmj.exe
    [2012/07/12 17:41:17 | 000,065,536 | ---- | M] () -- C:\ProgramData\wzitygee.exe
    [2012/07/12 17:41:17 | 000,065,536 | ---- | M] () -- C:\Users\Aoife\0.7572428093412925.exe
    [2012/07/12 17:41:47 | 000,065,536 | ---- | C] () -- C:\ProgramData\wzitygee.exe
    [2012/07/12 17:41:46 | 000,065,536 | ---- | C] () -- C:\ProgramData\ztkhkbmj.exe
    [2012/07/12 17:41:21 | 000,000,051 | ---- | C] () -- C:\ProgramData\xyaglxswkiuctmh
    [2012/07/12 17:41:16 | 000,065,536 | ---- | C] () -- C:\Users\Aoife\0.7572428093412925.exe

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    Click Run Fix, post the log it gives you.


  • #17
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    I've tried running a full system scan with the Malware thing but it keeps stalling once its scanned about 100,000 items..

    I've tried Rkill already but it doesnt work - just says the process was terminated or somthing.

    I'll try pasting that into OTL so


  • #18
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    Eod100 wrote: »
    I've tried running a full system scan with the Malware thing but it keeps stalling once its scanned about 100,000 items..

    I've tried Rkill already but it doesnt work - just says the process was terminated or somthing.

    I'll try pasting that into OTL so

    Well if the OTL doesn't work just download and install McAfee Labs Rootkit Remover in safemode if it lets you, here... http://www.bleepingcomputer.com/download/mcafee-labs-rootkit-remover/ Worth a try. Unless ASJ112 has something more up his sleeve.


  • #19
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you post the mbam log from the quick scan ? It should be in the "Logs" tab in the program


  • #20
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    Ok I posted that into OTL and this note came up (after a system reboot)


    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ztkhkbmjswwynpe deleted successfully.
    C:\ProgramData\ztkhkbmj.exe moved successfully.
    File E:\autorun.inf not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d16180a-abdb-11df-a6fe-0025647eca3f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d16180a-abdb-11df-a6fe-0025647eca3f}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d16180a-abdb-11df-a6fe-0025647eca3f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d16180a-abdb-11df-a6fe-0025647eca3f}\ not found.
    File E:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
    File E:\LaunchU3.exe not found.
    C:\ProgramData\ugepssursrpbupz folder moved successfully.
    C:\Users\Aoife\Documents\~WRL0003.tmp deleted successfully.
    C:\Users\Aoife\Documents\~WRL0005.tmp deleted successfully.
    C:\ProgramData\xyaglxswkiuctmh moved successfully.
    File C:\ProgramData\ztkhkbmj.exe not found.
    C:\ProgramData\wzitygee.exe moved successfully.
    File C:\Users\Aoife\0.7572428093412925.exe not found.
    File C:\ProgramData\wzitygee.exe not found.
    File C:\ProgramData\ztkhkbmj.exe not found.
    File C:\ProgramData\xyaglxswkiuctmh not found.
    File C:\Users\Aoife\0.7572428093412925.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Aoife
    ->Temp folder emptied: 3575644881 bytes
    ->Temporary Internet Files folder emptied: 80346494 bytes
    ->Java cache emptied: 27457900 bytes
    ->FireFox cache emptied: 1105037691 bytes
    ->Google Chrome cache emptied: 370946701 bytes
    ->Flash cache emptied: 13040 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 34908 bytes
    ->Flash cache emptied: 41044 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 532912432 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40151 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 5,429.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Aoife
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Aoife
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Unable to start System Restore Service. Error code 1084
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Aoife\Desktop\cmd.bat deleted successfully.
    C:\Users\Aoife\Desktop\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.54.0 log created on 07132012_185653

    Files\Folders moved on Reboot...
    C:\Users\Aoife\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Aoife\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...





    Does this mean the virus is completely deleted?


  • #21
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    ASJ112 wrote: »
    can you post the mbam log from the quick scan ? It should be in the "Logs" tab in the program

    Sure thing. Here it is..


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.13.06

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Aoife :: EOIN-PC [administrator]

    Protection: Disabled

    13/07/2012 16:43:49
    mbam-log-2012-07-13 (16-43-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218918
    Time elapsed: 4 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Aoife\Downloads\DownloadFast.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Aoife\0.7572428093412925.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)


  • Advertisement
  • #22
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    how is the pc running ? Are there any traces of the virus left ?


  • #23
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    ASJ112 wrote: »
    how is the pc running ? Are there any traces of the virus left ?

    It's running perfectly. No traces of the virus that I can see.

    Hopefully that's the last of it!

    Thanks a million for all your help!

    BTW, what exactly did the text I posted in to OTL do?


  • #24
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    Good job ASJ112.


  • #25
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    OTL scans your registry and file/folders for areas that malware uses. I analyzed your log, found all the malware entries, created a script to remove them, and voila.


    Open OTL, click the CleanUp! button, and that's it.


  • #26
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    ASJ112 wrote: »
    OTL scans your registry and file/folders for areas that malware uses. I analyzed your log, found all the malware entries, created a script to remove them, and voila.


    Open OTL, click the CleanUp! button, and that's it.

    Great stuff, thanks for going to so much effort! I'd have probably been charged a small fortune if I brought it to a computer place so thanks for helping me out, I really appreciate it!

    And thanks to zenno and areyawell too!!

    Clicked on clean up and it rebooted my system and everything seems fine.

    Is that everything sorted so do you think?

    Is there anything I can do to prevent this virus from returning?


  • #27
    areyawell
    Banned (with Prison Access) Posts: 1,435 ✭✭✭areyawell


    run netstat in command prompt for a min and post what comes up here to see if the virus is still "listening" to your computer. Id also run the anti malware program every day for a few days


  • #28
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    I personally don't know much about this particular rootkit virus but using a good antivirus program with built in rootkit scanner and detection would be a good step. I use kaspersky internet security that scans for rootkits constantly so I find it good, but someone else with good knowledge regarding this rootkit might be able to give you more information on this. Glad the problem is fixed.


  • #29
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    areyawell wrote: »
    run netstat in command prompt for a min and post what comes up here to see if the virus is still "listening" to your computer. Id also run the anti malware program every day for a few days

    Thanks!

    I ran netstat but cant seem to copy and paste the text in it.

    Is there anything I should be looking out for in it?


  • #30
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    You have chrome installed I can see, use that browser as your main one. Install this extension for it

    https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof


    Also keep MBAM updated and run it once a week.


  • Advertisement
  • #31
    Eod100
    Registered Users, Registered Users 2 Posts: 12,004 ✭✭✭✭Eod100


    Thanks, I'm currently running Norton Power Eraser to be sure there's no threats left.


  • #32
    fr wishy washy
    Registered Users, Registered Users 2 Posts: 882 ✭✭✭fr wishy washy


    Thanks for the advice but I found a way past this .

    http://trojan-killer.net/metropolitan-police-virus-warning-remove/

    Follow the simple guidelines on this page. Took me 5 minutes to get rid of my problem after a couple of hours research. :)


  • #33
    zenno
    Closed Accounts Posts: 5,377 ✭✭✭zenno


    fr wishy washy wrote: »
    Thanks for the advice but I found a way past this .

    http://trojan-killer.net/metropolitan-police-virus-warning-remove/

    Follow the simple guidelines on this page. Took me 5 minutes to get rid of my problem after a couple of hours research. :)

    Good stuff, will try it out if anyone i know gets infected by this rootkit.


  • #34
    ITS_A_BADGER
    Closed Accounts Posts: 1,232 ✭✭✭ITS_A_BADGER


    fr wishy washy wrote: »
    Thanks for the advice but I found a way past this .

    http://trojan-killer.net/metropolitan-police-virus-warning-remove/

    Follow the simple guidelines on this page. Took me 5 minutes to get rid of my problem after a couple of hours research. :)

    Thank you so much!!! this seems to have worked for me, however the manual way doesnt! at least not for me, i followed the manual instrutions down to shell file and the explorer.exe was normal so i couldnt fix it that way. Im in the middle of the automatic way and it seems be working it removed the trojan file at least i can operate the computer again and im in the middle of part two of it, the updating the trojan killer proramme and scaning the computer fully right now!

    Fingers crossed!!!

    EDIT: damn thing found four more trojans and i cant remove them i have to buy the full product, anybody know some free trojan removal software that would remove 4 trojans at once?


  • #35
    Digy123
    Registered Users, Registered Users 2 Posts: 846 ✭✭✭Digy123


    ITS_A_BADGER wrote: »
    Thank you so much!!! this seems to have worked for me, however the manual way doesnt! at least not for me, i followed the manual instrutions down to shell file and the explorer.exe was normal so i couldnt fix it that way. Im in the middle of the automatic way and it seems be working it removed the trojan file at least i can operate the computer again and im in the middle of part two of it, the updating the trojan killer proramme and scaning the computer fully right now!

    Fingers crossed!!!

    EDIT: damn thing found four more trojans and i cant remove them i have to buy the full product, anybody know some free trojan removal software that would remove 4 trojans at once?
    Try Avast


Advertisement