garda virus

bustersdad

i also have garda virus ,can you help please

kerry4sam

bustersdad wrote: »

i also have garda virus ,can you help please

According to this, you should

If you become infected by this malicious software all affected computers should be repaired by a reputable repair person.

So can you take it to your own local repair shop?

beazee

"Hold the power button 'til it goes off, start it up holding F8 til it comes on, then use a system restore point. It works!" according to this: http://www.facebook.com/pages/An-Garda-S%C3%ADoch%C3%A1na/167613868000?fref=ts

ASJ112

download and run combofix, post the log it gives you

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

bustersdad

sorry for delay,im trying to use 2 laptops ,as i cant get on internet,
combo fix wouldnt work so i used otl,hope thats okOTL logfile created on: 10/21/2012 11:53:33 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 810.00 Mb Available Physical Memory | 79.87% Memory free
3.90 Gb Paging File | 3.83 Gb Available in Paging File | 98.29% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.88 Gb Total Space | 13.66 Gb Free Space | 31.12% Space Free | Partition Type: FAT32
Drive | 44.37 Gb Total Space | 44.33 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive F: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.42% Space Free | Partition Type: FAT

Computer Name: ACER-0EF968F022 | User Name: mike | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/21 11:44:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008/04/14 00:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/09 13:15:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/02/10 16:01:50 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mike\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/09/28 16:09:04 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC620m.sys -- (SPC620m)
DRV - [2007/09/28 16:09:00 | 000,484,352 | ---- | M] (Philips ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC620.sys -- (SPC620)
DRV - [2007/04/11 10:23:32 | 000,035,328 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/03/16 17:24:00 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/27 18:47:00 | 004,241,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/02/22 11:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/02 13:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/20 10:30:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/search?q=google.ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_4&babsrc=SP_ss&mntrId=1cc64ca60000000000000018de40f218
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW4&o=16796&src=crm&q={searchTerms}&locale=en_EU
IE - HKCU\..\SearchScopes\{61DE78AD-CF15-4635-B6FA-E5970A2D93C7}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2010/10/26 12:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Application Data\Mozilla\Extensions
[2010/10/26 12:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/09/30 13:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS} File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [jpcuglwezxcqpgl] C:\WINDOWS\jpcuglwe.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPro620.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/10 13:02:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 21:28:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mike\Recent
[2012/10/20 21:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/20 21:10:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/20 21:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/20 20:39:54 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/10/20 20:16:12 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/20 19:41:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/20 19:41:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/20 19:41:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/20 19:41:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/20 19:38:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/20 19:38:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mike\Start Menu\Programs\Administrative Tools
[2012/10/20 19:37:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/20 15:35:16 | 000,000,000 | -HSD | C] -- C:\FOUND.112
[2012/10/15 16:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/10/14 17:01:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/10/14 17:01:28 | 000,000,000 | -HSD | C] -- C:\FOUND.111
[2012/10/14 10:21:40 | 000,000,000 | -HSD | C] -- C:\FOUND.110
[2012/10/14 10:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ckcuukekzkxzcce
[2012/10/12 07:17:18 | 000,000,000 | -HSD | C] -- C:\FOUND.109
[2012/10/08 09:35:28 | 000,000,000 | -HSD | C] -- C:\FOUND.108
[2012/10/05 15:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\TuneUp Software
[2012/10/05 15:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Local Settings\Application Data\MFAData
[2012/10/02 08:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/02 08:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/27 06:49:32 | 000,000,000 | -HSD | C] -- C:\FOUND.107
[2012/09/25 16:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2012/09/25 16:45:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012/09/24 08:14:16 | 000,000,000 | -HSD | C] -- C:\FOUND.106
[2012/09/23 20:14:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2012/09/23 20:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012/09/23 20:13:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/09/23 20:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\Canon
[2012/09/23 20:12:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/09/23 20:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/09/23 20:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP270 series User Registration
[2012/09/23 20:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike\Application Data\Canon Easy-WebPrint EX
[2012/09/23 20:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012/09/23 20:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2012/09/23 20:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP270 series Manual
[2012/09/23 20:01:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/23 20:01:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/09/23 20:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP270 series
[2012/09/23 20:00:40 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/09/23 19:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/21 11:55:16 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/21 11:55:16 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/21 11:53:22 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Shortcut to OTL.lnk
[2012/10/21 11:51:36 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/21 11:50:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/20 21:31:58 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2012/10/20 21:11:04 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 20:13:14 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\Shortcut to ComboFix.lnk
[2012/10/14 22:14:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/14 10:03:16 | 000,073,394 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zkarhvchhzosrdq
[2012/10/14 10:03:04 | 000,110,592 | ---- | M] () -- C:\WINDOWS\jpcuglwe.exe
[2012/10/10 22:47:38 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/09 22:28:14 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/23 20:09:24 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP270 series User Registration.LNK
[2012/09/23 20:07:34 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2012/09/23 20:07:16 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/09/23 20:04:00 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2012/09/23 20:02:42 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2012/09/23 20:02:20 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP270 series On-screen Manual.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/21 11:53:20 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\Shortcut to OTL.lnk
[2012/10/20 21:11:02 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 20:13:12 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\Shortcut to ComboFix.lnk
[2012/10/20 19:41:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/20 19:41:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/20 19:41:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/20 19:41:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/20 19:41:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/14 10:03:13 | 000,110,592 | ---- | C] () -- C:\WINDOWS\jpcuglwe.exe
[2012/10/14 10:03:06 | 000,073,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zkarhvchhzosrdq
[2012/09/23 20:09:53 | 000,012,544 | ---- | C] () -- C:\WINDOWS\System32\CNC173BD.TBL
[2012/09/23 20:09:23 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP270 series User Registration.LNK
[2012/09/23 20:07:32 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2012/09/23 20:07:15 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2012/09/23 20:03:59 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2012/09/23 20:02:41 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2012/09/23 20:02:19 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP270 series On-screen Manual.lnk
[2012/08/11 20:09:43 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\dt.dat
[2012/06/10 17:04:55 | 000,038,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 08:22:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/20 21:48:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\prvlcl.dat
[2009/06/19 06:18:48 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/20 05:40:51 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/18 05:00:24 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/10 13:06:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/08/15 10:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2008/10/04 05:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dazebqpo
[2009/03/23 14:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/21 10:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/28 15:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/01 20:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/04 22:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/05 14:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/05 15:02:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/26 15:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/19 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/02 18:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55F0E00009786549C5A5AD151FC4E
[2012/09/23 20:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/23 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/09/23 20:12:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/09/23 20:13:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/09/23 20:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012/09/23 20:14:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2012/09/25 16:45:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012/10/14 10:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ckcuukekzkxzcce
[2007/08/15 10:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Hulabee
[2007/08/19 01:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Sauce
[2008/07/03 11:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\MSNInstaller
[2010/03/06 16:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\AVG9
[2010/07/01 13:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\LEGO Company
[2010/10/18 21:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\AVG
[2011/01/19 21:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Windows Live Writer
[2012/02/19 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Babylon
[2012/02/22 14:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\XBMC
[2012/02/23 19:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Zygoke
[2012/02/23 19:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Ehuknue
[2012/07/02 18:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Ryboon
[2012/07/02 18:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Ozywuc
[2012/07/09 14:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Media Finder
[2012/09/23 20:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Canon Easy-WebPrint EX
[2012/09/23 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Canon
[2012/10/05 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\TuneUp Software

========== Purity Check ==========


< End of report >

scout353

Hi ASJ112

Used Malwarebyte and it seems to have fixed it!!

But here is the OTL Log



OTL logfile created on: 21/10/2012 11:36:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cian S\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.12% Memory free
4.21 Gb Paging File | 3.00 Gb Available in Paging File | 71.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 1.85 Gb Free Space | 3.33% Space Free | Partition Type: NTFS
Drive | 7.77 Gb Total Space | 7.62 Gb Free Space | 98.01% Space Free | Partition Type: FAT32
Drive E: | 54.66 Gb Total Space | 44.71 Gb Free Space | 81.80% Space Free | Partition Type: NTFS

Computer Name: CIAN-PC | User Name: Cian S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 21:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cian S\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/20 10:45:23 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/23 17:23:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/23 17:23:32 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/23 17:23:29 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/23 17:23:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/23 17:23:19 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/19 20:18:52 | 000,827,392 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/15 14:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/09 18:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/27 12:28:42 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/05/04 12:05:08 | 000,571,024 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
PRC - [2007/04/06 11:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2007/04/03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 19:50:53 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\b26d1c6ae98a3fafd08a70f2d719af08\TCrdMain.ni.exe
MOD - [2012/06/19 19:45:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/19 19:45:36 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/19 19:45:19 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/19 19:44:29 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/13 16:58:52 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/13 16:58:46 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/13 16:58:25 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/06/27 12:28:42 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2007/05/22 10:39:00 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Services (SafeList) ==========

SRV - [2012/10/08 21:06:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/08/23 17:23:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/23 17:23:19 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/01/19 20:18:52 | 000,827,392 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/22 09:28:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010/01/22 09:28:52 | 000,143,264 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/10/05 20:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009/08/23 17:23:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/23 17:23:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/21 19:37:11 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/13 10:17:58 | 001,472,000 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC30x)
DRV - [2007/12/10 18:15:34 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav211.sys -- (vvftav211)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004/04/27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKLM\..\SearchScopes,DefaultScope = {6A6C4EAA-E75D-420B-BE86-455E44C0AF44}
IE - HKLM\..\SearchScopes\{6A6C4EAA-E75D-420B-BE86-455E44C0AF44}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A6C4EAA-E75D-420B-BE86-455E44C0AF44}
IE - HKCU\..\SearchScopes\{6A6C4EAA-E75D-420B-BE86-455E44C0AF44}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/28 22:13:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/25 13:15:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/25 13:15:33 | 000,000,000 | ---D | M]

[2009/01/03 17:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cian S\AppData\Roaming\mozilla\Extensions
[2012/05/02 21:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cian S\AppData\Roaming\mozilla\Firefox\Profiles\3bn7jcmu.default\extensions
[2011/08/16 21:38:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cian S\AppData\Roaming\mozilla\Firefox\Profiles\3bn7jcmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/23 22:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/23 22:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/22 22:21:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/23 22:44:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/30 16:07:44 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/30 16:07:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/30 16:07:44 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/30 16:07:44 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/30 16:07:44 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Cian S\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Users\Cian S\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PrintServer Diagnostic] \PTP\PSDiagnostic.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk = File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA1451B-B972-43D9-AD3B-226FD4F23BD4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E513DDF1-3DCD-497D-A84A-243CEEAD8CB5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\Shell\AutoRun\command - "" = \LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 11:23:17 | 000,000,000 | ---D | C] -- C:\Users\Cian S\AppData\Roaming\Malwarebytes
[2012/10/21 11:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/21 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/21 11:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/21 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/21 11:22:54 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cian S\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/21 11:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cian S\Desktop\OTL.exe
[2012/10/17 19:55:34 | 000,000,000 | -HSD | C] -- C:\Users\Cian S\AppData\Roaming\System
[2012/10/10 20:45:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 20:45:02 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 20:45:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/25 13:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/25 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/09/25 13:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/09/25 13:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/25 13:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/25 13:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/25 13:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/25 09:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/25 09:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/25 09:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/21 21:58:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 21:58:26 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 21:58:23 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 21:58:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 21:58:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 21:58:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 21:58:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 21:58:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 21:58:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 21:58:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 21:58:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 21:58:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 21:58:21 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 21:58:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 21:58:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 21:58:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 21:58:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 21:58:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/21 11:51:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{009E682A-65BC-419B-890F-AFDFB78C6927}.job
[2012/10/21 11:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9EBE0C1E-B4DC-47D5-A41C-37D07C119116}.job
[2012/10/21 11:40:39 | 000,612,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/21 11:40:39 | 000,110,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/21 11:34:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/21 11:34:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 11:34:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 11:33:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/21 11:30:31 | 000,000,680 | ---- | M] () -- C:\Users\Cian S\AppData\Local\d3d9caps.dat
[2012/10/21 11:24:27 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/21 11:16:53 | 000,000,731 | ---- | M] () -- C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk
[2012/10/17 22:49:10 | 000,002,627 | ---- | M] () -- C:\Users\Cian S\Desktop\Microsoft Office Word 2007.lnk
[2012/10/17 21:56:08 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cian S\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/17 21:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cian S\Desktop\OTL.exe
[2012/10/17 20:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 20:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/17 19:55:41 | 000,164,980 | -HS- | M] () -- C:\Users\Cian S\AppData\Roaming\rt1.jpg
[2012/10/15 20:14:03 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/08 21:06:05 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/08 21:06:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/03 19:53:17 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Cian S.job
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/26 22:00:19 | 000,002,585 | ---- | M] () -- C:\Users\Cian S\Desktop\Microsoft Office Excel 2007.lnk
[2012/09/25 13:11:06 | 000,007,137 | ---- | M] () -- C:\Users\Cian S\Documents\emaillogo.jpg
[2012/09/25 13:09:08 | 000,000,188 | ---- | M] () -- C:\Users\Cian S\Desktop\My CIT Webmail.url
[2012/09/25 13:07:25 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/25 12:54:57 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/09/25 12:54:57 | 000,001,854 | ---- | M] () -- C:\Users\Cian S\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/09/25 09:07:29 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/21 11:23:14 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/17 21:05:05 | 000,000,680 | ---- | C] () -- C:\Users\Cian S\AppData\Local\d3d9caps.dat
[2012/10/17 19:55:38 | 000,164,980 | -HS- | C] () -- C:\Users\Cian S\AppData\Roaming\rt1.jpg
[2012/10/17 19:55:36 | 000,000,731 | ---- | C] () -- C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk
[2012/09/25 13:10:57 | 000,007,137 | ---- | C] () -- C:\Users\Cian S\Documents\emaillogo.jpg
[2012/09/25 13:07:25 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/25 13:06:30 | 000,000,188 | ---- | C] () -- C:\Users\Cian S\Desktop\My CIT Webmail.url
[2009/11/05 19:15:16 | 000,014,336 | ---- | C] () -- C:\Users\Cian S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/14 17:52:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



HERE IS THE EXTRAS FILE LOG>>>>>>>>>>>>>>>>>>>


OTL Extras logfile created on: 21/10/2012 11:36:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cian S\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.12% Memory free
4.21 Gb Paging File | 3.00 Gb Available in Paging File | 71.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 1.85 Gb Free Space | 3.33% Space Free | Partition Type: NTFS
Drive | 7.77 Gb Total Space | 7.62 Gb Free Space | 98.01% Space Free | Partition Type: FAT32
Drive E: | 54.66 Gb Total Space | 44.71 Gb Free Space | 81.80% Space Free | Partition Type: NTFS

Computer Name: CIAN-PC | User Name: Cian S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EC612C-557F-44F5-BED0-BE37F1CD8B2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C0A0DA1-1C37-4085-A241-40F97338419D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0DDDA66A-CA75-4C69-AAD4-0BC396D10325}" = rport=10244 | protocol=6 | dir=out | app=system |
"{13573F25-9F37-4DE6-BF53-454F5B1E194E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20A08F51-F51F-462A-9B8A-53878FD0C271}" = lport=138 | protocol=17 | dir=in | app=system |
"{21DFE241-9A8B-4AFF-9E04-4FAB67C1ED09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{263DF0EB-F0D2-44EE-829A-D3B189922C77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{326A5FBE-CA7F-4DD1-833B-4F1030BE08F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35CA6B03-E94B-4B0B-A5CF-4F95FB2B0FD8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{360497C4-C477-4DC9-BF12-47A4337514B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38DF6ED4-D993-495D-8764-FB14E7DEFE5C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3DD9F966-110E-42E1-9B3C-12D3FEEA581D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F9DD5ED-AB33-4240-8FFF-CDF8B5C88ACD}" = lport=139 | protocol=6 | dir=in | app=system |
"{45102497-0290-4996-A133-0322043D4499}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47426B4E-96A0-48FF-9ACC-2E2938078687}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4907B46E-222D-47B4-AEE3-EFFB98010B82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D020814-CA87-463A-9633-789957789765}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{551D4AE5-0A02-462B-946A-5249A278ABA0}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BA5753A-24D5-40A0-AB84-5EE2515F025A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA37B69-4FA3-4DCD-8CAC-B640E3872D7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{637D01E3-0603-4667-8A03-27D225C09D3E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{675DFF75-6EFE-4ADB-A72E-26CDCC65DA23}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6F334B5D-1F1C-4398-B768-0378B7D0748C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{772A39C3-D282-475E-85E2-A8D60ED0626D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79DA483E-3E12-47B2-9991-58A27BEC0BE7}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7A7E1C73-4D2D-4059-A3ED-2DBA56FB02BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E8B33B8-500F-4709-BB72-8417E6C2C4C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89D72A82-6116-4063-8BEE-D1742DEF59F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89E38998-4BE7-4D34-821D-A3E47C9497FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{931B81E7-5F1E-4E06-81FD-3DB88DC930BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F627DF7-45ED-4913-A5DA-2B9DE4BBA395}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A7025A6A-1D18-418D-9234-272E811A2F45}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A755F735-2AE4-40F7-815D-8BC45E6EEA1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A864090F-C265-4B5D-9D0F-435B7FF8972B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B478786B-6F32-492D-A7C3-9BD472741CC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA1881B3-AF5D-4DED-984E-EDBD159CBD08}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA343DD5-E067-4734-AD61-6F86A200258B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BF5DA321-486C-49E8-ABC2-86179A142AE9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C391EF0A-978B-4E2B-9ECF-85237BED9AD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5956FC6-FAEB-4D4B-A552-C2F2AD311574}" = rport=139 | protocol=6 | dir=out | app=system |
"{C932F039-E148-49F0-B7CF-1AB3384AD21E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFDCC96D-9585-46BB-838E-2D418D446280}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0432CFA-AEF3-4556-B63C-C52AD0CCAF7B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D06FA21B-1B6A-4A4E-8DA6-C2F18E8E3D03}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D6635A13-AE7F-44CB-A1B5-32770495868B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E45284F6-17E1-426C-A275-16D65347A559}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED1ADF3F-9818-4A85-8477-142CEBD1D393}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDB697BF-3931-4F96-B1E9-5C18DDB667CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0B091EA-F0CD-4720-8DD8-AF63F79665B2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F7A3ABCE-CE41-4E27-9924-64D6E2C9CD4C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC532A8C-D32C-4A9D-A5F1-223E56DA748C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE3C9B85-750D-4FCE-B6ED-DE44FF5B06CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CBC87F-1C87-474F-A79C-7A5B63A3A5E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{06FDD5A8-72BE-40B5-B27F-365D3D50BC69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A6173C8-E172-4B46-92DC-54517E821E2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0AA97C6E-EC86-4098-9698-BD5B4C63F2F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{114F35D9-FEE8-4400-8A1C-CC5E158D0647}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{15AB8C17-A9FF-4F3A-B763-08DF0FD69A49}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{17D5D826-401E-4104-9D74-559E7387F1A8}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1A7DB653-4027-4193-A566-6DA16E745125}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{26BB5792-FD37-49A7-A394-93298EF0F977}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3846BDA8-12FE-4CC4-B29C-C0E61897C055}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3A4C03EE-ECE8-41A5-9F37-72F0A5B910A7}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{4AD60099-BA1B-4A8E-A801-08E983B1525A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4DF8BBF6-531A-4C07-AD4B-6497E41930D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4FD1FD1D-A773-4DDE-A6A9-FC8171496F4A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{50FB9966-998D-40C2-AB3F-BA4E7291AAFC}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{55441C95-64D4-4ECD-98D4-8C536C3BAA61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A44A6CF-B97A-4FBF-BEF2-774370E6C447}" = protocol=6 | dir=out | app=system |
"{63F99459-2E65-46D7-9666-6C1424E4368F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{669F8A66-7E9B-4BEE-9CA1-9A151E0A5E19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E51C0F7-F7EA-4B3C-BD6D-AFFC0AC41695}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E83767C-25AF-4087-BC2A-11BA13E8C53F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FC57803-B476-46EC-8540-DA2A10C1390A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72636F05-FDF8-44AD-8AC2-55FEF9A2F450}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7A414649-F7B4-4ADA-88BE-8FABE9A46E1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A7EF0A8-3E5E-4BD6-99A7-8CAFE39D50C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D64A3E9-0975-4B67-928A-1030DF9CB0EF}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{809F3CBC-4AAA-426C-99BF-14EEF6B85B3F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{82413E9A-9169-4E20-93A8-5BE91E87835B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{87C405D8-6519-406A-BF06-D1D34BE8DF19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87D57E9F-FB29-4A7D-99B8-06EB072F02D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93D924FE-D790-45DC-AF69-F523A6117B62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94BD911A-1164-4CC0-B204-D45A7BF097E4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9994EA8B-4256-484E-8A78-5C8B436AAAC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CD9052A-1F4A-45FB-85C7-B3C3E42FBCAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B028C707-91A0-45F9-A8B9-774098D1D369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0F67FCC-1E53-42FB-AEDD-2C38AA225B0B}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{CBA3D4B0-4C36-414A-BC54-A2BDF6241A23}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D460A367-9EDE-4B37-B633-C2B14B747AA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0318EA2-6B68-4A86-B6F0-BDA53FF2EAEE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{ECCCDCB9-882A-4331-9953-CBF27DFD05A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EDD2EC2D-ED58-4EFE-8BBE-505F984B4EA3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EF5DF983-8375-4949-839C-9D3EAF20EBE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F16FBD4C-8ED0-40E1-BFBE-C2BD5358A48D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F7024348-C783-432D-846F-C6B7CE572495}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1E0C2F7F-5596-4B9F-B288-6C629AB2B80E}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"TCP Query User{C2512E8B-532B-4267-93B5-0FE66A2C890B}C:\program files\bittyrant\azureus.exe" = protocol=6 | dir=in | app=c:\program files\bittyrant\azureus.exe |
"TCP Query User{C5FFDED5-00FF-4DD8-9284-472A5C2F9DF5}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"TCP Query User{D6D3F79E-3DAD-4692-A42D-BD4438B32B06}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4FD665BA-E809-4F3B-8B78-027484FC1C93}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"UDP Query User{565FE4ED-F06E-4BCF-8E43-0B961BFFC255}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{8CD0D88E-419C-46CA-8DEC-5738095E6657}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9FF1E3D2-D610-4E52-BBD2-1F4506042840}C:\program files\bittyrant\azureus.exe" = protocol=17 | dir=in | app=c:\program files\bittyrant\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2208D65A-1BF9-485E-A308-1BA6CADCDC1D}" = Windows Live Movie Maker Beta
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Vimicro USB PC Camera 301x
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC509FE5-1445-46C9-827C-6120429CB942}" = Windows Live Family Safety
"{DFAF5B6C-47F6-4D1E-BFC8-247659A8056D}" = EpsonNet SetupManager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}"

scout353

Hi ASJ112

Used Malwarebyte and it seems to have fixed it!!

But here is the OTL Log



OTL logfile created on: 21/10/2012 11:36:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cian S\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.12% Memory free
4.21 Gb Paging File | 3.00 Gb Available in Paging File | 71.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 1.85 Gb Free Space | 3.33% Space Free | Partition Type: NTFS
Drive | 7.77 Gb Total Space | 7.62 Gb Free Space | 98.01% Space Free | Partition Type: FAT32
Drive E: | 54.66 Gb Total Space | 44.71 Gb Free Space | 81.80% Space Free | Partition Type: NTFS

Computer Name: CIAN-PC | User Name: Cian S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 21:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cian S\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/20 10:45:23 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/23 17:23:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/23 17:23:32 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/23 17:23:29 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/23 17:23:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/23 17:23:19 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/19 20:18:52 | 000,827,392 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/15 14:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/09 18:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/07/20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/27 12:28:42 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/06/19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/05/22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007/05/04 12:05:08 | 000,571,024 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
PRC - [2007/04/06 11:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
PRC - [2007/04/03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 19:50:53 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\b26d1c6ae98a3fafd08a70f2d719af08\TCrdMain.ni.exe
MOD - [2012/06/19 19:45:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/19 19:45:36 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/19 19:45:19 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/19 19:44:29 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/13 16:58:52 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/13 16:58:46 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/13 16:58:25 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/06/27 12:28:42 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2007/05/22 10:39:00 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Services (SafeList) ==========

SRV - [2012/10/08 21:06:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/08/23 17:23:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/23 17:23:19 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/01/19 20:18:52 | 000,827,392 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/22 09:28:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010/01/22 09:28:52 | 000,143,264 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/10/05 20:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009/08/23 17:23:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/23 17:23:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/21 19:37:11 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/13 10:17:58 | 001,472,000 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC30x)
DRV - [2007/12/10 18:15:34 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav211.sys -- (vvftav211)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004/04/27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKLM\..\SearchScopes,DefaultScope = {6A6C4EAA-E75D-420B-BE86-455E44C0AF44}
IE - HKLM\..\SearchScopes\{6A6C4EAA-E75D-420B-BE86-455E44C0AF44}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A6C4EAA-E75D-420B-BE86-455E44C0AF44}
IE - HKCU\..\SearchScopes\{6A6C4EAA-E75D-420B-BE86-455E44C0AF44}: "URL" = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/28 22:13:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/25 13:15:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/25 13:15:33 | 000,000,000 | ---D | M]

[2009/01/03 17:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cian S\AppData\Roaming\mozilla\Extensions
[2012/05/02 21:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cian S\AppData\Roaming\mozilla\Firefox\Profiles\3bn7jcmu.default\extensions
[2011/08/16 21:38:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cian S\AppData\Roaming\mozilla\Firefox\Profiles\3bn7jcmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/23 22:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/23 22:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/22 22:21:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/23 22:44:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/30 16:07:44 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/30 16:07:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/30 16:07:44 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/30 16:07:44 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/30 16:07:44 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Cian S\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Users\Cian S\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PrintServer Diagnostic] \PTP\PSDiagnostic.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk = File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA1451B-B972-43D9-AD3B-226FD4F23BD4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E513DDF1-3DCD-497D-A84A-243CEEAD8CB5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\Shell\AutoRun\command - "" = \LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 11:23:17 | 000,000,000 | ---D | C] -- C:\Users\Cian S\AppData\Roaming\Malwarebytes
[2012/10/21 11:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/21 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/21 11:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/21 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/21 11:22:54 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cian S\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/21 11:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cian S\Desktop\OTL.exe
[2012/10/17 19:55:34 | 000,000,000 | -HSD | C] -- C:\Users\Cian S\AppData\Roaming\System
[2012/10/10 20:45:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 20:45:02 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 20:45:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/25 13:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/25 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/09/25 13:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/09/25 13:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/25 13:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/25 13:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/25 13:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/25 09:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/25 09:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/25 09:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/21 21:58:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 21:58:26 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 21:58:23 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 21:58:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 21:58:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/21 21:58:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/21 21:58:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/21 21:58:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/21 21:58:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 21:58:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 21:58:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/21 21:58:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 21:58:21 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/21 21:58:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/21 21:58:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/21 21:58:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/21 21:58:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/21 21:58:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/21 11:51:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{009E682A-65BC-419B-890F-AFDFB78C6927}.job
[2012/10/21 11:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9EBE0C1E-B4DC-47D5-A41C-37D07C119116}.job
[2012/10/21 11:40:39 | 000,612,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/21 11:40:39 | 000,110,162 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/21 11:34:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/21 11:34:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 11:34:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 11:33:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/21 11:30:31 | 000,000,680 | ---- | M] () -- C:\Users\Cian S\AppData\Local\d3d9caps.dat
[2012/10/21 11:24:27 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/21 11:16:53 | 000,000,731 | ---- | M] () -- C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk
[2012/10/17 22:49:10 | 000,002,627 | ---- | M] () -- C:\Users\Cian S\Desktop\Microsoft Office Word 2007.lnk
[2012/10/17 21:56:08 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cian S\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/17 21:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cian S\Desktop\OTL.exe
[2012/10/17 20:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 20:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/17 19:55:41 | 000,164,980 | -HS- | M] () -- C:\Users\Cian S\AppData\Roaming\rt1.jpg
[2012/10/15 20:14:03 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/08 21:06:05 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/08 21:06:05 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/03 19:53:17 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Cian S.job
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/26 22:00:19 | 000,002,585 | ---- | M] () -- C:\Users\Cian S\Desktop\Microsoft Office Excel 2007.lnk
[2012/09/25 13:11:06 | 000,007,137 | ---- | M] () -- C:\Users\Cian S\Documents\emaillogo.jpg
[2012/09/25 13:09:08 | 000,000,188 | ---- | M] () -- C:\Users\Cian S\Desktop\My CIT Webmail.url
[2012/09/25 13:07:25 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/25 12:54:57 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/09/25 12:54:57 | 000,001,854 | ---- | M] () -- C:\Users\Cian S\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/09/25 09:07:29 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/21 11:23:14 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/17 21:05:05 | 000,000,680 | ---- | C] () -- C:\Users\Cian S\AppData\Local\d3d9caps.dat
[2012/10/17 19:55:38 | 000,164,980 | -HS- | C] () -- C:\Users\Cian S\AppData\Roaming\rt1.jpg
[2012/10/17 19:55:36 | 000,000,731 | ---- | C] () -- C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk
[2012/09/25 13:10:57 | 000,007,137 | ---- | C] () -- C:\Users\Cian S\Documents\emaillogo.jpg
[2012/09/25 13:07:25 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/25 13:06:30 | 000,000,188 | ---- | C] () -- C:\Users\Cian S\Desktop\My CIT Webmail.url
[2009/11/05 19:15:16 | 000,014,336 | ---- | C] () -- C:\Users\Cian S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 20:02:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/14 17:52:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



HERE IS THE EXTRAS FILE LOG>>>>>>>>>>>>>>>>>>>


OTL Extras logfile created on: 21/10/2012 11:36:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cian S\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.12% Memory free
4.21 Gb Paging File | 3.00 Gb Available in Paging File | 71.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 1.85 Gb Free Space | 3.33% Space Free | Partition Type: NTFS
Drive | 7.77 Gb Total Space | 7.62 Gb Free Space | 98.01% Space Free | Partition Type: FAT32
Drive E: | 54.66 Gb Total Space | 44.71 Gb Free Space | 81.80% Space Free | Partition Type: NTFS

Computer Name: CIAN-PC | User Name: Cian S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EC612C-557F-44F5-BED0-BE37F1CD8B2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C0A0DA1-1C37-4085-A241-40F97338419D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0DDDA66A-CA75-4C69-AAD4-0BC396D10325}" = rport=10244 | protocol=6 | dir=out | app=system |
"{13573F25-9F37-4DE6-BF53-454F5B1E194E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20A08F51-F51F-462A-9B8A-53878FD0C271}" = lport=138 | protocol=17 | dir=in | app=system |
"{21DFE241-9A8B-4AFF-9E04-4FAB67C1ED09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{263DF0EB-F0D2-44EE-829A-D3B189922C77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{326A5FBE-CA7F-4DD1-833B-4F1030BE08F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35CA6B03-E94B-4B0B-A5CF-4F95FB2B0FD8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{360497C4-C477-4DC9-BF12-47A4337514B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38DF6ED4-D993-495D-8764-FB14E7DEFE5C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3DD9F966-110E-42E1-9B3C-12D3FEEA581D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F9DD5ED-AB33-4240-8FFF-CDF8B5C88ACD}" = lport=139 | protocol=6 | dir=in | app=system |
"{45102497-0290-4996-A133-0322043D4499}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47426B4E-96A0-48FF-9ACC-2E2938078687}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4907B46E-222D-47B4-AEE3-EFFB98010B82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D020814-CA87-463A-9633-789957789765}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{551D4AE5-0A02-462B-946A-5249A278ABA0}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BA5753A-24D5-40A0-AB84-5EE2515F025A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA37B69-4FA3-4DCD-8CAC-B640E3872D7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{637D01E3-0603-4667-8A03-27D225C09D3E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{675DFF75-6EFE-4ADB-A72E-26CDCC65DA23}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6F334B5D-1F1C-4398-B768-0378B7D0748C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{772A39C3-D282-475E-85E2-A8D60ED0626D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79DA483E-3E12-47B2-9991-58A27BEC0BE7}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7A7E1C73-4D2D-4059-A3ED-2DBA56FB02BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E8B33B8-500F-4709-BB72-8417E6C2C4C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89D72A82-6116-4063-8BEE-D1742DEF59F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89E38998-4BE7-4D34-821D-A3E47C9497FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{931B81E7-5F1E-4E06-81FD-3DB88DC930BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F627DF7-45ED-4913-A5DA-2B9DE4BBA395}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A7025A6A-1D18-418D-9234-272E811A2F45}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A755F735-2AE4-40F7-815D-8BC45E6EEA1B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A864090F-C265-4B5D-9D0F-435B7FF8972B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B478786B-6F32-492D-A7C3-9BD472741CC0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA1881B3-AF5D-4DED-984E-EDBD159CBD08}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA343DD5-E067-4734-AD61-6F86A200258B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BF5DA321-486C-49E8-ABC2-86179A142AE9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C391EF0A-978B-4E2B-9ECF-85237BED9AD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5956FC6-FAEB-4D4B-A552-C2F2AD311574}" = rport=139 | protocol=6 | dir=out | app=system |
"{C932F039-E148-49F0-B7CF-1AB3384AD21E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFDCC96D-9585-46BB-838E-2D418D446280}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0432CFA-AEF3-4556-B63C-C52AD0CCAF7B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D06FA21B-1B6A-4A4E-8DA6-C2F18E8E3D03}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D6635A13-AE7F-44CB-A1B5-32770495868B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E45284F6-17E1-426C-A275-16D65347A559}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED1ADF3F-9818-4A85-8477-142CEBD1D393}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDB697BF-3931-4F96-B1E9-5C18DDB667CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0B091EA-F0CD-4720-8DD8-AF63F79665B2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F7A3ABCE-CE41-4E27-9924-64D6E2C9CD4C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC532A8C-D32C-4A9D-A5F1-223E56DA748C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE3C9B85-750D-4FCE-B6ED-DE44FF5B06CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CBC87F-1C87-474F-A79C-7A5B63A3A5E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{06FDD5A8-72BE-40B5-B27F-365D3D50BC69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A6173C8-E172-4B46-92DC-54517E821E2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0AA97C6E-EC86-4098-9698-BD5B4C63F2F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{114F35D9-FEE8-4400-8A1C-CC5E158D0647}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{15AB8C17-A9FF-4F3A-B763-08DF0FD69A49}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{17D5D826-401E-4104-9D74-559E7387F1A8}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1A7DB653-4027-4193-A566-6DA16E745125}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{26BB5792-FD37-49A7-A394-93298EF0F977}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3846BDA8-12FE-4CC4-B29C-C0E61897C055}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3A4C03EE-ECE8-41A5-9F37-72F0A5B910A7}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{4AD60099-BA1B-4A8E-A801-08E983B1525A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4DF8BBF6-531A-4C07-AD4B-6497E41930D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4FD1FD1D-A773-4DDE-A6A9-FC8171496F4A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{50FB9966-998D-40C2-AB3F-BA4E7291AAFC}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{55441C95-64D4-4ECD-98D4-8C536C3BAA61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A44A6CF-B97A-4FBF-BEF2-774370E6C447}" = protocol=6 | dir=out | app=system |
"{63F99459-2E65-46D7-9666-6C1424E4368F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{669F8A66-7E9B-4BEE-9CA1-9A151E0A5E19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E51C0F7-F7EA-4B3C-BD6D-AFFC0AC41695}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E83767C-25AF-4087-BC2A-11BA13E8C53F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FC57803-B476-46EC-8540-DA2A10C1390A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72636F05-FDF8-44AD-8AC2-55FEF9A2F450}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7A414649-F7B4-4ADA-88BE-8FABE9A46E1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A7EF0A8-3E5E-4BD6-99A7-8CAFE39D50C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D64A3E9-0975-4B67-928A-1030DF9CB0EF}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{809F3CBC-4AAA-426C-99BF-14EEF6B85B3F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{82413E9A-9169-4E20-93A8-5BE91E87835B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{87C405D8-6519-406A-BF06-D1D34BE8DF19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87D57E9F-FB29-4A7D-99B8-06EB072F02D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93D924FE-D790-45DC-AF69-F523A6117B62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94BD911A-1164-4CC0-B204-D45A7BF097E4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9994EA8B-4256-484E-8A78-5C8B436AAAC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CD9052A-1F4A-45FB-85C7-B3C3E42FBCAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B028C707-91A0-45F9-A8B9-774098D1D369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0F67FCC-1E53-42FB-AEDD-2C38AA225B0B}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{CBA3D4B0-4C36-414A-BC54-A2BDF6241A23}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D460A367-9EDE-4B37-B633-C2B14B747AA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0318EA2-6B68-4A86-B6F0-BDA53FF2EAEE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{ECCCDCB9-882A-4331-9953-CBF27DFD05A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EDD2EC2D-ED58-4EFE-8BBE-505F984B4EA3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EF5DF983-8375-4949-839C-9D3EAF20EBE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F16FBD4C-8ED0-40E1-BFBE-C2BD5358A48D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F7024348-C783-432D-846F-C6B7CE572495}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1E0C2F7F-5596-4B9F-B288-6C629AB2B80E}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"TCP Query User{C2512E8B-532B-4267-93B5-0FE66A2C890B}C:\program files\bittyrant\azureus.exe" = protocol=6 | dir=in | app=c:\program files\bittyrant\azureus.exe |
"TCP Query User{C5FFDED5-00FF-4DD8-9284-472A5C2F9DF5}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"TCP Query User{D6D3F79E-3DAD-4692-A42D-BD4438B32B06}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4FD665BA-E809-4F3B-8B78-027484FC1C93}C:\program files\java\jdk1.6.0_10\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_10\jre\bin\java.exe |
"UDP Query User{565FE4ED-F06E-4BCF-8E43-0B961BFFC255}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{8CD0D88E-419C-46CA-8DEC-5738095E6657}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9FF1E3D2-D610-4E52-BBD2-1F4506042840}C:\program files\bittyrant\azureus.exe" = protocol=17 | dir=in | app=c:\program files\bittyrant\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2208D65A-1BF9-485E-A308-1BA6CADCDC1D}" = Windows Live Movie Maker Beta
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Vimicro USB PC Camera 301x
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Fra

ASJ112

this is for busterdad


why wouldnt combofix work ?


open OTL copy and paste this in the custom scan/fixes box


:OTL
O4 - HKCU..\Run: [jpcuglwezxcqpgl] C:\WINDOWS\jpcuglwe.exe ()
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/10/14 10:03:16 | 000,073,394 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zkarhvchhzosrdq
[2012/10/14 10:03:04 | 000,110,592 | ---- | M] () -- C:\WINDOWS\jpcuglwe.exe
[2012/08/11 20:09:43 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\dt.dat
[2008/10/04 05:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dazebqpo
[2012/10/14 10:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ckcuukekzkxzcce
[2012/02/23 19:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Zygoke
[2012/02/23 19:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Ehuknue
[2012/07/02 18:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Ryboon
[2012/07/02 18:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Ozywuc

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c


click run fix, post the log it gives.


then can you re-download combofix and try it once more. Post the log from it if it works.

ASJ112

scout353 do you have the mbam log ?


open OTL copy and paste this in the custom scan/fixes box


:OTL
O4 - Startup: C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk = File not found
O33 - MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\Shell\AutoRun\command - "" = \AutoRun.exe
O33 - MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\Shell - "" = AutoRun
O33 - MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\Shell\AutoRun\command - "" = \LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe
[2012/10/21 11:16:53 | 000,000,731 | ---- | M] () -- C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c


click run fix post the log it gives.

bustersdad

processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jpcuglwezxcqpgl deleted successfully.
C:\WINDOWS\jpcuglwe.exe moved successfully.
C:\WINDOWS\003122_.tmp deleted successfully.
C:\WINDOWS\DUMPd3bc.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\zkarhvchhzosrdq moved successfully.
File C:\WINDOWS\jpcuglwe.exe not found.
C:\Documents and Settings\mike\Local Settings\Application Data\dt.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\dazebqpo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ckcuukekzkxzcce folder moved successfully.
C:\Documents and Settings\mike\Application Data\Zygoke folder moved successfully.
C:\Documents and Settings\mike\Application Data\Ehuknue folder moved successfully.
C:\Documents and Settings\mike\Application Data\Ryboon folder moved successfully.
C:\Documents and Settings\mike\Application Data\Ozywuc folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4352859 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33263 bytes

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: mike
->Temp folder emptied: 17566 bytes
->Temporary Internet Files folder emptied: 9060754 bytes
->Java cache emptied: 13782833 bytes
->Google Chrome cache emptied: 184762912 bytes
->Flash cache emptied: 924 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 407662474 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 272 bytes

Total Files Cleaned = 591.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: mike
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: mike
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 10
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10212012_134305
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\mike\Local Settings\Temp\~DF3B6B.tmp not found!
C:\Documents and Settings\mike\Local Settings\Temp\~WRS0000.tmp moved successfully.
File\Folder C:\Documents and Settings\mike\Local Settings\Temp\~DF41E1.tmp not found!
C:\Documents and Settings\mike\Local Settings\Temp\~WRF0001.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
your a genious mate ,i cant thank you enough for your time and patience

scout353

Here is the M-log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.21.02

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19328
Cian S :: CIAN-PC [administrator]

Protection: Disabled

21/10/2012 11:25:31
mbam-log-2012-10-21 (11-25-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217612
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Update (Trojan.FakeAdobe) -> Data: C:\Users\Cian S\AppData\Roaming\system\system.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Cian S\AppData\Roaming\System\system.exe (Trojan.FakeAdobe) -> Quarantined and deleted successfully.
C:\Users\Cian S\Local Settings\Temporary Internet Files\Content.IE5\W2MK7S8B\0CoP6YFaie[1] (Trojan.FakeAdobe) -> Quarantined and deleted successfully.

(end)

ASJ112

buster download and run combofix, post the log from it


http://www.bleepingcomputer.com/combofix/how-to-use-combofix



scout353, did you do the otl step above ?

scout353

Done!

All processes killed
========== OTL ==========
C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae2d6da-c395-11df-ad20-00a0d18d7b3c}\ not found.
File \AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d615ee-e27b-11df-a213-00a0d18d7b3c}\ not found.
File \AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62d615f8-e27b-11df-a213-00a0d18d7b3c}\ not found.
File \AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98341a19-2836-11df-8f59-00a0d18d7b3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98341a19-2836-11df-8f59-00a0d18d7b3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98341a19-2836-11df-8f59-00a0d18d7b3c}\ not found.
File \AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98341a35-2836-11df-8f59-00a0d18d7b3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98341a35-2836-11df-8f59-00a0d18d7b3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98341a35-2836-11df-8f59-00a0d18d7b3c}\ not found.
File \AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b62fee4d-fff2-11de-8b87-00a0d18d7b3c}\ not found.
File \LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File \AutoRun.exe not found.
File C:\Users\Cian S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cian
->Temp folder emptied: 190662783 bytes
->Temporary Internet Files folder emptied: 20046458 bytes
->Java cache emptied: 2521281 bytes
->FireFox cache emptied: 69188199 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 199662 bytes

User: Cian S
->Temp folder emptied: 327271726 bytes
->Temporary Internet Files folder emptied: 300397875 bytes
->Java cache emptied: 46324545 bytes
->FireFox cache emptied: 62607558 bytes
->Google Chrome cache emptied: 14064606 bytes
->Apple Safari cache emptied: 9175040 bytes
->Flash cache emptied: 29501 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127228231 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 37563502 bytes
RecycleBin emptied: 760061712 bytes

Total Files Cleaned = 1,877.00 mb


[EMPTYFLASH]

User: All Users

User: Cian
->Flash cache emptied: 0 bytes

User: Cian S
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Cian
->Java cache emptied: 0 bytes

User: Cian S
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cian S\Desktop\cmd.bat deleted successfully.
C:\Users\Cian S\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10212012_140154

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Thank you so much for your help! You are a lifesaver. Presume it's all sorted now!

ASJ112

looks good. open OTL click the cleanup! button then we are all done

mastermind2005

kerry4sam wrote: »

According to this, you should



So can you take it to your own local repair shop?

I had this garda virus problem with my work computer, dropped it into a laptop repair shop in Dublin they had it taken off in 10 mins while i had coffee...

c.a.white

I just got rid of this Garda virus with microsoft security essential. It is free on MS downloads. Even my Kaspersky Pure didn't catch it.