ity.im message

Hi all.

Please help.

I had that FBI virus and I followed the instructions to clear it online.

I am pretty sure that it has been removed.

However I keep getting dialog box appearing saying;

"pleaes remove all ity.im ads from your website"

when I click ok it keeps popping up.


Can anyone help as its very annoying!!

yoyo

Moved from Comp & Tech.

ASJ112

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files here

liz2sweet

I am having the same issue. Should I start my own thread?

ASJ112

It would be easier if you did, less confusion for everybody when logs get posted.

@avg

OTL logfile created on: 16/01/2013 13:14:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 27.68% Memory free
3.98 Gb Paging File | 2.20 Gb Available in Paging File | 55.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 26.86 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 13:14:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Downloads\OTL.exe
PRC - [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 03:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 04:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 03:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/21 02:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/15 13:20:32 | 000,026,112 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\apiclass\apiclass.dll
MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/05 13:14:20 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/05 13:14:20 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2008/03/06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2013/01/15 14:26:14 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/01/15 14:53:31 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\Temp\MpKsl6e2a7ff1.sys -- (MpKsl6e2a7ff1)
DRV - [2012/11/05 13:14:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/05/21 11:26:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 04:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 04:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/05/20 15:38:50 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/05/20 15:38:50 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/05/20 15:38:50 | 000,064,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/05/20 15:38:50 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/05/20 15:38:42 | 000,237,440 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/05/20 15:38:42 | 000,192,768 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/05/20 15:38:42 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/05/20 15:38:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/05/19 18:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 08:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBIE346
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8C95502E-A6E8-49FF-A45C-9E2293C1BFDD}&mid=7a5c1a716d6f47d6b4b0d1577545f721-b40fd6f95f22484e83614dec8c10d7fafcd4ec76&lang=en&ds=AVG&pr=fr&d=2012-02-01 11:41:06&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/17 13:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 13:14:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Angry Birds Halloween = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnejcfmiaimkpmbpbdjnkddcenaagjik\1.2_0\
CHR - Extension: Google Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Angry Birds Heikki = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgdfbadfflkanjeofdhgmckbgjgjppmd\1.0_0\
CHR - Extension: Angry Birds Space = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\echcgcnnjpaoiandnoaabdpgjbkdnbdl\1.8_0\
CHR - Extension: Fruit Ninja = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofdejdahdbbmnibkpgbfknnpbhpbcad\1.6_0\
CHR - Extension: Snake Nyan Cat = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajelofbgjlanfnbmjjibflhfabbendh\5.0_0\
CHR - Extension: Angry Birds HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbeejaaccmfedjclgfmcjbgjaodmbpl\1.1_0\
CHR - Extension: Cut the Rope = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: Google Play Music = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: Angry Birds Rio = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\igpbjfbdomonphnncmmmligdokfpijkg\1.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcekienaggkimjnnkamhalijnjiaimlc\1.0_0\
CHR - Extension: Angry Birds Halloween HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjgfdlkpoaepbllgicnccmmokoolgpc\3.2.3_0\
CHR - Extension: PricePeep = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\
CHR - Extension: Happy Wheels = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Angry Birds Seasons = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\phelepmjcjmdeeglafbadihdajcfbnda\1.0_0\
CHR - Extension: Gmail = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gangnam Style Escape! = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbpimieknpjhhkpggolbandppahmlc\1.0.0.0_0\
CHR - Extension: Bridge Tactics = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkgkmbkefhenjmacfpgmlalnmhncjdp\0.0.0.1_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [apiclass] C:\Users\Liam\AppData\Roaming\apiclass\apiclass.dll ()
O4 - HKCU..\Run: [Bytes of Learning] C:\Users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - Reg Error: Value error. File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4A3E6A-AE88-42F8-A1D7-DC844567945D}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7C23A8-4889-471B-820B-0F340CD568C9}: DhcpNameServer = 89.19.64.164 89.19.64.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F232C2-9BF0-4C90-92CE-B42EA2501A42}: DhcpNameServer = 89.19.64.164 89.19.64.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 149.5.32.2 149.5.32.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F8F4B5-EE29-4497-BF3C-74117B90D87D}: DhcpNameServer = 89.19.64.164 89.19.64.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell\AutoRun\command - "" = \setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell\AutoRun\command - "" = \setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = \setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = \setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\AutoRun\command - "" = Digisystem\swe.exe
O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\Option1\Command - "" = Digisystem\swe.exe
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: ("C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 13:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/15 13:35:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/15 13:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/15 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/15 13:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/15 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\Bytes of Learning
[2013/01/15 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\apiclass
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/16 13:12:34 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/16 13:12:34 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/16 13:11:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/16 13:11:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/16 13:11:41 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 13:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/15 15:06:22 | 000,002,000 | ---- | M] () -- C:\Users\Liam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/15 15:06:22 | 000,001,976 | ---- | M] () -- C:\Users\Liam\Desktop\Google Chrome.lnk
[2013/01/15 15:04:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 15:04:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 15:04:07 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/15 14:26:13 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/15 14:26:13 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/15 14:26:09 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/15 13:35:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 13:32:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/15 13:20:26 | 000,001,356 | ---- | M] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
[2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe_.b
[2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe.b
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/15 13:48:58 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/15 13:35:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 13:32:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/14 14:12:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\X022EFa3.exe_.b
[2013/01/14 14:12:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\X022EFa3.exe.b
[2012/09/05 13:41:32 | 000,000,455 | ---- | C] () -- C:\Windows\mathb16.ini
[2012/09/05 13:40:58 | 000,000,000 | ---- | C] () -- C:\Windows\rkeeper.ini
[2012/05/21 11:17:16 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/05/17 13:25:40 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPHr
[2012/05/17 13:25:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPH
[2012/05/17 13:19:58 | 000,000,256 | -H-- | C] () -- C:\ProgramData\agqoYg1ZMQSrPH
[2012/01/26 10:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
[2011/10/26 08:19:37 | 000,000,000 | -H-- | C] () -- C:\Users\Liam\AppData\Local\{E8598705-0A91-4AF9-9AE6-51A9C0C2EB7B}
[2011/05/20 15:11:30 | 000,230,004 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/09/29 09:50:30 | 000,025,600 | -H-- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 13:57:32 | 000,024,206 | -H-- | C] () -- C:\Users\Liam\AppData\Roaming\UserTile.png
[2009/06/10 13:21:58 | 000,007,956 | -H-- | C] () -- C:\Users\Liam\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 16/01/2013 13:14:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 27.68% Memory free
3.98 Gb Paging File | 2.20 Gb Available in Paging File | 55.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 26.86 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1708641F-5D81-4394-8BBE-E58325C6212B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{28876057-1CE6-44AE-9D25-10E71110A670}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{37A0CDE8-5F97-4C9B-92C8-AAE1CF34A8D1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50462AFE-B797-41BC-9008-395F9F52EF75}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{92B66F6D-6B8C-48AE-8510-FB34974FB21C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{CC09A560-F2FE-4861-B75A-E7F8116CFE1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D2D5E06E-45FD-4467-BD22-7FFF0E6385C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E2750DF8-D2C5-49F8-896D-8B31F19C7820}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F05956B0-0258-4796-BB39-6D5E9AC7CACF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{F4AA8F00-4B6A-4D6D-B601-63B5324A25F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"TCP Query User{B232C61C-F512-49AB-9126-3B45DB238975}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C4679A1C-ABC5-4583-9B2A-C79E76725CA8}C:\program files\ukey5\ukey5.exe" = protocol=6 | dir=in | app=c:\program files\ukey5\ukey5.exe |
"UDP Query User{7A3E402F-B1D9-4982-8D45-5508C1B7A6ED}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{944CC52A-B442-4921-AC46-4934A10DDDC5}C:\program files\ukey5\ukey5.exe" = protocol=17 | dir=in | app=c:\program files\ukey5\ukey5.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D6DA21F-50C2-4983-93CC-4C211F20E710}" = SAPI5SpeechInstaller
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{602945F3-084E-48DE-B908-5E76784FD28A}" = SAPI5VoiceInstaller
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D40200-ECFF-11D5-A83D-000000000001}" = GeoAze
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"193bb64c00732e4d5ff2a48ccd900ee4" = Tizzy's Toybox SE
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"mathb32" = Maths Blaster Ages 6-9
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"myphotobook" = myphotobook 3.6
"Picasa 3" = Picasa 3
"PricePeep" = PricePeep
"QuickTime" = QuickTime
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"UltraKey 5.0" = UltraKey 5.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2012 09:52:49 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
Description =

Error - 13/11/2012 05:16:40 | Computer Name = Special-Needs | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 13/11/2012 05:17:02 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
Description =

Error - 05/12/2012 09:33:19 | Computer Name = Special-Needs | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 05/12/2012 09:33:17 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
Description =

Error - 05/12/2012 10:01:46 | Computer Name = Special-Needs | Source = MsiInstaller | ID = 11719
Description =

Error - 05/12/2012 10:03:08 | Computer Name = Special-Needs | Source = MsiInstaller | ID = 11719
Description =

Error - 05/12/2012 10:14:55 | Computer Name = Special-Needs | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 05/12/2012 10:15:24 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
Description =

Error - 05/12/2012 10:45:11 | Computer Name = Special-Needs | Source = MsiInstaller | ID = 11719
Description =

[ System Events ]
Error - 15/01/2013 11:04:07 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 15/01/2013 11:04:11 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 15/01/2013 11:04:11 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 15/01/2013 11:05:01 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 15/01/2013 11:06:04 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 16/01/2013 09:11:39 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 16/01/2013 09:11:39 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 16/01/2013 09:11:40 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 16/01/2013 09:11:40 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 16/01/2013 09:11:41 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >

@avg

Also I am getting full page ads when I open a new page on Chrome.

I ve downloaded AdwCleaner here are the results

# AdwCleaner v2.105 - Logfile created 01/16/2013 at 13:39:05
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Liam - SPECIAL-NEEDS
# Boot Mode : Normal
# Running from : C:\Users\Liam\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\PricePeep
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Liam\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Found : C:\Users\Liam\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PricePeep
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\193bb64c00732e4d5ff2a48ccd900ee4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-417167783-1036390090-3082990728-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6632 octets] - [16/01/2013 13:35:07]
AdwCleaner[R2].txt - [6692 octets] - [16/01/2013 13:35:35]
AdwCleaner[R3].txt - [6623 octets] - [16/01/2013 13:39:05]

########## EOF - C:\AdwCleaner[R3].txt - [6683 octets] ##########

ASJ112

let adwcleaner delete the stuff it found.


do you recognise/know these entries ?

O4 - HKCU..\Run: [apiclass] C:\Users\Liam\AppData\Roaming\apiclass\apiclass.dll ()
O4 - HKCU..\Run: [Bytes of Learning] C:\Users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll (Microsoft Corporation)
[2013/01/15 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\Bytes of Learning
[2013/01/15 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\apiclass



open OTL copy and paste this in the custom scan/fixes box


:OTL
O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell\AutoRun\command - "" = \setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell\AutoRun\command - "" = \setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = \setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = \setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\AutoRun\command - "" = Digisystem\swe.exe
O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\Option1\Command - "" = Digisystem\swe.exe
[2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe_.b
[2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe.b
[2012/05/17 13:25:40 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPHr
[2012/05/17 13:25:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPH
[2012/05/17 13:19:58 | 000,000,256 | -H-- | C] () -- C:\ProgramData\agqoYg1ZMQSrPH


click run fix post the log it gives you.


then update mbam, run a quick scan and post that log too. if you have any old logs from mbam post them too.

Dont recognise those at all.


here is the log

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186b524e-2aac-11e2-88fe-001e101fe70e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186b524e-2aac-11e2-88fe-001e101fe70e}\ not found.
File \setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ not found.
File \setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ not found.
File \setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ not found.
File \setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ not found.
File Digisystem\swe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ not found.
File Digisystem\swe.exe not found.
C:\ProgramData\X022EFa3.exe_.b moved successfully.
C:\ProgramData\X022EFa3.exe.b moved successfully.
C:\ProgramData\-agqoYg1ZMQSrPHr moved successfully.
C:\ProgramData\-agqoYg1ZMQSrPH moved successfully.
C:\ProgramData\agqoYg1ZMQSrPH moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01162013_145412

Old logs from mbam

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.21.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Liam :: SPECIAL-NEEDS [administrator]

21/05/2012 12:14:41
mbam-log-2012-05-21 (12-14-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193657
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GQYhoLHhwMyfqNi.exe (Trojan.FakeHDD) -> Data: C:\ProgramData\GQYhoLHhwMyfqNi.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\GQYhoLHhwMyfqNi.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.
C:\ProgramData\agqoYg1ZMQSrPH.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.

(end)








Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.15.09

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Liam :: SPECIAL-NEEDS [administrator]

15/01/2013 13:38:28
mbam-log-2013-01-15 (13-38-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203336
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\vidshakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vidshakeSA (Adware.HotBar.CP) -> Data: "C:\Users\Liam\AppData\Local\vidshakeSA\bin\1.0.8.0\vidshakeSA.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dllexp (Trojan.FakeMS) -> Data: rundll32.exe "C:\Users\Liam\AppData\Roaming\dllexp.dll",exp -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-417167783-1036390090-3082990728-1000\$be262b1597774c954ddbbb043397a2ca\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 8
C:\Users\Liam\Local Settings\Application Data\VidShakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0 (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\bin (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0 (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\data (Adware.HotBar.VS) -> Quarantined and deleted successfully.

Files Detected: 33
C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\vidshakeSA.exe (Adware.HotBar.CP) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Roaming\dllexp.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\ProgramData\X022EFa3.exe (Worm.Dorkbot) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-417167783-1036390090-3082990728-1000\$be262b1597774c954ddbbb043397a2ca\n (Trojan.0Access) -> Delete on reboot.
C:\Users\Liam\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Liam\frxpsrxclrmsghb.exe (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Liam\geetboebgvfn.exe (Trojan.Agent.FSA36) -> Quarantined and deleted successfully.
C:\Users\Liam\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Liam\yfllekyvnubykphqhf.exe (Worm.Dorkbot) -> Quarantined and deleted successfully.
C:\Users\Liam\zgljfhwzivkxdb.exe (Trojan.Bublik) -> Quarantined and deleted successfully.
C:\Users\Liam\zxccitoaawbov.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
C:\Users\Liam\Downloads\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Update.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\vih.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\Update.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\vih.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\vidshakeSA.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\VidShakeSACB.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\vidshakeSAHook.dll (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_hpk.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf_update.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\VidShakeSACB.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\vidshakeSAHook.dll (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSA_hpk.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSA_kyf_update.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.

(end)



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Liam :: SPECIAL-NEEDS [administrator]

15/01/2013 14:36:54
mbam-log-2013-01-15 (14-36-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211462
Time elapsed: 23 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Quarantined and deleted successfully.

(end)

most recent

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.15.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Liam :: SPECIAL-NEEDS [administrator]

16/01/2013 14:58:39
mbam-log-2013-01-16 (14-58-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213084
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Also Ive just noticed that AVG doesnt update itself.

When Ive tried to do it manually it cant.

I tried to uninstall avg with the intention of re installing it but it wont let me uninstall saying that the Windows Installer Service could not be accessed.

Is this related to the virus?

ASJ112

potentially, mbam found a lot of junk earlier, so we need to use something a bit stronger.


download and run combofix, post the log it gives you


http://www.bleepingcomputer.com/download/combofix/

herve

I've the same problem? Any solution?

herve

Help I've got the same one since 3-4 days

ASJ112

can you make a new topic and follow the previous instructions for running combofix

@=&quot

Hi
Laptop actions are very slow after that scan.

Here is the log from CombiFix

ComboFix 13-01-17.01 - Liam 17/01/2013 10:57:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.1915.251 [GMT 0:00]
Running from: c:\users\Liam\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run

---

.







c:\users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll
c:\users\Liam\AppData\Roaming\apiclass\apiclass.dll
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
.
.
2013-01-17 11:28 . 2013-01-17 11:28

---

d

---

w- c:\users\Default\AppData\Local\temp
2013-01-16 14:54 . 2013-01-16 14:54

---

d

---

w- C:\_OTL
2013-01-15 13:35 . 2013-01-15 13:35

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2013-01-15 13:35 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-15 13:32 . 2013-01-15 13:32

---

d

---

w- c:\program files\CCleaner
2013-01-15 13:20 . 2013-01-17 10:22

---

d

---

w- c:\users\Liam\AppData\Local\Bytes of Learning
2013-01-15 13:20 . 2013-01-17 10:22

---

d

---

w- c:\users\Liam\AppData\Roaming\apiclass
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 14:26 . 2012-05-01 09:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-15 14:26 . 2011-06-10 10:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-15 14:26 . 2012-08-30 13:25 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-11-05 13:14 . 2012-09-05 12:27 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-05 13:14 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-05 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-05 997320]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-05 1022048]
.
c:\users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@=&quot;Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-26 13:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 21:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-05-23 15:19 274944 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-02-11 11:39 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 13:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 15:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 14:49 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 14:26]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 20:41]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 20:41]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
TCP: DhcpNameServer = 10.128.128.128
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
.

---

File Associations

---

.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-apiclass - c:\users\Liam\AppData\Roaming\apiclass\apiclass.dll
HKCU-Run-Bytes of Learning - c:\users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-iolo Startup - c:\program files\iolo\Common\Lib\ioloLManager.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-17 11:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
Bytes of Learning = Rundll32.exe "c:\users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll",DllGetClassObject?123456789
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@=&quot;FlashBroker"
"LocalizedString"="@c\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@=&quot;c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@=&quot;IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@=&quot;{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

---

DLLs Loaded Under Running Processes

---

.
- - - - - - - > 'Explorer.exe'(4332)
c:\windows\system32\wdmaud.drv
.
Completion time: 2013-01-17 11:55:51
ComboFix-quarantined-files.txt 2013-01-17 11:51
.
Pre-Run: 32,033,271,808 bytes free
Post-Run: 31,423,176,704 bytes free
.
- - End Of File - - 9F9E904EE96CAAC6B3ECB5DA80895491

ASJ112

open OTL copy and paste this into the custom scan/fixes box


:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
c:\users\Liam\AppData\Local\Bytes of Learning
c:\users\Liam\AppData\Roaming\apiclass


click run fix, post the log it gives.


then restart the pc, open OTL copy and paste this in the custom scan/fixes box


C:\Users\Liam\AppData\Roaming\*.*
C:\Users\Liam\*.*
C:\Users\Liam\Local Settings\*.*
C:\ProgramData\*.*
C:\Users\Liam\Local Settings\Application Data\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
createrestorepoint
%systemroot%\*. /mp /s
C:\*.*
showhidden

click run scan, post the log it gives

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Liam
->Temp folder emptied: 75354 bytes
->Temporary Internet Files folder emptied: 27031856 bytes
->Java cache emptied: 867991 bytes
->Google Chrome cache emptied: 7111803 bytes
->Flash cache emptied: 821 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15373 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Liam
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Liam
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Liam\Downloads\cmd.bat deleted successfully.
C:\Users\Liam\Downloads\cmd.txt deleted successfully.
c:\users\Liam\AppData\Local\Bytes of Learning folder moved successfully.
c:\users\Liam\AppData\Roaming\apiclass folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01172013_122854

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

@avg

OTL logfile created on: 17/01/2013 13:34:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 19.11% Memory free
3.98 Gb Paging File | 2.03 Gb Available in Paging File | 51.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 28.90 Gb Free Space | 38.87% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/16 13:14:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Downloads\OTL.exe
PRC - [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 03:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 04:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 03:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/05 13:14:20 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/05 13:14:20 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2008/03/06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2013/01/15 14:26:14 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\Temp\MpKsl6e2a7ff1.sys -- (MpKsl6e2a7ff1)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Liam\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/05 13:14:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/05/21 11:26:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 04:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 04:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/05/20 15:38:50 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/05/20 15:38:50 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/05/20 15:38:50 | 000,064,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/05/20 15:38:50 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/05/20 15:38:42 | 000,237,440 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/05/20 15:38:42 | 000,192,768 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/05/20 15:38:42 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/05/20 15:38:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/05/19 18:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 08:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBIE346
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8C95502E-A6E8-49FF-A45C-9E2293C1BFDD}&mid=7a5c1a716d6f47d6b4b0d1577545f721-b40fd6f95f22484e83614dec8c10d7fafcd4ec76&lang=en&ds=AVG&pr=fr&d=2012-02-01 11:41:06&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/17 13:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 13:14:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Angry Birds Halloween = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnejcfmiaimkpmbpbdjnkddcenaagjik\1.2_0\
CHR - Extension: Google Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Angry Birds Heikki = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgdfbadfflkanjeofdhgmckbgjgjppmd\1.0_0\
CHR - Extension: Angry Birds Space = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\echcgcnnjpaoiandnoaabdpgjbkdnbdl\1.8_0\
CHR - Extension: Fruit Ninja = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofdejdahdbbmnibkpgbfknnpbhpbcad\1.6_0\
CHR - Extension: Snake Nyan Cat = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajelofbgjlanfnbmjjibflhfabbendh\5.0_0\
CHR - Extension: Angry Birds HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbeejaaccmfedjclgfmcjbgjaodmbpl\1.1_0\
CHR - Extension: Cut the Rope = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: Google Play Music = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: Angry Birds Rio = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\igpbjfbdomonphnncmmmligdokfpijkg\1.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcekienaggkimjnnkamhalijnjiaimlc\1.0_0\
CHR - Extension: Angry Birds Halloween HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjgfdlkpoaepbllgicnccmmokoolgpc\3.2.3_0\
CHR - Extension: PricePeep = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\
CHR - Extension: Happy Wheels = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Angry Birds Seasons = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\phelepmjcjmdeeglafbadihdajcfbnda\1.0_0\
CHR - Extension: Gmail = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gangnam Style Escape! = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbpimieknpjhhkpggolbandppahmlc\1.0.0.0_0\
CHR - Extension: Bridge Tactics = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkgkmbkefhenjmacfpgmlalnmhncjdp\0.0.0.1_0\

O1 HOSTS File: ([2013/01/17 12:30:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - Reg Error: Value error. File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4A3E6A-AE88-42F8-A1D7-DC844567945D}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7C23A8-4889-471B-820B-0F340CD568C9}: DhcpNameServer = 89.19.64.164 89.19.64.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F232C2-9BF0-4C90-92CE-B42EA2501A42}: DhcpNameServer = 89.19.64.164 89.19.64.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 149.5.32.2 149.5.32.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F8F4B5-EE29-4497-BF3C-74117B90D87D}: DhcpNameServer = 89.19.64.164 89.19.64.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: HSON - hkey= - key= - File not found
MsConfig - StartUpReg: MobileBroadband - hkey= - key= - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: Toshiba TEMPO - hkey= - key= - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: HitmanPro36Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 12:07:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/17 11:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/01/17 11:44:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 10:49:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/17 10:42:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/01/17 09:42:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/17 09:42:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/17 09:35:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/17 09:34:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/16 14:54:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/15 13:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/15 13:35:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/15 13:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/15 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/15 13:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2013/01/17 13:36:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/01/17 13:25:26 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/17 13:25:26 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/17 13:25:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 13:22:46 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 13:20:55 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 13:20:55 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 13:20:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 13:20:46 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 12:46:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 12:30:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/01/17 12:22:37 | 000,324,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/16 15:15:01 | 000,085,048 | ---- | M] () -- C:\Users\Liam\Desktop\AVGInstLog.cab
[2013/01/15 15:06:22 | 000,002,000 | ---- | M] () -- C:\Users\Liam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/15 15:06:22 | 000,001,976 | ---- | M] () -- C:\Users\Liam\Desktop\Google Chrome.lnk
[2013/01/15 14:26:13 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/15 14:26:13 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/15 14:26:09 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/15 13:35:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 13:32:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/15 13:20:26 | 000,001,356 | ---- | M] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2013/01/17 13:36:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/01/17 09:42:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/17 09:42:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/17 09:42:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/17 09:42:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/17 09:42:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 15:15:01 | 000,085,048 | ---- | C] () -- C:\Users\Liam\Desktop\AVGInstLog.cab
[2013/01/15 13:48:58 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/15 13:35:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 13:32:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/05 13:41:32 | 000,000,455 | ---- | C] () -- C:\Windows\mathb16.ini
[2012/09/05 13:40:58 | 000,000,000 | ---- | C] () -- C:\Windows\rkeeper.ini
[2012/05/21 11:17:16 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/26 10:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
[2011/10/26 08:19:37 | 000,000,000 | ---- | C] () -- C:\Users\Liam\AppData\Local\{E8598705-0A91-4AF9-9AE6-51A9C0C2EB7B}
[2011/05/20 15:11:30 | 000,230,004 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/09/29 09:50:30 | 000,025,600 | ---- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 13:57:32 | 000,024,206 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\UserTile.png
[2009/06/10 13:21:58 | 000,007,956 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< C:\Users\Liam\AppData\Roaming\*.* >
[2009/06/11 13:57:32 | 000,024,206 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\UserTile.png
[2012/05/17 11:04:32 | 000,007,956 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\wklnhst.dat

< C:\Users\Liam\*.* >
[2013/01/16 15:14:52 | 000,025,074 | ---- | M] () -- C:\Users\Liam\msi-20130116-151448.log
[2013/01/17 13:32:50 | 002,097,152 | -HS- | M] () -- C:\Users\Liam\ntuser.dat
[2013/01/17 13:32:50 | 000,262,144 | ---- | M] () -- C:\Users\Liam\ntuser.dat.LOG1
[2009/05/22 12:34:28 | 000,000,000 | ---- | M] () -- C:\Users\Liam\ntuser.dat.LOG2
[2013/01/17 13:18:27 | 000,065,536 | -HS- | M] () -- C:\Users\Liam\ntuser.dat{0f50a824-9943-11de-a989-001e33a11ed2}.TM.blf
[2013/01/17 13:18:27 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\ntuser.dat{0f50a824-9943-11de-a989-001e33a11ed2}.TMContainer00000000000000000001.regtrans-ms
[2009/09/04 11:28:11 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\ntuser.dat{0f50a824-9943-11de-a989-001e33a11ed2}.TMContainer00000000000000000002.regtrans-ms
[2009/08/28 14:02:14 | 000,065,536 | -HS- | M] () -- C:\Users\Liam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/08/28 14:02:14 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/05/22 14:23:04 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/05/22 12:34:28 | 000,000,020 | -HS- | M] () -- C:\Users\Liam\ntuser.ini
[2013/01/16 15:11:46 | 000,033,210 | ---- | M] () -- C:\Users\Liam\wintemplog.txt

< C:\Users\Liam\Local Settings\*.* >

< C:\ProgramData\*.* >
[2011/05/20 15:11:30 | 000,230,004 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4

< C:\Users\Liam\Local Settings\Application Data\*.* >

< %systemroot%\*. /mp /s >

< C:\*.* >
[2013/01/16 13:35:12 | 000,006,632 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/01/16 13:35:40 | 000,006,692 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013/01/16 13:39:10 | 000,006,752 | ---- | M] () -- C:\AdwCleaner[R3].txt
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/07 14:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013/01/17 11:56:38 | 000,012,909 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/01/17 13:20:46 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/09 12:34:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/09 12:34:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/01/17 13:20:44 | 2322,862,080 | -HS- | M] () -- C:\pagefile.sys
[2013/01/17 13:36:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2009/05/22 11:29:22 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2009/02/05 09:46:27 | 000,000,229 | ---- | M] () -- C:\SWSTAMP.TXT
[2012/05/21 15:50:57 | 000,000,000 | RH-D | M] -- C:\Users\Liam\AppData\Local\Microsoft\Windows\Burn\Burn

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

ASJ112

looks good

update mbam run a quick scan post that log and tell me how its running

It is scanning now.

I tried to update AVG but the update failed. stating general error

ASJ112

Try re-install AVG

Tried to uninstall it.

Setup error. The Windows Installer Service could not be accessed. This can occur if you are running in Safe Mode or if the Windows Installer is not correctly installed. Contact your support pesonnel for assistance.

error code: 0xc0070643

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.17.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Liam :: SPECIAL-NEEDS [administrator]

17/01/2013 14:54:53
mbam-log-2013-01-17 (14-54-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220072
Time elapsed: 20 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

marcelbrown

I've started a blog post to gather information on this particular malware. There does not appear to be much information about it at this time.

http://solotechpros.com/2013/01/17/pleaes-remove-all-ity-im-ads-from-your-website/

Anyone that finds anything out, please let me know.

Thanks!

Good morning.

The latest.
Pop up ads have stopped.

Those ity.im dialog boxes are still coming up.

I cannot get AVG to uninstall or update.

Setup error. The Windows Installer Service could not be accessed. This can occur if you are running in Safe Mode or if the Windows Installer is not correctly installed. Contact your support pesonnel for assistance.

error code: 0xc0070643

Laptop has no anti virus now. Should I download another?

Laptop actions very slow and delayed now too.


Popup ads are back

mp22

Go to here http://www.avg.com/ww-en/utilities get the correct tool for your os,remove avg,avast is a good free anti virus.http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button
Install and register, you might want to think about a boot scan when avast is installed.

ASJ112

download tdsskiller and aswmbr, run them and post the logs

http://www.bleepingcomputer.com/download/aswmbr/
http://www.bleepingcomputer.com/download/tdsskiller/

Ive uninstalled AVG and installed Avast.

Every couple of minutes a warning flashes up of a malicious url blocked even though I am not on the internet (on a diff laptop now) so something must still be amiss

The ity.im boxes are still coming up.

The ads still pop up as full pages when moving to a different internet page.

Avast is nearly halfway through a scan and has 7 infected files so far