Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

ity.im message

  • 15-01-2013 2:35pm
    #1
    Posts: 0


    Hi all.

    Please help.

    I had that FBI virus and I followed the instructions to clear it online.

    I am pretty sure that it has been removed.

    However I keep getting dialog box appearing saying;

    "pleaes remove all ity.im ads from your website"

    when I click ok it keeps popping up.


    Can anyone help as its very annoying!!


«1

Comments

  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo




  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users, Registered Users 2 Posts: 1 liz2sweet


    I am having the same issue. Should I start my own thread?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    It would be easier if you did, less confusion for everybody when logs get posted.


  • Posts: 0 [Deleted User]


    OTL logfile created on: 16/01/2013 13:14:14 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 27.68% Memory free
    3.98 Gb Paging File | 2.20 Gb Available in Paging File | 55.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.37 Gb Total Space | 26.86 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
    Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

    Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/16 13:14:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Downloads\OTL.exe
    PRC - [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/04/19 03:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/04/05 04:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 03:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/06/24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2008/05/09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    PRC - [2008/04/16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    PRC - [2008/01/21 02:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
    PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/15 13:20:32 | 000,026,112 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\apiclass\apiclass.dll
    MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
    MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll
    MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
    MOD - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2012/11/05 13:14:20 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
    MOD - [2012/11/05 13:14:20 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
    MOD - [2008/03/06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2006/12/01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2006/10/10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Services (SafeList) ==========

    SRV - [2013/01/15 14:26:14 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
    SRV - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
    SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/04/16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2013/01/15 14:53:31 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\Temp\MpKsl6e2a7ff1.sys -- (MpKsl6e2a7ff1)
    DRV - [2012/11/05 13:14:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2012/05/21 11:26:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
    DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/03/19 04:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/02/22 04:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2011/05/20 15:38:50 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV - [2011/05/20 15:38:50 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2011/05/20 15:38:50 | 000,064,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
    DRV - [2011/05/20 15:38:50 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
    DRV - [2011/05/20 15:38:42 | 000,237,440 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2011/05/20 15:38:42 | 000,192,768 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2011/05/20 15:38:42 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV - [2011/05/20 15:38:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/07/15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2008/05/19 18:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/15 08:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBIE346
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8C95502E-A6E8-49FF-A45C-9E2293C1BFDD}&mid=7a5c1a716d6f47d6b4b0d1577545f721-b40fd6f95f22484e83614dec8c10d7fafcd4ec76&lang=en&ds=AVG&pr=fr&d=2012-02-01 11:41:06&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/17 13:11:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 13:14:44 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Google Drive = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Angry Birds Halloween = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnejcfmiaimkpmbpbdjnkddcenaagjik\1.2_0\
    CHR - Extension: Google Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Angry Birds Heikki = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgdfbadfflkanjeofdhgmckbgjgjppmd\1.0_0\
    CHR - Extension: Angry Birds Space = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\echcgcnnjpaoiandnoaabdpgjbkdnbdl\1.8_0\
    CHR - Extension: Fruit Ninja = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofdejdahdbbmnibkpgbfknnpbhpbcad\1.6_0\
    CHR - Extension: Snake Nyan Cat = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajelofbgjlanfnbmjjibflhfabbendh\5.0_0\
    CHR - Extension: Angry Birds HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbeejaaccmfedjclgfmcjbgjaodmbpl\1.1_0\
    CHR - Extension: Cut the Rope = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
    CHR - Extension: Google Play Music = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
    CHR - Extension: Angry Birds Rio = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\igpbjfbdomonphnncmmmligdokfpijkg\1.0_0\
    CHR - Extension: AVG Safe Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
    CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcekienaggkimjnnkamhalijnjiaimlc\1.0_0\
    CHR - Extension: Angry Birds Halloween HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjgfdlkpoaepbllgicnccmmokoolgpc\3.2.3_0\
    CHR - Extension: PricePeep = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\
    CHR - Extension: Happy Wheels = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
    CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
    CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
    CHR - Extension: Angry Birds Seasons = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\phelepmjcjmdeeglafbadihdajcfbnda\1.0_0\
    CHR - Extension: Gmail = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gangnam Style Escape! = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbpimieknpjhhkpggolbandppahmlc\1.0.0.0_0\
    CHR - Extension: Bridge Tactics = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkgkmbkefhenjmacfpgmlalnmhncjdp\0.0.0.1_0\

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [apiclass] C:\Users\Liam\AppData\Roaming\apiclass\apiclass.dll ()
    O4 - HKCU..\Run: [Bytes of Learning] C:\Users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll (Microsoft Corporation)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - Reg Error: Value error. File not found
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Reg Error: Value error. File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4A3E6A-AE88-42F8-A1D7-DC844567945D}: DhcpNameServer = 10.128.128.128
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7C23A8-4889-471B-820B-0F340CD568C9}: DhcpNameServer = 89.19.64.164 89.19.64.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F232C2-9BF0-4C90-92CE-B42EA2501A42}: DhcpNameServer = 89.19.64.164 89.19.64.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 149.5.32.2 149.5.32.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F8F4B5-EE29-4497-BF3C-74117B90D87D}: DhcpNameServer = 89.19.64.164 89.19.64.36
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell - "" = AutoRun
    O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell - "" = AutoRun
    O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\AutoRun\command - "" = Digisystem\swe.exe
    O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\Option1\Command - "" = Digisystem\swe.exe
    O34 - HKLM BootExecute: ("autocheck autochk *")
    O34 - HKLM BootExecute: ("C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart")
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/15 13:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/15 13:35:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/15 13:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/15 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/01/15 13:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/01/15 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\Bytes of Learning
    [2013/01/15 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\apiclass
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/16 13:12:34 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/16 13:12:34 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/16 13:11:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/16 13:11:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/16 13:11:41 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/16 13:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/15 15:06:22 | 000,002,000 | ---- | M] () -- C:\Users\Liam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/15 15:06:22 | 000,001,976 | ---- | M] () -- C:\Users\Liam\Desktop\Google Chrome.lnk
    [2013/01/15 15:04:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/15 15:04:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/15 15:04:07 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/15 14:26:13 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/01/15 14:26:13 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/01/15 14:26:09 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
    [2013/01/15 13:35:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 13:32:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/15 13:20:26 | 000,001,356 | ---- | M] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
    [2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe_.b
    [2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe.b
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/15 13:48:58 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/15 13:35:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 13:32:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/14 14:12:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\X022EFa3.exe_.b
    [2013/01/14 14:12:30 | 000,000,001 | ---- | C] () -- C:\ProgramData\X022EFa3.exe.b
    [2012/09/05 13:41:32 | 000,000,455 | ---- | C] () -- C:\Windows\mathb16.ini
    [2012/09/05 13:40:58 | 000,000,000 | ---- | C] () -- C:\Windows\rkeeper.ini
    [2012/05/21 11:17:16 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
    [2012/05/17 13:25:40 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPHr
    [2012/05/17 13:25:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPH
    [2012/05/17 13:19:58 | 000,000,256 | -H-- | C] () -- C:\ProgramData\agqoYg1ZMQSrPH
    [2012/01/26 10:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
    [2011/10/26 08:19:37 | 000,000,000 | -H-- | C] () -- C:\Users\Liam\AppData\Local\{E8598705-0A91-4AF9-9AE6-51A9C0C2EB7B}
    [2011/05/20 15:11:30 | 000,230,004 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2009/09/29 09:50:30 | 000,025,600 | -H-- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/11 13:57:32 | 000,024,206 | -H-- | C] () -- C:\Users\Liam\AppData\Roaming\UserTile.png
    [2009/06/10 13:21:58 | 000,007,956 | -H-- | C] () -- C:\Users\Liam\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    "ThreadingModel" = Both
    "" = shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >


  • Advertisement
  • Posts: 0 [Deleted User]


    OTL Extras logfile created on: 16/01/2013 13:14:14 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 27.68% Memory free
    3.98 Gb Paging File | 2.20 Gb Available in Paging File | 55.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.37 Gb Total Space | 26.86 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
    Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

    Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1708641F-5D81-4394-8BBE-E58325C6212B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{28876057-1CE6-44AE-9D25-10E71110A670}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{37A0CDE8-5F97-4C9B-92C8-AAE1CF34A8D1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{50462AFE-B797-41BC-9008-395F9F52EF75}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{92B66F6D-6B8C-48AE-8510-FB34974FB21C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{CC09A560-F2FE-4861-B75A-E7F8116CFE1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{D2D5E06E-45FD-4467-BD22-7FFF0E6385C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{E2750DF8-D2C5-49F8-896D-8B31F19C7820}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{F05956B0-0258-4796-BB39-6D5E9AC7CACF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{F4AA8F00-4B6A-4D6D-B601-63B5324A25F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "TCP Query User{B232C61C-F512-49AB-9126-3B45DB238975}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{C4679A1C-ABC5-4583-9B2A-C79E76725CA8}C:\program files\ukey5\ukey5.exe" = protocol=6 | dir=in | app=c:\program files\ukey5\ukey5.exe |
    "UDP Query User{7A3E402F-B1D9-4982-8D45-5508C1B7A6ED}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{944CC52A-B442-4921-AC46-4934A10DDDC5}C:\program files\ukey5\ukey5.exe" = protocol=17 | dir=in | app=c:\program files\ukey5\ukey5.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D6DA21F-50C2-4983-93CC-4C211F20E710}" = SAPI5SpeechInstaller
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{602945F3-084E-48DE-B908-5E76784FD28A}" = SAPI5VoiceInstaller
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3D40200-ECFF-11D5-A83D-000000000001}" = GeoAze
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
    "{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "193bb64c00732e4d5ff2a48ccd900ee4" = Tizzy's Toybox SE
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AVG" = AVG 2012
    "AVG Secure Search" = AVG Security Toolbar
    "CCleaner" = CCleaner
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "mathb32" = Maths Blaster Ages 6-9
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "myphotobook" = myphotobook 3.6
    "Picasa 3" = Picasa 3
    "PricePeep" = PricePeep
    "QuickTime" = QuickTime
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "UltraKey 5.0" = UltraKey 5.0
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/2012 09:52:49 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
    Description =

    Error - 13/11/2012 05:16:40 | Computer Name = Special-Needs | Source = VmbService | ID = 0
    Description = conflictManagerTypeValue

    Error - 13/11/2012 05:17:02 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
    Description =

    Error - 05/12/2012 09:33:19 | Computer Name = Special-Needs | Source = VmbService | ID = 0
    Description = conflictManagerTypeValue

    Error - 05/12/2012 09:33:17 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
    Description =

    Error - 05/12/2012 10:01:46 | Computer Name = Special-Needs | Source = MsiInstaller | ID = 11719
    Description =

    Error - 05/12/2012 10:03:08 | Computer Name = Special-Needs | Source = MsiInstaller | ID = 11719
    Description =

    Error - 05/12/2012 10:14:55 | Computer Name = Special-Needs | Source = VmbService | ID = 0
    Description = conflictManagerTypeValue

    Error - 05/12/2012 10:15:24 | Computer Name = Special-Needs | Source = WinMgmt | ID = 10
    Description =

    Error - 05/12/2012 10:45:11 | Computer Name = Special-Needs | Source = MsiInstaller | ID = 11719
    Description =

    [ System Events ]
    Error - 15/01/2013 11:04:07 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 15/01/2013 11:04:11 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 15/01/2013 11:04:11 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 15/01/2013 11:05:01 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 15/01/2013 11:06:04 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 16/01/2013 09:11:39 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 16/01/2013 09:11:39 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 16/01/2013 09:11:40 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 16/01/2013 09:11:40 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 16/01/2013 09:11:41 | Computer Name = Special-Needs | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .


    < End of report >


  • Posts: 0 [Deleted User]


    Also I am getting full page ads when I open a new page on Chrome.

    I ve downloaded AdwCleaner here are the results

    # AdwCleaner v2.105 - Logfile created 01/16/2013 at 13:39:05
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Liam - SPECIAL-NEEDS
    # Boot Mode : Normal
    # Running from : C:\Users\Liam\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files\AVG Secure Search
    Folder Found : C:\Program Files\Common Files\AVG Secure Search
    Folder Found : C:\Program Files\PricePeep
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\Users\Liam\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Found : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Folder Found : C:\Users\Liam\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\PricePeep
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
    Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\193bb64c00732e4d5ff2a48ccd900ee4
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKU\S-1-5-21-417167783-1036390090-3082990728-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16450

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [6632 octets] - [16/01/2013 13:35:07]
    AdwCleaner[R2].txt - [6692 octets] - [16/01/2013 13:35:35]
    AdwCleaner[R3].txt - [6623 octets] - [16/01/2013 13:39:05]

    ########## EOF - C:\AdwCleaner[R3].txt - [6683 octets] ##########


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    let adwcleaner delete the stuff it found.


    do you recognise/know these entries ?

    O4 - HKCU..\Run: [apiclass] C:\Users\Liam\AppData\Roaming\apiclass\apiclass.dll ()
    O4 - HKCU..\Run: [Bytes of Learning] C:\Users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll (Microsoft Corporation)
    [2013/01/15 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\Bytes of Learning
    [2013/01/15 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\apiclass



    open OTL copy and paste this in the custom scan/fixes box


    :OTL
    O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell - "" = AutoRun
    O33 - MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell - "" = AutoRun
    O33 - MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\AutoRun\command - "" = Digisystem\swe.exe
    O33 - MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\Shell\Option1\Command - "" = Digisystem\swe.exe
    [2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe_.b
    [2013/01/14 14:12:30 | 000,000,001 | ---- | M] () -- C:\ProgramData\X022EFa3.exe.b
    [2012/05/17 13:25:40 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPHr
    [2012/05/17 13:25:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-agqoYg1ZMQSrPH
    [2012/05/17 13:19:58 | 000,000,256 | -H-- | C] () -- C:\ProgramData\agqoYg1ZMQSrPH


    click run fix post the log it gives you.


    then update mbam, run a quick scan and post that log too. if you have any old logs from mbam post them too.


  • Posts: 0 [Deleted User]


    Dont recognise those at all.


    here is the log

    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186b524e-2aac-11e2-88fe-001e101fe70e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186b524e-2aac-11e2-88fe-001e101fe70e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{186b524e-2aac-11e2-88fe-001e101fe70e}\ not found.
    File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50f44bb0-eb90-11e0-a2b5-001e33a11ed2}\ not found.
    File D:\setup_vmb_lite.exe /checkApplicationPresence not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6ae-e6e3-11e0-94ca-001e33a11ed2}\ not found.
    File D:\setup_vmb_lite.exe /checkApplicationPresence not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b608f6bd-e6e3-11e0-94ca-001e33a11ed2}\ not found.
    File D:\setup_vmb_lite.exe /checkApplicationPresence not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ not found.
    File Digisystem\swe.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa0349e5-3503-11e0-a312-001e33a11ed2}\ not found.
    File Digisystem\swe.exe not found.
    C:\ProgramData\X022EFa3.exe_.b moved successfully.
    C:\ProgramData\X022EFa3.exe.b moved successfully.
    C:\ProgramData\-agqoYg1ZMQSrPHr moved successfully.
    C:\ProgramData\-agqoYg1ZMQSrPH moved successfully.
    C:\ProgramData\agqoYg1ZMQSrPH moved successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 01162013_145412


  • Posts: 0 [Deleted User]


    Old logs from mbam

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.21.01

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Liam :: SPECIAL-NEEDS [administrator]

    21/05/2012 12:14:41
    mbam-log-2012-05-21 (12-14-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 193657
    Time elapsed: 6 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GQYhoLHhwMyfqNi.exe (Trojan.FakeHDD) -> Data: C:\ProgramData\GQYhoLHhwMyfqNi.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\ProgramData\GQYhoLHhwMyfqNi.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.
    C:\ProgramData\agqoYg1ZMQSrPH.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.

    (end)








    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.15.09

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Liam :: SPECIAL-NEEDS [administrator]

    15/01/2013 13:38:28
    mbam-log-2013-01-15 (13-38-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203336
    Time elapsed: 6 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\vidshakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vidshakeSA (Adware.HotBar.CP) -> Data: "C:\Users\Liam\AppData\Local\vidshakeSA\bin\1.0.8.0\vidshakeSA.exe" -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dllexp (Trojan.FakeMS) -> Data: rundll32.exe "C:\Users\Liam\AppData\Roaming\dllexp.dll",exp -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-417167783-1036390090-3082990728-1000\$be262b1597774c954ddbbb043397a2ca\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.
    HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 8
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0 (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\bin (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0 (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\data (Adware.HotBar.VS) -> Quarantined and deleted successfully.

    Files Detected: 33
    C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\vidshakeSA.exe (Adware.HotBar.CP) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Roaming\dllexp.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\ProgramData\X022EFa3.exe (Worm.Dorkbot) -> Quarantined and deleted successfully.
    C:\$RECYCLE.BIN\S-1-5-21-417167783-1036390090-3082990728-1000\$be262b1597774c954ddbbb043397a2ca\n (Trojan.0Access) -> Delete on reboot.
    C:\Users\Liam\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Liam\frxpsrxclrmsghb.exe (RootKit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Liam\geetboebgvfn.exe (Trojan.Agent.FSA36) -> Quarantined and deleted successfully.
    C:\Users\Liam\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Users\Liam\yfllekyvnubykphqhf.exe (Worm.Dorkbot) -> Quarantined and deleted successfully.
    C:\Users\Liam\zgljfhwzivkxdb.exe (Trojan.Bublik) -> Quarantined and deleted successfully.
    C:\Users\Liam\zxccitoaawbov.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
    C:\Users\Liam\Downloads\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Update.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\vih.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\Update.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\vih.exe (Trojan.Lameshield.124) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\vidshakeSA.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\VidShakeSACB.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\bin\1.0.8.0\vidshakeSAHook.dll (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_hpk.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\Local Settings\Application Data\VidShakeSA\data\VidShakeSA_kyf_update.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\copyright.txt (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\VidShakeSACB.exe (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\bin\1.0.8.0\vidshakeSAHook.dll (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\data\vidshakeSA.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSAau.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSA_hpk.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSA_kyf.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.
    C:\Users\Liam\AppData\Local\VidShakeSA\data\VidShakeSA_kyf_update.dat (Adware.HotBar.VS) -> Quarantined and deleted successfully.

    (end)



    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.15.09

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Liam :: SPECIAL-NEEDS [administrator]

    15/01/2013 14:36:54
    mbam-log-2013-01-15 (14-36-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211462
    Time elapsed: 23 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Quarantined and deleted successfully.

    (end)


  • Advertisement
  • Posts: 0 [Deleted User]


    most recent

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.15.09

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Liam :: SPECIAL-NEEDS [administrator]

    16/01/2013 14:58:39
    mbam-log-2013-01-16 (14-58-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213084
    Time elapsed: 10 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


  • Posts: 0 [Deleted User]


    Also Ive just noticed that AVG doesnt update itself.

    When Ive tried to do it manually it cant.

    I tried to uninstall avg with the intention of re installing it but it wont let me uninstall saying that the Windows Installer Service could not be accessed.

    Is this related to the virus?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    potentially, mbam found a lot of junk earlier, so we need to use something a bit stronger.


    download and run combofix, post the log it gives you


    http://www.bleepingcomputer.com/download/combofix/


  • Registered Users, Registered Users 2 Posts: 2 herve


    I've the same problem? Any solution?


  • Registered Users, Registered Users 2 Posts: 2 herve


    Help I've got the same one since 3-4 days


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you make a new topic and follow the previous instructions for running combofix


  • Posts: 0 [Deleted User]


    Hi
    Laptop actions are very slow after that scan.

    Here is the log from CombiFix

    ComboFix 13-01-17.01 - Liam 17/01/2013 10:57:03.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.1915.251 [GMT 0:00]
    Running from: c:\users\Liam\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run
    .







    c:\users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll
    c:\users\Liam\AppData\Roaming\apiclass\apiclass.dll
    c:\windows\system32\pt
    c:\windows\system32\pt\toscdspd.cpl.mui
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-17 11:28 . 2013-01-17 11:28
    d
    w- c:\users\Default\AppData\Local\temp
    2013-01-16 14:54 . 2013-01-16 14:54
    d
    w- C:\_OTL
    2013-01-15 13:35 . 2013-01-15 13:35
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-15 13:35 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-15 13:32 . 2013-01-15 13:32
    d
    w- c:\program files\CCleaner
    2013-01-15 13:20 . 2013-01-17 10:22
    d
    w- c:\users\Liam\AppData\Local\Bytes of Learning
    2013-01-15 13:20 . 2013-01-17 10:22
    d
    w- c:\users\Liam\AppData\Roaming\apiclass
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-15 14:26 . 2012-05-01 09:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-15 14:26 . 2011-06-10 10:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-15 14:26 . 2012-08-30 13:25 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-11-05 13:14 . 2012-09-05 12:27 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-05 13:14 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-05 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-05 997320]
    "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-05 1022048]
    .
    c:\users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @=&quot;Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-09-26 13:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
    2007-10-31 21:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
    2011-05-23 15:19 274944 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-02-11 11:39 98304 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-04-08 13:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
    2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
    2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
    2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
    2008-01-17 15:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-15 14:49 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 14:26]
    .
    2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 20:41]
    .
    2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 20:41]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.ie/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    TCP: DhcpNameServer = 10.128.128.128
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    .
    .
    File Associations
    .
    JSEFile=NOTEPAD.EXE "%1"
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-apiclass - c:\users\Liam\AppData\Roaming\apiclass\apiclass.dll
    HKCU-Run-Bytes of Learning - c:\users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll
    HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
    MSConfigStartUp-iolo Startup - c:\program files\iolo\Common\Lib\ioloLManager.exe
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-17 11:30
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
    Bytes of Learning = Rundll32.exe "c:\users\Liam\AppData\Local\Bytes of Learning\svsjsqme.dll",DllGetClassObject?123456789
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @=&quot;c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @=&quot;{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'Explorer.exe'(4332)
    c:\windows\system32\wdmaud.drv
    .
    Completion time: 2013-01-17 11:55:51
    ComboFix-quarantined-files.txt 2013-01-17 11:51
    .
    Pre-Run: 32,033,271,808 bytes free
    Post-Run: 31,423,176,704 bytes free
    .
    - - End Of File - - 9F9E904EE96CAAC6B3ECB5DA80895491


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL copy and paste this into the custom scan/fixes box


    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c
    c:\users\Liam\AppData\Local\Bytes of Learning
    c:\users\Liam\AppData\Roaming\apiclass


    click run fix, post the log it gives.


    then restart the pc, open OTL copy and paste this in the custom scan/fixes box


    C:\Users\Liam\AppData\Roaming\*.*
    C:\Users\Liam\*.*
    C:\Users\Liam\Local Settings\*.*
    C:\ProgramData\*.*
    C:\Users\Liam\Local Settings\Application Data\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SaveMBR:0
    createrestorepoint
    %systemroot%\*. /mp /s
    C:\*.*
    showhidden

    click run scan, post the log it gives


  • Posts: 0 [Deleted User]


    All processes killed
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Liam
    ->Temp folder emptied: 75354 bytes
    ->Temporary Internet Files folder emptied: 27031856 bytes
    ->Java cache emptied: 867991 bytes
    ->Google Chrome cache emptied: 7111803 bytes
    ->Flash cache emptied: 821 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15373 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 33.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Liam
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Liam
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Liam\Downloads\cmd.bat deleted successfully.
    C:\Users\Liam\Downloads\cmd.txt deleted successfully.
    c:\users\Liam\AppData\Local\Bytes of Learning folder moved successfully.
    c:\users\Liam\AppData\Roaming\apiclass folder moved successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 01172013_122854

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Posts: 0 [Deleted User]


    OTL logfile created on: 17/01/2013 13:34:11 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 19.11% Memory free
    3.98 Gb Paging File | 2.03 Gb Available in Paging File | 51.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.37 Gb Total Space | 28.90 Gb Free Space | 38.87% Space Free | Partition Type: NTFS
    Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

    Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/16 13:14:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Downloads\OTL.exe
    PRC - [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/04/19 03:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/04/05 04:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 03:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    PRC - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/06/24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2008/05/09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    PRC - [2008/04/16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
    MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll
    MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
    MOD - [2012/11/05 13:14:20 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2012/11/05 13:14:20 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
    MOD - [2012/11/05 13:14:20 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
    MOD - [2008/03/06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2006/12/01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
    MOD - [2006/10/10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Services (SafeList) ==========

    SRV - [2013/01/15 14:26:14 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/05 13:14:20 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012/04/30 08:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
    SRV - [2008/08/25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV - [2008/07/18 19:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
    SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/04/16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/02/06 13:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\Temp\MpKsl6e2a7ff1.sys -- (MpKsl6e2a7ff1)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Liam\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/11/05 13:14:20 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2012/05/21 11:26:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
    DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/03/19 04:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/02/22 04:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2011/05/20 15:38:50 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV - [2011/05/20 15:38:50 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2011/05/20 15:38:50 | 000,064,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
    DRV - [2011/05/20 15:38:50 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
    DRV - [2011/05/20 15:38:42 | 000,237,440 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2011/05/20 15:38:42 | 000,192,768 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2011/05/20 15:38:42 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV - [2011/05/20 15:38:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2008/07/18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2008/07/15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2008/05/19 18:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/15 08:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GBIE346
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8C95502E-A6E8-49FF-A45C-9E2293C1BFDD}&mid=7a5c1a716d6f47d6b4b0d1577545f721-b40fd6f95f22484e83614dec8c10d7fafcd4ec76&lang=en&ds=AVG&pr=fr&d=2012-02-01 11:41:06&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/17 13:11:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/05 13:14:44 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Google Drive = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Angry Birds Halloween = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnejcfmiaimkpmbpbdjnkddcenaagjik\1.2_0\
    CHR - Extension: Google Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Angry Birds Heikki = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgdfbadfflkanjeofdhgmckbgjgjppmd\1.0_0\
    CHR - Extension: Angry Birds Space = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\echcgcnnjpaoiandnoaabdpgjbkdnbdl\1.8_0\
    CHR - Extension: Fruit Ninja = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofdejdahdbbmnibkpgbfknnpbhpbcad\1.6_0\
    CHR - Extension: Snake Nyan Cat = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajelofbgjlanfnbmjjibflhfabbendh\5.0_0\
    CHR - Extension: Angry Birds HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbeejaaccmfedjclgfmcjbgjaodmbpl\1.1_0\
    CHR - Extension: Cut the Rope = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
    CHR - Extension: Google Play Music = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
    CHR - Extension: Angry Birds Rio = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\igpbjfbdomonphnncmmmligdokfpijkg\1.0_0\
    CHR - Extension: AVG Safe Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
    CHR - Extension: Angry Birds = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcekienaggkimjnnkamhalijnjiaimlc\1.0_0\
    CHR - Extension: Angry Birds Halloween HD = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjgfdlkpoaepbllgicnccmmokoolgpc\3.2.3_0\
    CHR - Extension: PricePeep = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\
    CHR - Extension: Happy Wheels = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
    CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
    CHR - Extension: AVG Secure Search = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
    CHR - Extension: Angry Birds Seasons = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\phelepmjcjmdeeglafbadihdajcfbnda\1.0_0\
    CHR - Extension: Gmail = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gangnam Style Escape! = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpbpimieknpjhhkpggolbandppahmlc\1.0.0.0_0\
    CHR - Extension: Bridge Tactics = C:\Users\Liam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkgkmbkefhenjmacfpgmlalnmhncjdp\0.0.0.1_0\

    O1 HOSTS File: ([2013/01/17 12:30:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - Reg Error: Value error. File not found
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Reg Error: Value error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4A3E6A-AE88-42F8-A1D7-DC844567945D}: DhcpNameServer = 10.128.128.128
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7C23A8-4889-471B-820B-0F340CD568C9}: DhcpNameServer = 89.19.64.164 89.19.64.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85F232C2-9BF0-4C90-92CE-B42EA2501A42}: DhcpNameServer = 89.19.64.164 89.19.64.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 149.5.32.2 149.5.32.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F8F4B5-EE29-4497-BF3C-74117B90D87D}: DhcpNameServer = 89.19.64.164 89.19.64.36
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
    MsConfig - StartUpReg: HSON - hkey= - key= - File not found
    MsConfig - StartUpReg: MobileBroadband - hkey= - key= - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
    MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
    MsConfig - StartUpReg: Toshiba TEMPO - hkey= - key= - C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
    MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
    MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: hitmanpro36 - Reg Error: Value error.
    SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
    SafeBootNet: HitmanPro36Crusader - Reg Error: Value error.
    SafeBootNet: HitmanPro36CrusaderBoot - Reg Error: Value error.
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfPf - Driver
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/17 12:07:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/17 11:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2013/01/17 11:44:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/17 10:49:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/17 10:42:20 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/01/17 09:42:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/17 09:42:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/17 09:35:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/17 09:34:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/16 14:54:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/15 13:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/15 13:35:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/15 13:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/15 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/01/15 13:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

    ========== Files - Modified Within 30 Days ==========

    [2013/01/17 13:36:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2013/01/17 13:25:26 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/17 13:25:26 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/17 13:25:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/17 13:22:46 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/17 13:20:55 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/17 13:20:55 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/17 13:20:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/17 13:20:46 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/17 12:46:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/17 12:30:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2013/01/17 12:22:37 | 000,324,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/01/16 15:15:01 | 000,085,048 | ---- | M] () -- C:\Users\Liam\Desktop\AVGInstLog.cab
    [2013/01/15 15:06:22 | 000,002,000 | ---- | M] () -- C:\Users\Liam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/15 15:06:22 | 000,001,976 | ---- | M] () -- C:\Users\Liam\Desktop\Google Chrome.lnk
    [2013/01/15 14:26:13 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/01/15 14:26:13 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/01/15 14:26:09 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
    [2013/01/15 13:35:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 13:32:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/15 13:20:26 | 000,001,356 | ---- | M] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat

    ========== Files Created - No Company Name ==========

    [2013/01/17 13:36:56 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
    [2013/01/17 09:42:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/17 09:42:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/17 09:42:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/17 09:42:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/17 09:42:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/16 15:15:01 | 000,085,048 | ---- | C] () -- C:\Users\Liam\Desktop\AVGInstLog.cab
    [2013/01/15 13:48:58 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/15 13:35:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 13:32:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/05 13:41:32 | 000,000,455 | ---- | C] () -- C:\Windows\mathb16.ini
    [2012/09/05 13:40:58 | 000,000,000 | ---- | C] () -- C:\Windows\rkeeper.ini
    [2012/05/21 11:17:16 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
    [2012/01/26 10:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
    [2011/10/26 08:19:37 | 000,000,000 | ---- | C] () -- C:\Users\Liam\AppData\Local\{E8598705-0A91-4AF9-9AE6-51A9C0C2EB7B}
    [2011/05/20 15:11:30 | 000,230,004 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2009/09/29 09:50:30 | 000,025,600 | ---- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/11 13:57:32 | 000,024,206 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\UserTile.png
    [2009/06/10 13:21:58 | 000,007,956 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    < C:\Users\Liam\AppData\Roaming\*.* >
    [2009/06/11 13:57:32 | 000,024,206 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\UserTile.png
    [2012/05/17 11:04:32 | 000,007,956 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\wklnhst.dat

    < C:\Users\Liam\*.* >
    [2013/01/16 15:14:52 | 000,025,074 | ---- | M] () -- C:\Users\Liam\msi-20130116-151448.log
    [2013/01/17 13:32:50 | 002,097,152 | -HS- | M] () -- C:\Users\Liam\ntuser.dat
    [2013/01/17 13:32:50 | 000,262,144 | ---- | M] () -- C:\Users\Liam\ntuser.dat.LOG1
    [2009/05/22 12:34:28 | 000,000,000 | ---- | M] () -- C:\Users\Liam\ntuser.dat.LOG2
    [2013/01/17 13:18:27 | 000,065,536 | -HS- | M] () -- C:\Users\Liam\ntuser.dat{0f50a824-9943-11de-a989-001e33a11ed2}.TM.blf
    [2013/01/17 13:18:27 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\ntuser.dat{0f50a824-9943-11de-a989-001e33a11ed2}.TMContainer00000000000000000001.regtrans-ms
    [2009/09/04 11:28:11 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\ntuser.dat{0f50a824-9943-11de-a989-001e33a11ed2}.TMContainer00000000000000000002.regtrans-ms
    [2009/08/28 14:02:14 | 000,065,536 | -HS- | M] () -- C:\Users\Liam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2009/08/28 14:02:14 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2009/05/22 14:23:04 | 000,524,288 | -HS- | M] () -- C:\Users\Liam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [2009/05/22 12:34:28 | 000,000,020 | -HS- | M] () -- C:\Users\Liam\ntuser.ini
    [2013/01/16 15:11:46 | 000,033,210 | ---- | M] () -- C:\Users\Liam\wintemplog.txt

    < C:\Users\Liam\Local Settings\*.* >

    < C:\ProgramData\*.* >
    [2011/05/20 15:11:30 | 000,230,004 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4

    < C:\Users\Liam\Local Settings\Application Data\*.* >

    < %systemroot%\*. /mp /s >

    < C:\*.* >
    [2013/01/16 13:35:12 | 000,006,632 | ---- | M] () -- C:\AdwCleaner[R1].txt
    [2013/01/16 13:35:40 | 000,006,692 | ---- | M] () -- C:\AdwCleaner[R2].txt
    [2013/01/16 13:39:10 | 000,006,752 | ---- | M] () -- C:\AdwCleaner[R3].txt
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/08/07 14:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2013/01/17 11:56:38 | 000,012,909 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2013/01/17 13:20:46 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/09 12:34:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/10/09 12:34:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2013/01/17 13:20:44 | 2322,862,080 | -HS- | M] () -- C:\pagefile.sys
    [2013/01/17 13:36:56 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2009/05/22 11:29:22 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
    [2009/02/05 09:46:27 | 000,000,229 | ---- | M] () -- C:\SWSTAMP.TXT
    [2012/05/21 15:50:57 | 000,000,000 | RH-D | M] -- C:\Users\Liam\AppData\Local\Microsoft\Windows\Burn\Burn

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >


  • Advertisement
  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks good

    update mbam run a quick scan post that log and tell me how its running


  • Posts: 0 [Deleted User]


    It is scanning now.

    I tried to update AVG but the update failed. stating general error


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Try re-install AVG


  • Posts: 0 [Deleted User]


    Tried to uninstall it.

    Setup error. The Windows Installer Service could not be accessed. This can occur if you are running in Safe Mode or if the Windows Installer is not correctly installed. Contact your support pesonnel for assistance.

    error code: 0xc0070643


  • Posts: 0 [Deleted User]


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.17.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Liam :: SPECIAL-NEEDS [administrator]

    17/01/2013 14:54:53
    mbam-log-2013-01-17 (14-54-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220072
    Time elapsed: 20 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


  • Registered Users, Registered Users 2 Posts: 3 marcelbrown


    I've started a blog post to gather information on this particular malware. There does not appear to be much information about it at this time.

    http://solotechpros.com/2013/01/17/pleaes-remove-all-ity-im-ads-from-your-website/

    Anyone that finds anything out, please let me know.

    Thanks!


  • Posts: 0 [Deleted User]


    Good morning.

    The latest.
    Pop up ads have stopped.

    Those ity.im dialog boxes are still coming up.

    I cannot get AVG to uninstall or update.

    Setup error. The Windows Installer Service could not be accessed. This can occur if you are running in Safe Mode or if the Windows Installer is not correctly installed. Contact your support pesonnel for assistance.

    error code: 0xc0070643

    Laptop has no anti virus now. Should I download another?

    Laptop actions very slow and delayed now too.


    Popup ads are back :(


  • Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    Go to here http://www.avg.com/ww-en/utilities get the correct tool for your os,remove avg,avast is a good free anti virus.http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button
    Install and register, you might want to think about a boot scan when avast is installed.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112




  • Advertisement
  • Posts: 0 [Deleted User]


    Ive uninstalled AVG and installed Avast.

    Every couple of minutes a warning flashes up of a malicious url blocked even though I am not on the internet (on a diff laptop now) so something must still be amiss

    The ity.im boxes are still coming up.

    The ads still pop up as full pages when moving to a different internet page.

    Avast is nearly halfway through a scan and has 7 infected files so far


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    You probably have a MBR infection, its trickier than usual ones. Can you post the avast log here when its done.


  • Registered Users, Registered Users 2 Posts: 3 marcelbrown


    FYI, it appears this infection is an MBR rootkit, Rootkit.Boot.SST.b, also possibly known as Trojan.MBR.Alureon!IK. The apparent cure requires booting the machine from an external boot CD or USB drive (or pulling the drive out of the machine and connecting it to another machine) and running TDSSKiller or Hitman Pro (or perhaps another utility that can be run from an external drive). I will detail this on the earlier referenced blog link. Hopefully this information will be helpful to the person working with the OP. Good luck!


  • Posts: 0 [Deleted User]


    ASJ112 wrote: »
    You probably have a MBR infection, its trickier than usual ones. Can you post the avast log here when its done.
    Hi Ive scanned in Avast but dont know how to post log (its not in notepad form)
    There were 7 infections found.
    They have been moved "to chest"

    The pop up ads are still coming but the ity.im dialogue boxes have stopped so far.

    Running speed is very slow


  • Registered Users, Registered Users 2 Posts: 3 marcelbrown


    I have more information about this infection here: http://solotechpros.com/2013/01/17/pleaes-remove-all-ity-im-ads-from-your-website/

    The simple answer is from a different PC, download and prepare a boot disc or USB drive of Windows Defender Offline. Boot the infected PC from this disc and have it do a scan. It should find the MBR rootkit.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you do this step that I mentioned earlier

    download tdsskiller and aswmbr, run them and post the logs

    http://www.bleepingcomputer.com/download/aswmbr/
    http://www.bleepingcomputer.com/download/tdsskiller/


    also if you know how to take a screenshot, do that to show me what avast found.


  • Advertisement
  • Posts: 0 [Deleted User]


    Here is screen shot from the Avast scans.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    They don't look too bad, can you do the scans above


  • Posts: 0 [Deleted User]


    Ive downloaded both.

    I click on them to run but nothing happens.....?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Can you try close down your anti-virus and any other programs before you run them. If they don't work then, can you try run them in safe mode.


  • Posts: 0 [Deleted User]


    running in safe mode. Still not doing anything. Should something open up after I click run?


  • Advertisement
  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    yeah they should open up and let you run them.

    do this instead

    download combofix again, run it, and post that log


    http://www.bleepingcomputer.com/download/combofix/


  • Posts: 0 [Deleted User]


    have ran combofix. cant find the logs though


    scrap that.........its just starting to run now


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    usually logs will be saved in your C:\ drive, called combofix.txt


  • Posts: 0 [Deleted User]


    combofix log

    ComboFix 13-01-24.01 - Liam 24/01/2013 14:29:09.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.1915.356 [GMT 0:00]
    Running from: c:\users\Liam\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-24 15:02 . 2013-01-24 15:02
    d
    w- c:\users\Default\AppData\Local\temp
    2013-01-22 14:26 . 2013-01-22 14:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-18 13:59 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-01-18 13:59 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-01-18 13:59 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-01-18 13:59 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-01-18 13:59 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-01-18 13:59 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-01-18 13:58 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
    2013-01-18 13:58 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-01-18 13:57 . 2013-01-18 13:57
    d
    w- c:\programdata\AVAST Software
    2013-01-18 13:57 . 2013-01-18 13:57
    d
    w- c:\program files\AVAST Software
    2013-01-18 12:10 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-18 12:10 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-01-18 12:10 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-01-18 12:10 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
    2013-01-18 12:10 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-01-18 12:10 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-01-18 12:10 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-18 12:10 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-18 12:10 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-01-18 12:10 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-01-18 12:10 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2013-01-18 12:01 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-18 12:01 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-17 16:07 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-17 16:06 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2013-01-17 16:06 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-17 16:06 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    2013-01-17 16:06 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-17 16:06 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-01-17 16:06 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-17 16:06 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
    2013-01-17 16:06 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2013-01-17 13:36 . 2013-01-17 13:36 512 ----a-w- C:\PhysicalMBR.bin
    2013-01-17 11:56 . 2013-01-17 11:56
    d
    w- c:\programdata\WindowsSearch
    2013-01-16 14:54 . 2013-01-16 14:54
    d
    w- C:\_OTL
    2013-01-15 13:35 . 2013-01-15 13:35
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-15 13:35 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-15 13:32 . 2013-01-15 13:32
    d
    w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-15 14:26 . 2012-05-01 09:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-15 14:26 . 2011-06-10 10:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-15 14:26 . 2012-08-30 13:25 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @=&quot;{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    c:\users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @=&quot;Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @=&quot;Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-09-26 13:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
    2007-10-31 21:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
    2011-05-23 15:19 274944 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-02-11 11:39 98304 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-04-08 13:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
    2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
    2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
    2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
    2008-01-17 15:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-15 14:49 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 14:26]
    .
    2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 20:41]
    .
    2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 20:41]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.ie/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
    TCP: DhcpNameServer = 10.128.128.128
    .
    .
    File Associations
    .
    JSEFile=NOTEPAD.EXE "%1"
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-24 15:05
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @=&quot;c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @=&quot;IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @=&quot;{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'Explorer.exe'(4180)
    c:\windows\system32\igdumdx32.dll
    c:\windows\system32\igdumd32.dll
    .
    Completion time: 2013-01-24 15:21:34
    ComboFix-quarantined-files.txt 2013-01-24 15:21
    ComboFix2.txt 2013-01-17 11:56
    .
    Pre-Run: 30,287,147,008 bytes free
    Post-Run: 30,376,820,736 bytes free
    .
    - - End Of File - - 1B090F7262700D2FE20AAEC28FB045AF


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Don't suppose you have the log from when you ran hitmanpro ?


    download and run roguekiller, post the log from it

    http://www.bleepingcomputer.com/download/roguekiller/


    this next scan may take a few minutes. open OTL click the None button at the top. copy and paste this in the custom scan/fixes box


    c:\windows\system32\drivers\volsnap.sys /md5
    c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe /md5
    C:\netsetup.exe /s /md5
    C:\rpm1m.cf1 /s
    C:\*.cf1 /s
    C:\rpm1m.* /s
    C:\ity.* /s
    C:\*.im /s


    click run scan post the log it gives.


  • Posts: 0 [Deleted User]


    No idea if I have that Hitmanpro log. where would it be?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Should be around here

    Logs under Settings, History where you can view the created log files.

    or

    Results window. Click the Save Log link and save the log to your desktop.


    Go on with the other steps if you cant find it.


  • Posts: 0 [Deleted User]


    RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Safe mode with network support
    User : Liam [Admin rights]
    Mode : Scan -- Date : 01/25/2013 12:52:39
    | ARK || MBR |

    €€€ Bad processes : 0 €€€

    €€€ Registry Entries : 10 €€€
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Liam\Pictures\tropical-beach-wallpaper-1920x1200.jpg) -> FOUND

    €€€ Particular Files / Folders: €€€

    €€€ Driver : [NOT LOADED] €€€

    €€€ Infection : Root.MBR €€€

    €€€ HOSTS File: €€€
    --> C:\Windows\system32\drivers\etc\hosts

    ÿþ1

    €€€ MBR Check: €€€

    +++++ PhysicalDrive0: TOSHIBA MK1652GSX +++++
    --- User ---
    [MBR] 8ce030dea975cced57d221b862768431
    [BSP] 4faac61575f30567c7d8a8a931297d3d : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 76154 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 159037440 | Size: 74971 Mo
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] 37efafaf8d47ce75a1e3056e78a1fa09
    [BSP] 4faac61575f30567c7d8a8a931297d3d : Windows Vista MBR Code [possible maxSST in 3!]
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 76154 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 159037440 | Size: 74971 Mo
    3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312579760 | Size: 0 Mo
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 37efafaf8d47ce75a1e3056e78a1fa09
    [BSP] 4faac61575f30567c7d8a8a931297d3d : Windows Vista MBR Code [possible maxSST in 3!]
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 76154 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 159037440 | Size: 74971 Mo
    3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312579760 | Size: 0 Mo

    Finished : << RKreport[1]_S_01252013_02d1252.txt >>
    RKreport[1]_S_01252013_02d1252.txt


  • Posts: 0 [Deleted User]


    OTL logfile created on: 25/01/2013 13:13:26 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liam\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 47.48% Memory free
    3.98 Gb Paging File | 3.10 Gb Available in Paging File | 77.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.37 Gb Total Space | 30.06 Gb Free Space | 40.41% Space Free | Partition Type: NTFS
    Drive E: | 73.21 Gb Total Space | 67.93 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

    Computer Name: SPECIAL-NEEDS | User Name: Liam | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < c:\windows\system32\drivers\volsnap.sys /md5 >
    [2012/08/21 11:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- c:\windows\system32\drivers\volsnap.sys

    < c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe /md5 >
    [2013/01/15 14:49:23 | 001,606,760 | ---- | M] (Google Inc.) MD5=0A5562952091635CBF3AC20F9FB73D09 -- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

    < C:\netsetup.exe /s /md5 >
    [2005/12/21 09:39:08 | 001,708,032 | ---- | M] () MD5=A3B81E15B513C05BA36189505C42867B -- C:\Program Files\UKey5\NetSetup.exe

    < C:\rpm1m.cf1 /s >
    [2009/05/22 14:22:35 | 000,008,134 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\rpm1m.cf1

    < C:\*.cf1 /s >
    [2009/05/22 14:22:59 | 000,262,144 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\dbvm.cf1
    [2009/05/22 14:22:34 | 000,008,122 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\fii.cf1
    [2009/05/22 14:22:35 | 000,008,134 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\rpm.cf1
    [2009/05/22 14:22:35 | 000,008,134 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\rpm1m.cf1
    [2009/05/22 14:22:59 | 000,008,122 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\safeweb\goog-black-enchashm.cf1
    [2009/05/22 14:22:59 | 000,008,122 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\safeweb\goog-black-urlm.cf1
    [2009/05/22 14:22:59 | 000,008,122 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\safeweb\goog-malware-domainm.cf1
    [2009/05/22 14:22:59 | 000,008,122 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\safeweb\goog-white-domainm.cf1
    [2012/03/08 15:04:23 | 000,262,144 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\dbvm.cf1
    [2012/03/08 15:04:23 | 020,971,520 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\fii.cf1
    [2012/03/08 15:04:23 | 041,943,040 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\rpm.cf1
    [2009/10/02 13:25:40 | 041,943,040 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\safeweb\goog-black-enchashm.cf1
    [2009/09/28 08:42:10 | 000,262,144 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\safeweb\goog-black-urlm.cf1
    [2009/09/04 11:28:05 | 000,008,122 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\safeweb\goog-malware-domainm.cf1
    [2009/11/02 12:53:06 | 000,262,144 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\ad8ec13bb018\safeweb\goog-white-domainm.cf1

    < C:\rpm1m.* /s >
    [2009/05/22 14:22:35 | 000,008,134 | ---- | M] () -- C:\Users\Liam\AppData\Local\Google\Google Desktop\234f26a6d22c\rpm1m.cf1

    < C:\ity.* /s >

    < C:\*.im /s >

    < End of report >


  • Posts: 0 [Deleted User]


    what do I do here when the roguekiller has finished?


  • Advertisement
Advertisement