TechSpot

0i763f66bz.exe request for install?

Solved
By Confused Newby
Aug 1, 2012
  1. Good Evening Broni,

    You helped me about 3 weeks ago now trying to get rid of this virus before my computer crashed on me. I'm now back on line and ready to resume the fix where we left off as no settings on computer have changed from the repair at the old data from the previous thread should still apply. Are we able to reactivate the old thread?? if not here is the last data requested from the Farbar recovery scan tool x 64:

    Scan result of Farbar Recovery Scan Tool Version: 10-07-01
    Ran by SYSTEM at 01-08-01 :01:50
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X6) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [157160 008-08-1] (Synaptics, Inc.)
    HKLM\...\Run: [RtHDVCpl] RAVCpl6.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [1968 008-0-05] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [5560 007-1-05] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [5195 007-1-10] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [86580 008-0-18] (TOSHIBA Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [50008 010-0-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1111568 011-10-08] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [19715 011-0-10] (Trend Micro Inc.)
    HKLM-x\...\Run: [NDSTray.exe] NDSTray.exe [x]
    HKLM-x\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
    HKLM-x\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [610 008-01-0] (Advanced Micro Devices, Inc.)
    HKLM-x\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [1779 008-09-5] (Chicony)
    HKLM-x\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office1\BCSSync.exe" /DelayServices [9150 010-0-1] (Microsoft Corporation)
    HKLM-x\...\Run: [DATAMNGR] C:\PROGRA~\SEARCH~\Datamngr\DATAMN~1.EXE [169608 01-0-8] (Bandoo Media, inc)
    HKLM-x\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [590 011-11-01] (Apple Inc.)
    HKLM-x\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [176 011-1-07] (Apple Inc.)
    HKLM-x\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [871 01-01-01] (Adobe Systems Incorporated)
    HKLM-x\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [5696 01-01-17] (Sun Microsystems, Inc.)
    HKLM-x\...\Run: [] [x]
    HKLM-x\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1917 01-01-0] (Ask)
    HKLM-x\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [96056 01-0-7] (RealNetworks, Inc.)
    HKLM-x\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [796 01-0-7] (Adobe Systems Incorporated)
    HKLM-x\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [690 01-07-0] (Malwarebytes Corporation)
    HKU\Administrator\...\Run: [WindowsWelcomeCenter] rundll.exe oobefldr.dll,ShowWelcomeCenter [8656 009-0-10] (Microsoft Corporation)
    HKU\Administrator\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [60 008-0-] (TOSHIBA)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 009-0-10] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll.exe oobefldr.dll,ShowWelcomeCenter [8656 009-0-10] (Microsoft Corporation)
    HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [60 008-0-] (TOSHIBA)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 009-0-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll.exe oobefldr.dll,ShowWelcomeCenter [8656 009-0-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [60 008-0-] (TOSHIBA)
    HKU\JAMES INGLISH\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [60 008-0-] (TOSHIBA)
    HKU\JAMES INGLISH\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [180 008-01-0] (Microsoft Corporation)
    HKU\JAMES INGLISH\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [819 011-01-17] ()
    HKU\JAMES INGLISH\...\Run: [Akamai NetSession Interface] "C:\Users\JAMES INGLISH\AppData\Local\Akamai\netsession_win.exe" [77 01-05-5] (Akamai Technologies, Inc)
    HKU\JAMES INGLISH\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [908 009-05-1] (Google Inc.)
    HKU\JAMES INGLISH\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [95579 01-05-0] (Samsung)
    HKU\JAMES INGLISH\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [51 01-05-0] (Samsung Electronics Co., Ltd.)
    HKU\JAMES INGLISH\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19 01-05-0] ()
    HKU\JAMES INGLISH\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17176 01-06-0] (Skype Technologies S.A.)
    HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM\WerFault.exe -k -rq [x]
    HKLM-x\...\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [690 01-07-0] (Malwarebytes Corporation)
    HKLM-x\...\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-DSVIL.exe" /REG /REGSVRMODE [7110 01-08-01] ()
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.18
    AppInit_DLLs: C:\PROGRA~\SEARCH~\Datamngr\x6\datamngr.dll C:\PROGRA~\SEARCH~\Datamngr\x6\IEBHO.dll C:\PROGRA~\SEARCH~1\SEARCH~1\x6\datamngr.dll C:\PROGRA~\SEARCH~1\SEARCH~1\x6\IEBHO.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HD Writer AE 1.0.lnk
    ShortcutTarget: HD Writer AE 1.0.lnk -> C:\Program Files (x86)\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe (Panasonic Corporation)
    Startup: C:\Users\JAMES INGLISH\Start Menu\Programs\Startup\Corel Registration.lnk
    ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\Graphics9\Register\Remind.exe (IntelliQuest Communications, Inc.)
    ==================== Services (Whitelisted) ======
    Akamai; C:\program files (x86)\common files\akamai/netsession_win_f7fccd.dll [199 01-07-10] (Akamai Technologies, Inc)
    jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [9568 008-0-15] (Atheros Communications, Inc.)
    MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [6559 01-07-0] (Malwarebytes Corporation)
    MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [9908 010-1-09] (Microsoft Corporation)
    MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [9908 010-1-09] (Microsoft Corporation)
    TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [81 008-0-10] (TOSHIBA Corporation)
    TomTomHOMEService; C:\Users\JAMES INGLISH\Downloads\TomTom HOME \TomTomHOMEService.exe [959 011-1-05] (TomTom)
    WSWNA100; C:\Program Files (x86)\NETGEAR\WNA100\WifiSvc.exe [8515 010-08-5] ()
    Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [x]
    ========================== Drivers (Whitelisted) =============
    0 ACPI; C:\Windows\System\Drivers\ACPI.sys [5608 009-0-10] (Microsoft Corporation)
    adp9xx; C:\Windows\System\Drivers\adp9xx.sys [8656 008-01-0] (Adaptec, Inc.)
    adpahci; C:\Windows\System\Drivers\adpahci.sys [58 008-01-0] (Adaptec, Inc.)
    adpu160m; C:\Windows\System\Drivers\adpu160m.sys [1650 008-01-0] (Adaptec, Inc.)
    adpu0; C:\Windows\System\Drivers\adpu0.sys [18591 008-01-0] (Adaptec, Inc.)
    1 AFD; C:\Windows\System\Drivers\AFD.sys [099 01-01-0] (Microsoft Corporation)
    agp0; C:\Windows\System\Drivers\agp0.sys [6568 008-01-0] (Microsoft Corporation)
    aic78xx; C:\Windows\system\drivers\djsvs.sys [88168 006-11-0] (Adaptec, Inc.)
    amdide; C:\Windows\System\Drivers\amdide.sys [15976 008-01-0] (Microsoft Corporation)
    AmdK8; C:\Windows\System\Drivers\AmdK8.sys [50688 008-01-0] (Microsoft Corporation)
    arc; C:\Windows\System\Drivers\arc.sys [90680 008-01-0] (Adaptec, Inc.)
    arcsas; C:\Windows\System\Drivers\arcsas.sys [9119 008-01-0] (Adaptec, Inc.)
    AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [016 008-01-0] (Microsoft Corporation)
    0 atapi; C:\Windows\System\Drivers\atapi.sys [095 009-0-10] (Microsoft Corporation)
    atikmdag; C:\Windows\System\Drivers\atikmdag.sys [600 008-05-1] (ATI Technologies Inc.)
    0 AtiPcie; C:\Windows\System\Drivers\AtiPcie.sys [16656 006-11-07] (ATI Technologies Inc.)
    blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5596 008-01-0] (Microsoft Corporation)
    bowser; C:\Windows\System\Drivers\bowser.sys [906 011-0-18] (Microsoft Corporation)
    BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 006-09-18] (Brother Industries, Ltd.)
    BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 006-09-18] (Brother Industries, Ltd.)
    Brserid; C:\Windows\System\Drivers\Brserid.sys [8658 006-11-0] (Brother Industries Ltd.)
    BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 006-09-18] (Brother Industries Ltd.)
    BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 006-09-18] (Brother Industries Ltd.)
    BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 006-09-19] (Brother Industries Ltd.)
    BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [50688 006-11-0] (Microsoft Corporation)
    cdfs; C:\Windows\System\Drivers\cdfs.sys [906 008-01-0] (Microsoft Corporation)
    1 cdrbsdrv; C:\Windows\System\Drivers\cdrbsdrv.sys [908 006-08-] (B.H.A Corporation)
    1 cdrom; C:\Windows\System\Drivers\cdrom.sys [7987 009-0-10] (Microsoft Corporation)
    circlass; C:\Windows\System\Drivers\circlass.sys [198 008-01-0] (Microsoft Corporation)
    CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1779 008-01-0] (Microsoft Corporation)
    0 Compbatt; C:\Windows\System\Drivers\Compbatt.sys [608 008-01-0] (Microsoft Corporation)
    0 crcdisk; C:\Windows\System\Drivers\crcdisk.sys [770 008-01-0] (Microsoft Corporation)
    1 DfsC; C:\Windows\System\Drivers\DfsC.sys [9779 011-0-1] (Microsoft Corporation)
    0 disk; C:\Windows\System\Drivers\disk.sys [670 009-0-10] (Microsoft Corporation)
    drmkaud; C:\Windows\System\Drivers\drmkaud.sys [61 008-01-0] (Microsoft Corporation)
    DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [90080 011-01-0] (Microsoft Corporation)
    E1G60; C:\Windows\System\DRIVERS\E1G60E.sys [16176 008-01-0] (Intel Corporation)
    0 Ecache; C:\Windows\System\Drivers\Ecache.sys [15511 009-0-10] (Microsoft Corporation)
    ErrDev; C:\Windows\System\Drivers\ErrDev.sys [870 008-01-0] (Microsoft Corporation)
    exfat; C:\Windows\System\Drivers\exfat.sys [18790 009-0-10] (Microsoft Corporation)
    fastfat; C:\Windows\System\Drivers\fastfat.sys [1981 009-0-10] (Microsoft Corporation)
    fdc; C:\Windows\System\Drivers\fdc.sys [9696 008-01-0] (Microsoft Corporation)
    0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [7000 008-01-0] (Microsoft Corporation)
    Filetrace; C:\Windows\System\Drivers\Filetrace.sys [80 008-01-0] (Microsoft Corporation)
    flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 008-01-0] (Microsoft Corporation)
    0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [75 009-0-10] (Microsoft Corporation)
    fssfltr; C:\Windows\System\Drivers\fssfltr.sys [888 010-09-] (Microsoft Corporation)
    1 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [168 01-0-9] (Microsoft Corporation)
    FwLnk; C:\Windows\System\Drivers\FwLnk.sys [870 006-11-19] (TOSHIBA Corporation)
    gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [6815 008-01-0] (Microsoft Corporation)
    HdAudAddService; C:\Windows\System\drivers\HdAudio.sys [790 006-11-01] (Microsoft Corporation)
    HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [9876 009-0-10] (Microsoft Corporation)
    HidBth; C:\Windows\System\Drivers\HidBth.sys [0 006-11-0] (Microsoft Corporation)
    HidIr; C:\Windows\System\Drivers\HidIr.sys [5600 006-11-0] (Microsoft Corporation)
    HidUsb; C:\Windows\System\Drivers\HidUsb.sys [1587 009-0-10] (Microsoft Corporation)
    HpCISSs; C:\Windows\System\Drivers\HpCISSs.sys [767 008-01-0] (Hewlett-Packard Company)
    HTTP; C:\Windows\System\Drivers\HTTP.sys [600 010-0-0] (Microsoft Corporation)
    iomp; C:\Windows\System\Drivers\iomp.sys [5896 008-01-0] (Microsoft Corporation)
    1 i80prt; C:\Windows\System\Drivers\i80prt.sys [6000 008-01-0] (Microsoft Corporation)
    iaStorV; C:\Windows\System\Drivers\iaStorV.sys [9087 008-01-0] (Intel Corporation)
    iirsp; C:\Windows\System\Drivers\iirsp.sys [68 006-11-0] (Intel Corp./ICP vortex GmbH)
    IntcAzAudAddService; C:\Windows\System\drivers\RTKVHD6.sys [196888 008-0-09] (Realtek Semiconductor Corp.)
    intelide; C:\Windows\System\Drivers\intelide.sys [1951 008-01-0] (Microsoft Corporation)
    intelppm; C:\Windows\System\Drivers\intelppm.sys [818 008-01-0] (Microsoft Corporation)
    IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [6758 009-0-10] (Microsoft Corporation)
    IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7688 008-01-0] (Microsoft Corporation)
    IPNAT; C:\Windows\System\Drivers\IPNAT.sys [11571 008-01-0] (Microsoft Corporation)
    IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1708 008-01-0] (Microsoft Corporation)
    isapnp; C:\Windows\System\Drivers\isapnp.sys [608 008-01-0] (Microsoft Corporation)
    iScsiPrt; C:\Windows\System\DRIVERS\msiscsi.sys [1558 009-0-10] (Microsoft Corporation)
    1 kbdclass; C:\Windows\System\Drivers\kbdclass.sys [00 008-01-0] (Microsoft Corporation)
    kbdhid; C:\Windows\System\Drivers\kbdhid.sys [080 008-01-0] (Microsoft Corporation)
    0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [515968 011-11-16] (Microsoft Corporation)
    ksthunk; C:\Windows\System\Drivers\ksthunk.sys [086 008-01-0] (Microsoft Corporation)
    lltdio; C:\Windows\System\Drivers\lltdio.sys [599 008-01-0] (Microsoft Corporation)
    LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1170 008-01-0] (LSI Logic)
    LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [105016 008-01-0] (LSI Logic)
    LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [1170 008-01-0] (LSI Logic)
    luafv; C:\Windows\System\Drivers\luafv.sys [109568 008-01-0] (Microsoft Corporation)
    MBAMProtector; \??\C:\Windows\system\drivers\mbam.sys [90 01-07-0] (Malwarebytes Corporation)
    megasas; C:\Windows\System\Drivers\megasas.sys [5896 008-01-0] (LSI Corporation)
    MegaSR; C:\Windows\System\Drivers\MegaSR.sys [88 008-01-0] (LSI Corporation, Inc.)
    Modem; C:\Windows\System\Drivers\Modem.sys [08 008-01-0] (Microsoft Corporation)
    monitor; C:\Windows\System\Drivers\monitor.sys [915 008-01-0] (Microsoft Corporation)
    1 mouclass; C:\Windows\System\Drivers\mouclass.sys [999 008-01-0] (Microsoft Corporation)
    mouhid; C:\Windows\System\Drivers\mouhid.sys [19968 008-01-0] (Microsoft Corporation)
    0 MountMgr; C:\Windows\System\Drivers\MountMgr.sys [7000 008-01-0] (Microsoft Corporation)
    mpio; C:\Windows\System\Drivers\mpio.sys [18056 008-01-0] (Microsoft Corporation)
    mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [8108 008-01-0] (Microsoft Corporation)
    Mraid5x; C:\Windows\System\Drivers\Mraid5x.sys [9016 006-11-0] (LSI Logic Corporation)
    MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [196 009-0-10] (Microsoft Corporation)
    mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15680 011-0-9] (Microsoft Corporation)
    mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [7556 011-07-06] (Microsoft Corporation)
    mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [107008 011-0-9] (Microsoft Corporation)
    0 msahci; C:\Windows\System\Drivers\msahci.sys [9656 009-0-10] (Microsoft Corporation)
    msdsm; C:\Windows\System\Drivers\msdsm.sys [1170 008-01-0] (Microsoft Corporation)
    1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 008-01-0] (Microsoft Corporation)
    0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [17976 008-01-0] (Microsoft Corporation)
    MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [11008 008-01-0] (Microsoft Corporation)
    MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [700 006-11-0] (Microsoft Corporation)
    MSPQM; C:\Windows\System\Drivers\MSPQM.sys [6656 006-11-0] (Microsoft Corporation)
    MsRPC; C:\Windows\System\Drivers\MsRPC.sys [10760 009-0-10] (Microsoft Corporation)
    mssmbios; C:\Windows\System\Drivers\mssmbios.sys [87 008-01-0] (Microsoft Corporation)
    MSTEE; C:\Windows\System\Drivers\MSTEE.sys [796 008-01-0] (Microsoft Corporation)
    0 Mup; C:\Windows\System\Drivers\Mup.sys [59880 009-0-10] (Microsoft Corporation)
    NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [1879 009-0-10] (Microsoft Corporation)
    0 NDIS; C:\Windows\System\Drivers\NDIS.sys [786 009-0-10] (Microsoft Corporation)
    NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 008-01-0] (Microsoft Corporation)
    Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [016 008-01-0] (Microsoft Corporation)
    NdisWan; C:\Windows\System\Drivers\NdisWan.sys [1697 009-0-10] (Microsoft Corporation)
    NDProxy; C:\Windows\System\Drivers\NDProxy.sys [5990 008-01-0] (Microsoft Corporation)
    1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 008-01-0] (Microsoft Corporation)
    1 netbt; C:\Windows\System\Drivers\netbt.sys [80 009-0-10] (Microsoft Corporation)
    NPF; C:\Windows\System\Drivers\NPF.sys [76 010-0-0] (CACE Technologies, Inc.)
    1 Npfs; C:\Windows\System\Drivers\Npfs.sys [5 009-0-10] (Microsoft Corporation)
    1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [06 008-01-0] (Microsoft Corporation)
    Ntfs; C:\Windows\System\Drivers\Ntfs.sys [151596 009-0-10] (Microsoft Corporation)
    1 Null; C:\Windows\System\Drivers\Null.sys [61 006-11-0] (Microsoft Corporation)
    nvraid; C:\Windows\System\Drivers\nvraid.sys [18056 008-01-0] (NVIDIA Corporation)
    nvstor; C:\Windows\System\Drivers\nvstor.sys [58 008-01-0] (NVIDIA Corporation)
    nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1650 008-01-0] (Microsoft Corporation)
    ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-0-10] (Microsoft Corporation)
    Parport; C:\Windows\System\Drivers\Parport.sys [96768 006-11-0] (Microsoft Corporation)
    0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7576 01-0-0] (Microsoft Corporation)
    0 pci; C:\Windows\System\Drivers\pci.sys [17866 009-0-10] (Microsoft Corporation)
    0 pciide; C:\Windows\System\Drivers\pciide.sys [11 009-0-10] (Microsoft Corporation)
    pcmcia; C:\Windows\System\Drivers\pcmcia.sys [068 006-11-0] (Microsoft Corporation)
    PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [7170 006-10-] (Microsoft Corporation)
    PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [98816 009-0-10] (Microsoft Corporation)
    Processor; C:\Windows\System\DRIVERS\processr.sys [710 008-01-0] (Microsoft Corporation)
    1 PSched; C:\Windows\System\DRIVERS\pacer.sys [908 009-0-10] (Microsoft Corporation)
    QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 008-01-0] (Microsoft Corporation)
    1 RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 008-01-0] (Microsoft Corporation)
    Rasltp; C:\Windows\System\Drivers\Rasltp.sys [198 009-0-10] (Microsoft Corporation)
    RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [50176 009-0-10] (Microsoft Corporation)
    RasSstp; C:\Windows\System\Drivers\RasSstp.sys [786 009-0-10] (Microsoft Corporation)
    1 rdbss; C:\Windows\System\Drivers\rdbss.sys [877 009-0-10] (Microsoft Corporation)
    1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7168 008-01-0] (Microsoft Corporation)
    rdpdr; C:\Windows\System\Drivers\rdpdr.sys [168 008-01-0] (Microsoft Corporation)
    1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7168 008-01-0] (Microsoft Corporation)
    RDPWD; C:\Windows\System\Drivers\RDPWD.sys [0990 01-05-01] (Microsoft Corporation)
    rimmptsk; C:\Windows\System\DRIVERS\rimmpx6.sys [6976 008-0-1] (REDC)
    rimsptsk; C:\Windows\System\DRIVERS\rimspx6.sys [5596 007-07-6] (REDC)
    rismxdp; C:\Windows\System\DRIVERS\rixdpx6.sys [57856 007-07-7] (REDC)
    rspndr; C:\Windows\System\Drivers\rspndr.sys [75776 008-01-0] (Microsoft Corporation)
    RTL8169; C:\Windows\System\DRIVERS\Rtlh6.sys [011 010-01-11] (Realtek )
    sbpport; C:\Windows\System\Drivers\sbpport.sys [9016 006-11-0] (Microsoft Corporation)
    0 SCMNdisP; C:\Windows\System\Drivers\SCMNdisP.sys [51 007-01-19] (Windows (R) Codename Longhorn DDK provider)
    sdbus; C:\Windows\System\Drivers\sdbus.sys [11110 009-0-10] (Microsoft Corporation)
    Serenum; C:\Windows\System\Drivers\Serenum.sys [00 006-11-0] (Microsoft Corporation)
    Serial; C:\Windows\System\Drivers\Serial.sys [908 006-11-0] (Microsoft Corporation)
    sermouse; C:\Windows\System\Drivers\sermouse.sys [66 008-01-0] (Microsoft Corporation)
    sffdisk; C:\Windows\System\Drivers\sffdisk.sys [188 009-0-10] (Microsoft Corporation)
    sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [16 008-01-0] (Microsoft Corporation)
    sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [18 009-0-10] (Microsoft Corporation)
    sfloppy; C:\Windows\System\Drivers\sfloppy.sys [168 006-11-0] (Microsoft Corporation)
    1 Smb; C:\Windows\System\Drivers\Smb.sys [8806 009-0-10] (Microsoft Corporation)
    0 spldr; C:\Windows\System\Drivers\spldr.sys [19 009-0-10] (Microsoft Corporation)
    srv; C:\Windows\System\Drivers\srv.sys [50560 011-0-18] (Microsoft Corporation)
    srv; C:\Windows\System\Drivers\srv.sys [17618 011-0-9] (Microsoft Corporation)
    srvnet; C:\Windows\System\Drivers\srvnet.sys [1590 011-0-9] (Microsoft Corporation)
    swenum; C:\Windows\System\Drivers\swenum.sys [10 008-01-0] (Microsoft Corporation)
    Symc8xx; C:\Windows\System\Drivers\Symc8xx.sys [956 006-11-0] (LSI Logic)
    Sym_hi; C:\Windows\System\Drivers\Sym_hi.sys [68 006-11-0] (LSI Logic)
    Sym_u; C:\Windows\System\Drivers\Sym_u.sys [8 006-11-0] (LSI Logic)
    0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [17 01-0-0] (Microsoft Corporation)
    Tcpip6; C:\Windows\System\DRIVERS\tcpip.sys [17 01-0-0] (Microsoft Corporation)
    tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [08 009-1-08] (Microsoft Corporation)
    tdcmdpst; C:\Windows\System\Drivers\tdcmdpst.sys [77 007-1-11] (TOSHIBA Corporation.)
    TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [168 008-01-0] (Microsoft Corporation)
    TDTCP; C:\Windows\System\Drivers\TDTCP.sys [9696 008-01-0] (Microsoft Corporation)
    1 tdx; C:\Windows\System\Drivers\tdx.sys [970 009-0-10] (Microsoft Corporation)
    1 TermDD; C:\Windows\System\Drivers\TermDD.sys [60 009-0-10] (Microsoft Corporation)
    tmactmon; C:\Windows\System\Drivers\tmactmon.sys [9070 011-0-] (Trend Micro Inc.)
    tmcomm; C:\Windows\System\Drivers\tmcomm.sys [16 011-0-] (Trend Micro Inc.)
    tmevtmgr; C:\Windows\System\Drivers\tmevtmgr.sys [6766 011-0-] (Trend Micro Inc.)
    1 tmtdi; C:\Windows\System\Drivers\tmtdi.sys [10555 011-0-] (Trend Micro Inc.)
    0 tos_sps6; C:\Windows\System\Drivers\tos_sps6.sys [51968 008-0-10] (TOSHIBA Corporation)
    tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [918 008-01-0] (Microsoft Corporation)
    tunmp; C:\Windows\System\Drivers\tunmp.sys [18 008-01-0] (Microsoft Corporation)
    tunnel; C:\Windows\System\Drivers\tunnel.sys [9696 010-0-18] (Microsoft Corporation)
    0 TVALZ; C:\Windows\System\DRIVERS\TVALZ_O.SYS [6968 007-11-08] (TOSHIBA Corporation)
    uagp5; C:\Windows\System\Drivers\uagp5.sys [6718 008-01-0] (Microsoft Corporation)
    udfs; C:\Windows\System\Drivers\udfs.sys [99008 009-0-10] (Microsoft Corporation)
    uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [6815 008-01-0] (Microsoft Corporation)
    umbus; C:\Windows\System\Drivers\umbus.sys [198 008-01-0] (Microsoft Corporation)
    USBAAPL6; C:\Windows\System\Drivers\USBAAPL6.sys [5171 011-08-01] (Apple, Inc.)
    usbccgp; C:\Windows\System\Drivers\usbccgp.sys [957 008-01-0] (Microsoft Corporation)
    usbcir; C:\Windows\System\Drivers\usbcir.sys [7960 006-11-0] (Microsoft Corporation)
    usbehci; C:\Windows\System\Drivers\usbehci.sys [966 009-0-10] (Microsoft Corporation)
    usbhub; C:\Windows\System\Drivers\usbhub.sys [790 009-0-10] (Microsoft Corporation)
    usbohci; C:\Windows\System\Drivers\usbohci.sys [06 009-0-10] (Microsoft Corporation)
    usbprint; C:\Windows\System\Drivers\usbprint.sys [06 008-01-0] (Microsoft Corporation)
    USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [778 009-0-10] (Microsoft Corporation)
    usbuhci; C:\Windows\System\Drivers\usbuhci.sys [918 008-01-0] (Microsoft Corporation)
    usbvideo; C:\Windows\System\Drivers\usbvideo.sys [16870 008-01-0] (Microsoft Corporation)
    vga; C:\Windows\System\Drivers\vga.sys [867 008-01-0] (Microsoft Corporation)
    1 VgaSave; C:\Windows\System\drivers\vga.sys [867 008-01-0] (Microsoft Corporation)
    0 volmgr; C:\Windows\System\Drivers\volmgr.sys [6708 009-0-10] (Microsoft Corporation)
    0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [080 009-0-10] (Microsoft Corporation)
    WacomPen; C:\Windows\System\Drivers\WacomPen.sys [66 006-11-0] (Microsoft Corporation)
    Wanarp; C:\Windows\System\Drivers\Wanarp.sys [8658 009-0-10] (Microsoft Corporation)
    1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [8658 009-0-10] (Microsoft Corporation)
    Wd; C:\Windows\System\Drivers\Wd.sys [10 008-01-0] (Microsoft Corporation)
    0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [88170 008-01-0] (Microsoft Corporation)
    WpdUsb; C:\Windows\System\Drivers\WpdUsb.sys [659 009-09-0] (Microsoft Corporation)
    wsifsl; C:\Windows\System\Drivers\wsifsl.sys [099 008-01-0] (Microsoft Corporation)
    WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [1085 008-01-0] (Microsoft Corporation)
    DIRECTIO; \??\C:\MCDiags\BIT\DirectIo6.sys [x]
    DIRECTIO7; \??\C:\MCDiags\BIT\DirectIo6.sys [x]
    IpInIp; C:\Windows\System\DRIVERS\ipinip.sys [x]
    NwlnkFlt; C:\Windows\System\DRIVERS\nwlnkflt.sys [x]
    NwlnkFwd; C:\Windows\System\DRIVERS\nwlnkfwd.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    01-08-01 :01 - 01-08-01 :01 - 00000000 ____D C:\FRST
    01-08-01 0:51 - 01-08-01 0:51 - 007110 ____A C:\Windows\is-DSVIL.exe
    01-08-01 0:51 - 01-08-01 0:51 - 00010550 ____A C:\Windows\is-DSVIL.msg
    01-08-01 0:51 - 01-08-01 0:51 - 0000059 ____A C:\Windows\is-DSVIL.lst
    01-07-10 0:01 - 01-07-10 0:01 - 000017 ____A C:\Users\JAMES INGLISH\Desktop\aswMBR.txt
    01-07-10 0:01 - 01-07-10 0:01 - 0000051 ____A C:\Users\JAMES INGLISH\Desktop\MBR.dat
    01-07-10 18:0 - 01-07-10 18:0 - 006970 ____A C:\Windows\Minidump\Mini07111-01.dmp
    01-07-10 17:5 - 01-07-10 17:5 - 00005 ____A C:\Users\JAMES INGLISH\Desktop\RKreport[1].txt
    01-07-10 17:5 - 01-07-10 17:5 - 00000000 ____D C:\Users\JAMES INGLISH\Desktop\RK_Quarantine
    01-07-10 17:5 - 01-07-10 17:5 - 0719 ____A (AVAST Software) C:\Users\JAMES INGLISH\Desktop\aswMBR.exe
    01-07-10 17:51 - 01-07-10 17:51 - 01558016 ____A C:\Users\JAMES INGLISH\Desktop\RogueKiller.exe
    01-07-10 17:50 - 01-07-10 17:50 - 01558016 ____A C:\Users\JAMES INGLISH\Downloads\RogueKiller.exe
    01-07-10 17:7 - 01-07-10 17:7 - 000856 ____A C:\Users\JAMES INGLISH\Desktop\DDS.txt
    01-07-10 17:6 - 01-07-10 17:6 - 0001888 ____A C:\Users\JAMES INGLISH\Desktop\Attach.txt
    01-07-10 1:58 - 01-07-10 1:58 - 0060760 ____R (Swearware) C:\Users\JAMES INGLISH\Desktop\dds.scr
    01-07-10 1:51 - 01-07-10 15: - 00000000 ____A C:\Users\JAMES INGLISH\Desktop\gmer.log
    01-07-10 06:1 - 01-07-10 06:15 - 00059 ____A C:\Users\JAMES INGLISH\Desktop\ccep8px.exe
    01-07-10 0:51 - 01-08-01 0:51 - 00000959 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    01-07-10 00:6 - 008-01-05 06:5 - 00190 ____A C:\Windows\RegBootClean6.exe
    01-07-0 19:57 - 01-07-06 01:5 - 00000000 ____D C:\Users\JAMES INGLISH\Desktop\my phone july 01
    01-07-0 19: - 01-07-0 19: - 1765578 ____A C:\Users\JAMES INGLISH\Desktop\01-07-0 09.5..psd
    ============ Months Modified Files ========================
    01-08-01 0:51 - 006-11-0 07: - 0005 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    01-08-01 0:51 - 006-11-0 07: - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    01-08-01 0:51 - 006-11-0 07: - 000016 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-P-1.C7856-A89-9d-8115-6016D005A0
    01-08-01 0:51 - 006-11-0 07: - 000016 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-P-0.C7856-A89-9d-8115-6016D005A0
    01-08-01 0:5 - 010-0-10 08:1 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    01-08-01 0: - 01-05-0 01:8 - 0000080 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    01-08-01 0: - 006-11-0 0:6 - 0085 ____A C:\Windows\System\PerfStringBackup.INI
    01-08-01 0: - 01-0-1 17:5 - 00190 ____A C:\Windows\PFRO.log
    01-08-01 0:51 - 01-08-01 0:51 - 007110 ____A C:\Windows\is-DSVIL.exe
    01-08-01 0:51 - 01-08-01 0:51 - 00010550 ____A C:\Windows\is-DSVIL.msg
    01-08-01 0:51 - 01-08-01 0:51 - 0000059 ____A C:\Windows\is-DSVIL.lst
    01-08-01 0:51 - 01-07-10 0:51 - 00000959 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    01-07-1 1:59 - 01-05-0 01:8 - 00618 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerApp.exe
    01-07-1 1:59 - 011-09-6 1:5 - 00070 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW6\FlashPlayerCPLApp.cpl
    01-07-1 18:01 - 009-05- 1:5 - 010781 ____A C:\Windows\WindowsUpdate.log
    01-07-10 0:01 - 01-07-10 0:01 - 000017 ____A C:\Users\JAMES INGLISH\Desktop\aswMBR.txt
    01-07-10 0:01 - 01-07-10 0:01 - 0000051 ____A C:\Users\JAMES INGLISH\Desktop\MBR.dat
    01-07-10 18:0 - 01-07-10 18:0 - 006970 ____A C:\Windows\Minidump\Mini07111-01.dmp
    01-07-10 18:0 - 01-0-19 05:15 - 057899 ____A C:\Windows\MEMORY.DMP
    01-07-10 17:5 - 01-07-10 17:5 - 00005 ____A C:\Users\JAMES INGLISH\Desktop\RKreport[1].txt
    01-07-10 17:5 - 01-07-10 17:5 - 0719 ____A (AVAST Software) C:\Users\JAMES INGLISH\Desktop\aswMBR.exe
    01-07-10 17:51 - 01-07-10 17:51 - 01558016 ____A C:\Users\JAMES INGLISH\Desktop\RogueKiller.exe
    01-07-10 17:50 - 01-07-10 17:50 - 01558016 ____A C:\Users\JAMES INGLISH\Downloads\RogueKiller.exe
    01-07-10 17:7 - 01-07-10 17:7 - 000856 ____A C:\Users\JAMES INGLISH\Desktop\DDS.txt
    01-07-10 17:6 - 01-07-10 17:6 - 0001888 ____A C:\Users\JAMES INGLISH\Desktop\Attach.txt
    01-07-10 15: - 01-07-10 1:51 - 00000000 ____A C:\Users\JAMES INGLISH\Desktop\gmer.log
    01-07-10 1:58 - 01-07-10 1:58 - 0060760 ____R (Swearware) C:\Users\JAMES INGLISH\Desktop\dds.scr
    01-07-10 06:15 - 01-07-10 06:1 - 00059 ____A C:\Users\JAMES INGLISH\Desktop\ccep8px.exe
    01-07-06 01:50 - 010-10-5 1:6 - 0000006 ____A C:\Users\JAMES INGLISH\AppData\Roaming\Opusbext.dat
    01-07-0 19:6 - 010-09-9 0: - 00090 ____A (Malwarebytes Corporation) C:\Windows\System\Drivers\mbam.sys
    01-07-0 19: - 01-07-0 19: - 1765578 ____A C:\Users\JAMES INGLISH\Desktop\01-07-0 09.5..psd
    01-07-01 01:1 - 01-07-01 01:1 - 168699 ____A C:\Users\JAMES INGLISH\Desktop\01-07-01 16.06.9.psd
    01-06-1 15:56 - 01-06-1 15:56 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
    01-06-1 0:6 - 006-11-0 07:1 - 097816 ____A C:\Windows\System\FNTCACHE.DAT
    01-06-1 18: - 006-11-0 0:5 - 589578 ____A (Microsoft Corporation) C:\Windows\System\mrt.exe
    01-06-07 1: - 009-07-05 00:1 - 00080 ____A C:\Users\JAMES INGLISH\AppData\Local\DCBCA71-70D8-DAN-EHR8-E0D61DEAFDF.ini
    01-06-0 :1 - 01-06-0 :1 - 0079191 ____A C:\Users\JAMES INGLISH\Desktop\Transaction Details - PayPal.mht
    01-06-0 1:19 - 01-06-1 00: - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
    01-06-0 1:19 - 01-06-1 00: - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-0 1:19 - 01-06-1 00: - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
    01-06-0 1:19 - 01-06-1 00:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
    01-06-0 1:19 - 01-06-1 00:10 - 0057708 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuapi.dll
    01-06-0 1:19 - 01-06-1 00:10 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
    01-06-0 1:19 - 01-06-1 00:10 - 000586 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wups.dll
    01-06-0 1:15 - 01-06-1 00: - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
    01-06-0 1:15 - 01-06-1 00:10 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
    01-06-0 1:1 - 01-06-1 00:10 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wudriver.dll
    01-06-01 1:19 - 01-06-0 :59 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
    01-06-01 1:19 - 01-06-0 :59 - 0017190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuwebv.dll
    01-06-01 1:15 - 01-06-0 :59 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
    01-06-01 1:1 - 01-06-0 :59 - 00079 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wuapp.exe
    01-05-17 18:7 - 01-06-1 0:01 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
    01-05-17 18:16 - 01-06-1 0:01 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
    01-05-17 18:06 - 01-06-1 0:01 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
    01-05-17 17:59 - 01-06-1 0:01 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
    01-05-17 17:59 - 01-06-1 0:01 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
    01-05-17 17:58 - 01-06-1 0:01 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
    01-05-17 17:58 - 01-06-1 0:01 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
    01-05-17 17:56 - 01-06-1 0:01 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
    01-05-17 17:55 - 01-06-1 0:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
    01-05-17 17:55 - 01-06-1 0:01 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
    01-05-17 17:5 - 01-06-1 0:01 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
    01-05-17 17:51 - 01-06-1 0:0 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
    01-05-17 17:51 - 01-06-1 0:0 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
    01-05-17 17:7 - 01-06-1 0:01 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
    01-05-17 15:11 - 01-06-1 0:01 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
    01-05-17 1:8 - 01-06-1 0:01 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
    01-05-17 1:5 - 01-06-1 0:01 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
    01-05-17 1:6 - 01-06-1 0:01 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
    01-05-17 1:5 - 01-06-1 0:01 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
    01-05-17 1:5 - 01-06-1 0:01 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
    01-05-17 1: - 01-06-1 0:01 - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
    01-05-17 1:1 - 01-06-1 0:01 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
    01-05-17 1:9 - 01-06-1 0:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
    01-05-17 1:9 - 01-06-1 0:01 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
    01-05-17 1:7 - 01-06-1 0:01 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
    01-05-17 1:5 - 01-06-1 0:0 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
    01-05-17 1: - 01-06-1 0:0 - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
    01-05-17 1:0 - 01-06-1 0:01 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
    01-05-15 1:15 - 01-06-1 :0 - 076760 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
    01-05-09 :1 - 01-05-07 0: - 00011871 ____A C:\Windows\setupact.log
    01-05-07 0: - 01-05-07 0: - 00000000 ____A C:\Windows\setuperr.log

    ZeroAccess:
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5}
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5}\@
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5}\L
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5}\U
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5}\U\00000001.@
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5}\U\800000cb.@
    ZeroAccess:
    C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-966-e7cf-8ec-be005d187f5}
    C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-966-e7cf-8ec-be005d187f5}\@
    C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-966-e7cf-8ec-be005d187f5}\L
    C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-966-e7cf-8ec-be005d187f5}\U
    C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-966-e7cf-8ec-be005d187f5}\U\800000cb.@
    ========================= Known DLLs (Whitelisted) ============
    [008-01-0 18:8] - [008-01-0 18:8] - 06118 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
    [008-01-0 18:9] - [008-01-0 18:9] - 05776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
    [010-10-1 1:] - [010-06-8 09:1] - 191590 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
    [010-10-1 1:] - [010-06-8 09:00] - 11686 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
    [009-11-0 0:05] - [009-0-10 05:11] - 10657 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
    [009-11-0 0:05] - [009-0-10 0:8] - 0800768 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
    [009-11-0 0:07] - [009-0-10 05:11] - 059888 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
    [009-11-0 0:07] - [009-0-10 0:8] - 050560 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
    [009-11-0 0:06] - [009-0-10 05:11] - 0896 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
    [009-11-0 0:06] - [009-0-10 0:6] - 00616 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
    [01-06-1 0:01] - [01-05-17 17:5] - 1768 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
    [01-06-1 0:01] - [01-05-17 1:7] - 1790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
    [01-0-11 00:] - [01-0-9 07:5] - 007888 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
    [01-0-11 00:] - [01-0-9 07:09] - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
    [009-11-0 0:06] - [009-0-10 05:11] - 01680 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
    [009-11-0 0:06] - [009-0-10 0:6] - 0116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
    [011-07-1 :1] - [011-0-1 08:15] - 110880 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
    [011-07-1 :1] - [011-0-1 08:11] - 085968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
    [008-01-0 18:8] - [008-01-0 18:8] - 00768 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
    [009-07-15 1:50] - [009-0-10 :6] - 0055 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
    [009-11-0 0:08] - [009-0-10 05:11] - 100896 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
    [009-11-0 0:08] - [009-0-10 0:8] - 0807 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
    [01-0-15 0:09] - [011-1-1 08:8] - 061056 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
    [01-0-15 0:09] - [011-1-1 08:17] - 06808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
    [006-11-0 01:05] - [006-11-0 01:05] - 00007 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
    [006-11-0 0:17] - [006-11-0 00:] - 000560 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
    [008-01-0 18:9] - [008-01-0 18:9] - 00116 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
    [008-01-0 18:50] - [008-01-0 18:50] - 000819 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
    [011-10-1 18:50] - [011-08-5 08:19] - 08760 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
    [011-10-1 18:50] - [011-08-5 08:1] - 05671 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
    [009-06-1 0:8] - [009-0- 0:5] - 105600 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
    [009-06-1 0:8] - [009-0- 0:15] - 067776 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
    [009-11-0 0:0] - [009-0-10 05:11] - 19510 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
    [009-11-0 0:0] - [009-0-10 0:8] - 159196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
    [011-0-10 0:08] - [011-01-1 08:50] - 189980 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
    [011-0-10 0:08] - [011-01-1 08:5] - 1158608 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
    [011-0-10 0:08] - [011-01-1 08:50] - 05619 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
    [011-0-10 0:08] - [011-01-1 08:5] - 0580 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
    [01-06-1 0:01] - [01-05-17 17:59] - 1608 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
    [01-06-1 0:01] - [01-05-17 1:6] - 11087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
    [009-11-0 0:06] - [009-0-10 05:11] - 080 ____A (Microsoft Corporation) C:\Windows\System\user.dll
    [009-11-0 0:06] - [009-0-10 0:6] - 06870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
    [010-09-1 1:1] - [010-0-16 09:07] - 061568 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
    [010-09-1 1:1] - [010-0-16 08:6] - 0507 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
    [01-06-1 0:01] - [01-05-17 17:59] - 1918 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
    [01-06-1 0:01] - [01-05-17 1:5] - 1197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
    [009-11-0 0:0] - [009-0-10 05:11] - 0870 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
    [009-11-0 0:0] - [009-0-10 0:8] - 0877 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
    [009-11-0 0:05] - [009-0-10 05:11] - 0670 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
    [008-01-0 18:50] - [008-01-0 18:50] - 017900 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
    ========================= Bamital & volsnap Check ============
    C:\Windows\System\winlogon.exe => MD5 is legit
    C:\Windows\System\wininit.exe => MD5 is legit
    C:\Windows\SysWOW6\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW6\explorer.exe => MD5 is legit
    C:\Windows\System\svchost.exe => MD5 is legit
    C:\Windows\SysWOW6\svchost.exe => MD5 is legit
    C:\Windows\System\services.exe BC8115099BD5DBC7A08C5F1FB9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System\User.dll => MD5 is legit
    C:\Windows\SysWOW6\User.dll => MD5 is legit
    C:\Windows\System\userinit.exe => MD5 is legit
    C:\Windows\SysWOW6\userinit.exe => MD5 is legit
    C:\Windows\System\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 25%
    Total physical RAM: 1789.03 MB
    Available physical RAM: 1327.41 MB
    Total Pagefile: 1609.77 MB
    Available Pagefile: 1307.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: (S3A6815D006) (Fixed) (Total:286.68 GB) (Free:106.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
    4 Drive f: (LEXAR) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 3824 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 287 GB 1501 MB
    Partition 3 Primary 10 GB 288 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C S3A6815D006 NTFS Partition 287 GB Healthy
    ==================================================================================
    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3824 MB 4096 B
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 F LEXAR FAT32 Removable 3824 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-08-01 04:49
    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  3. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Farbar Recovery Scan Tool Version: 10-07-2012
    Ran by SYSTEM at 2012-08-02 14:16:30
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-11-02 04:03] - [2009-04-10 04:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-11-02 04:03] - [2009-04-10 05:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2009-11-02 04:03] - [2009-04-10 04:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\System32\services.exe
    [2009-11-02 04:03] - [2009-04-10 05:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229
    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.


    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
    Ran by SYSTEM at 2012-08-02 15:32:49 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\is-DSVIL.exe not found.
    C:\Windows\Installer\{5c17f1d0-966-e7cf-8ec-be005d187f5} not found.
    C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-966-e7cf-8ec-be005d187f5} not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====



    ComboFix 12-07-31.03 - JAMES INGLISH 02/08/2012 16:00:28.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1789.523 [GMT 10:00]
    Running from: c:\users\JAMES INGLISH\Desktop\ComboFix.exe
    AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\MyWebSearch
    c:\users\JAMES INGLISH\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
    c:\users\JAMES INGLISH\AppData\Roaming\inst.exe
    c:\users\JAMES INGLISH\AppData\Roaming\vso_ts_preview.xml
    c:\users\JAMESI~1\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\Installer\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\@
    c:\windows\Installer\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\U\00000001.@
    c:\windows\Installer\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\U\800000cb.@
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 07:01 . 2012-08-02 07:01 -------- d-----w- C:\FRST
    2012-08-02 06:31 . 2012-08-02 06:37 -------- d-----w- c:\users\JAMES INGLISH\AppData\Local\temp
    2012-08-02 06:31 . 2012-08-02 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-02 06:31 . 2012-08-02 06:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-10 08:26 . 2008-01-05 14:25 129024 ----a-w- c:\windows\RegBootClean64.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-01 05:59 . 2012-05-02 09:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 05:59 . 2011-09-26 22:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 03:46 . 2010-09-29 12:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-14 02:43 . 2006-11-02 12:35 58957832 ----a-w- c:\windows\system32\mrt.exe
    2012-06-02 22:19 . 2012-06-21 08:10 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 08:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 08:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 08:23 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 08:10 35864 ----a-w- c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-21 08:10 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 08:10 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 08:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 08:10 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 22:12 . 2012-06-21 08:10 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
    2012-06-02 05:19 . 2012-06-21 07:59 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2012-06-02 05:19 . 2012-06-21 07:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 05:15 . 2012-06-21 07:59 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:12 . 2012-06-21 07:59 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2012-05-31 04:04 . 2012-07-06 08:30 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C29FC2F-EB25-46E7-A4D1-99461B89C85D}\mpengine.dll
    2012-05-18 02:47 . 2012-06-14 04:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-05-18 02:16 . 2012-06-14 04:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-05-18 02:06 . 2012-06-14 04:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-18 01:59 . 2012-06-14 04:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-05-18 01:59 . 2012-06-14 04:01 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-05-18 01:58 . 2012-06-14 04:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-18 01:58 . 2012-06-14 04:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-05-18 01:56 . 2012-06-14 04:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-18 01:55 . 2012-06-14 04:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-18 01:55 . 2012-06-14 04:01 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-05-18 01:54 . 2012-06-14 04:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-05-18 01:51 . 2012-06-14 04:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-05-18 01:51 . 2012-06-14 04:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-18 01:47 . 2012-06-14 04:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-05-17 22:45 . 2012-06-14 04:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-05-17 22:35 . 2012-06-14 04:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-17 22:35 . 2012-06-14 04:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29 . 2012-06-14 04:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24 . 2012-06-14 04:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-05-15 20:15 . 2012-06-13 06:40 2767360 ----a-w- c:\windows\system32\win32k.sys
    2008-01-05 14:23 . 2008-01-05 14:23 4024320 ----a-w- c:\program files (x86)\GUTAE39.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 05:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Akamai NetSession Interface"="c:\users\JAMES INGLISH\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-07 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-04-28 296056]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    .
    c:\users\JAMES INGLISH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Corel Registration.lnk - c:\program files (x86)\Corel\Graphics9\Register\Remind32.exe [2010-10-26 67584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-3 113664]
    HD Writer AE 1.0.lnk - c:\program files (x86)\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe [2009-7-1 189784]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\SEARCH~2\Datamngr\datamngr.dll c:\progra~2\SEARCH~2\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 250056]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 05:59]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 16:30]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 16:30]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1573160]
    "RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
    "combofix"="c:\combofix\CF15164.3XE" [2008-01-21 363008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\SEARCH~2\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~2\Datamngr\x64\IEBHO.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com.au/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.0.0.138
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
    Toolbar-10 - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\bgsvcgen.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\users\JAMES INGLISH\Downloads\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-02 16:54:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 06:53
    .
    Pre-Run: 114,186,055,680 bytes free
    Post-Run: 113,533,419,520 bytes free
    .
    - - End Of File - - 6336291E32997126C723E108499E4F88
     
  6. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Looks good :)

    How is computer doing?

    ==================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Good Moring Broni,

    The computer seems to be running vastly better now. I have not had any virus warnings since last page of fixes you posted.
    Here are the 3 logs requested..


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.02.09
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    JAMES INGLISH :: INGLISH-PC [administrator]
    3/08/2012 6:57:46 AM
    mbam-log-2012-08-03 (06-57-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216279
    Time elapsed: 12 minute(s), 3 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    OTL logfile created on: 3/08/2012 7:17:41 AM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\JAMES INGLISH\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.75 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 42.97% Memory free
    3.74 Gb Paging File | 1.88 Gb Available in Paging File | 50.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.68 Gb Total Space | 105.26 Gb Free Space | 36.72% Space Free | Partition Type: NTFS
    Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

    Computer Name: INGLISH-PC | User Name: JAMES INGLISH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/03 07:14:54 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\JAMES INGLISH\Desktop\OTL.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\JAMES INGLISH\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/05/04 15:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/04/28 14:23:06 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/02/29 01:58:02 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
    PRC - [2012/01/03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    PRC - [2011/12/05 22:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Users\JAMES INGLISH\Downloads\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/08/18 01:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2009/01/04 17:55:36 | 000,189,784 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe
    PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/09/26 14:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    PRC - [2008/04/17 17:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2008/04/17 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008/04/17 17:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2008/04/11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/04/04 14:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
    PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [1998/07/23 17:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2008/08/25 09:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV:64bit: - [2008/05/22 03:37:06 | 000,875,008 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2008/01/21 12:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV:64bit: - [2007/11/22 09:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2012/08/01 15:59:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/11 08:18:57 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/12/05 22:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Users\JAMES INGLISH\Downloads\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2011/08/18 01:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 20:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/17 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/04/11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/04/04 14:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
    SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/02/29 23:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/24 19:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/02/24 19:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/23 21:06:03 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmcomm.sys -- (tmcomm)
    DRV:64bit: - [2011/03/23 21:06:03 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2011/03/23 21:06:03 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmactmon.sys -- (tmactmon)
    DRV:64bit: - [2011/03/23 21:06:03 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/03/18 00:00:10 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/01/12 06:42:24 | 000,302,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2009/10/01 10:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/10 21:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2008/08/14 09:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2008/07/29 04:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2008/06/26 16:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2008/05/22 04:35:34 | 004,262,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/04/28 16:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
    DRV:64bit: - [2008/04/10 21:25:30 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/02/22 03:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2007/12/12 07:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2007/07/28 12:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/07/27 13:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\scmndisp.sys -- (SCMNdisP)
    DRV:64bit: - [2006/11/20 15:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2006/11/08 05:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHN
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=462CB8DC-3B57-4C97-824B-259810345CF5
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHN
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7TSHN_enAU328
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
    FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\JAMES INGLISH\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\JAMES INGLISH\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/31 12:44:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/03/20 20:29:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/28 14:25:36 | 000,000,000 | ---D | M]

    [2009/12/25 10:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMES INGLISH\AppData\Roaming\Mozilla\Extensions
    [2009/12/25 10:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMES INGLISH\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2009/11/12 17:07:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAMES INGLISH\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
     
  8. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    2nd half of OTL.Txt and part of Extras.Txt


    ========== Chrome ==========

    CHR - default_search_provider: Google ()
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2012/08/02 16:36:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-532649568-593773556-1797586730-1000..\Run: [Akamai NetSession Interface] C:\Users\JAMES INGLISH\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-532649568-593773556-1797586730-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKU\S-1-5-21-532649568-593773556-1797586730-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-532649568-593773556-1797586730-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-532649568-593773556-1797586730-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\S-1-5-21-532649568-593773556-1797586730-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\JAMES INGLISH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk = C:\Program Files (x86)\Corel\Graphics9\Register\Remind32.exe (IntelliQuest Communications, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-532649568-593773556-1797586730-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-532649568-593773556-1797586730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-532649568-593773556-1797586730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www4.snapfish.com.au/SnapfishOutlookImport.cab (Reg Error: Key error.)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-au.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D335ECA-0C0A-44DB-9621-379994172F72}: DhcpNameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF5EAA46-77EC-4F76-8345-FDF6B3087CF5}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\JAMES INGLISH\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\JAMES INGLISH\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/03 07:14:30 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\JAMES INGLISH\Desktop\OTL.exe
    [2012/08/03 06:53:39 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JAMES INGLISH\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/02 17:01:41 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/02 16:54:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/02 16:36:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/02 16:31:30 | 000,000,000 | ---D | C] -- C:\Users\JAMES INGLISH\AppData\Local\temp
    [2012/08/02 15:55:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/02 15:55:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/02 15:55:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/02 15:55:34 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/08/02 15:48:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/02 15:47:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/02 15:12:59 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\JAMES INGLISH\Desktop\ComboFix.exe
    [2012/07/11 11:53:20 | 000,000,000 | ---D | C] -- C:\Users\JAMES INGLISH\Desktop\RK_Quarantine
    [2012/07/11 11:52:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JAMES INGLISH\Desktop\aswMBR.exe
    [2012/07/11 07:58:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JAMES INGLISH\Desktop\dds.scr
    [2012/07/04 13:57:13 | 000,000,000 | ---D | C] -- C:\Users\JAMES INGLISH\Desktop\my phone july 2012
    [2010/03/18 00:00:10 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\JAMES INGLISH\AppData\Roaming\pcouffin.sys
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/03 07:14:54 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\JAMES INGLISH\Desktop\OTL.exe
    [2012/08/03 06:55:46 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/03 06:53:40 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JAMES INGLISH\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/03 06:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/03 06:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/03 06:36:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/03 06:36:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/02 17:41:45 | 000,715,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/02 17:41:44 | 000,853,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/02 17:41:44 | 000,149,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/02 16:37:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/02 16:36:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/02 16:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/02 15:13:22 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\JAMES INGLISH\Desktop\ComboFix.exe
    [2012/07/11 14:01:18 | 000,000,512 | ---- | M] () -- C:\Users\JAMES INGLISH\Desktop\MBR.dat
    [2012/07/11 12:30:06 | 420,578,939 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/11 11:52:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JAMES INGLISH\Desktop\aswMBR.exe
    [2012/07/11 11:51:17 | 001,558,016 | ---- | M] () -- C:\Users\JAMES INGLISH\Desktop\RogueKiller.exe
    [2012/07/11 07:58:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JAMES INGLISH\Desktop\dds.scr
    [2012/07/11 00:15:00 | 000,302,592 | ---- | M] () -- C:\Users\JAMES INGLISH\Desktop\ccep8p4x.exe
    [2012/07/06 19:50:31 | 000,000,046 | ---- | M] () -- C:\Users\JAMES INGLISH\AppData\Roaming\Opusbext.dat
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    File not found -- C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\U\800000cb.@
    File not found -- C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\@
    [2012/08/03 06:55:46 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/02 15:55:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/02 15:55:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/02 15:55:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/02 15:55:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/02 15:55:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/11 14:01:18 | 000,000,512 | ---- | C] () -- C:\Users\JAMES INGLISH\Desktop\MBR.dat
    [2012/07/11 11:51:15 | 001,558,016 | ---- | C] () -- C:\Users\JAMES INGLISH\Desktop\RogueKiller.exe
    [2012/07/11 00:14:59 | 000,302,592 | ---- | C] () -- C:\Users\JAMES INGLISH\Desktop\ccep8p4x.exe
    [2012/07/10 18:26:58 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
    [2011/06/30 22:50:09 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/06/30 22:50:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2010/11/27 19:29:47 | 000,038,493 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2010/10/26 07:46:23 | 000,000,046 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Roaming\Opusbext.dat
    [2010/10/26 07:32:22 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
    [2010/10/26 07:32:20 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
    [2010/10/26 07:26:09 | 000,000,148 | ---- | C] () -- C:\Windows\OPHJ.INI
    [2010/03/20 22:04:37 | 000,000,680 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Local\d3d9caps.dat
    [2010/03/18 00:00:10 | 000,007,859 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Roaming\pcouffin.cat
    [2010/03/18 00:00:10 | 000,001,167 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Roaming\pcouffin.inf
    [2009/07/05 18:31:26 | 000,033,280 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/23 22:47:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/05/22 14:37:45 | 000,000,732 | ---- | C] () -- C:\Users\JAMES INGLISH\AppData\Local\d3d9caps64.dat

    ========== LOP Check ==========

    [2011/12/21 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\au.com.perthmint.desktopwidget
    [2010/11/04 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\AVG
    [2010/11/03 17:26:32 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\AVG10
    [2010/12/04 09:17:11 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\BitZipper
    [2010/03/15 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Blitware
    [2010/09/04 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/07/31 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\DriverFinder
    [2010/03/06 20:11:33 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Facebook
    [2009/12/18 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\LimeWire
    [2009/07/13 18:53:56 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Momento
    [2010/10/26 07:50:34 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\OPHJ
    [2009/07/05 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Panasonic
    [2012/05/07 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Samsung
    [2009/12/25 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\TomTom
    [2010/07/17 17:49:38 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\toshiba
    [2009/07/12 23:09:19 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Ulead Systems
    [2012/03/04 11:55:49 | 000,000,000 | ---D | M] -- C:\Users\JAMES INGLISH\AppData\Roaming\Vso
    [2012/08/02 16:33:43 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
    < End of report >




    OTL Extras logfile created on: 3/08/2012 7:17:41 AM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\JAMES INGLISH\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.75 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 42.97% Memory free
    3.74 Gb Paging File | 1.88 Gb Available in Paging File | 50.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.68 Gb Total Space | 105.26 Gb Free Space | 36.72% Space Free | Partition Type: NTFS
    Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

    Computer Name: INGLISH-PC | User Name: JAMES INGLISH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = F4 E0 CC A2 DA 5B CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{5BB6A265-8E2E-4A97-9A55-FB353A5712A2}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{BD180946-22C5-4ED5-8717-07C87FBAB1F1}C:\users\james inglish\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\james inglish\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{DCEF05A4-B96F-4566-B316-777EFCB6FB8F}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{F077E560-ECE2-4439-A17D-3622FE69AEF8}C:\users\james inglish\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\james inglish\appdata\local\akamai\netsession_win.exe |
     
  9. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    2nd part of Extras. Txt



    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{797EE72F-CDA3-DE31-A614-F699FFE72DF1}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
    "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B69DC93D-9615-99F2-8887-14BB982127D0}" = ccc-utility64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
    "5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
    "B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
    "CCleaner" = CCleaner
    "D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{066D911D-0D58-3193-5151-F692B3AE81F8}" = Catalyst Control Center Localization Hungarian
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08D36123-E01A-A82E-B6B9-234983FF517C}" = Catalyst Control Center Localization French
    "{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BC236D1-6E45-DC22-A295-F8C406698268}" = Catalyst Control Center Graphics Light
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{11451BA2-9117-331A-86E9-3AB00B732119}" = Catalyst Control Center Localization Korean
    "{128CFECF-F4A6-33C7-CDD2-2143F5CBA842}" = CCC Help German
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
    "{1C4412CE-42BA-9F4A-DA1E-BBC684A4912A}" = CCC Help Portuguese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F4D54AD-EA3E-1148-B43F-44FA5D8A0682}" = Catalyst Control Center Localization Portuguese
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2487C38F-BD6E-214B-417F-A7330CE87201}" = Catalyst Control Center Localization Polish
    "{24E7DD65-3E86-4714-0C80-323FF625E6EF}" = Catalyst Control Center Localization Norwegian
    "{25586984-240D-E75E-E86B-FE509823F525}" = CCC Help Dutch
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28DF571B-2EFE-EFF0-598A-6CA810EF505E}" = Skins
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2B49264E-7E18-6CC7-46F7-2AF86821F32F}" = Perth Mint Bullion Wealth Tracker
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2FAE1908-614E-07B3-FA47-833463F9AF5C}" = CCC Help Thai
    "{30EBF970-6F51-2140-FCC1-B0012E1BE633}" = Catalyst Control Center Localization Dutch
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{326914FE-8332-F50F-EC7E-15D47F0B5566}" = Catalyst Control Center Graphics Full Existing
    "{32F2CEBB-D720-5C23-C9EE-D8F490F87BAF}" = Catalyst Control Center Localization Thai
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34154809-34AC-4D40-642D-BEB4FBA78105}" = CCC Help Norwegian
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36A2510F-CA6F-F07B-A021-0AC5B21CA2D1}" = CCC Help Finnish
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3BD61958-43FE-CA79-EE7E-2E3C3A0B1C89}" = CCC Help Polish
    "{3D406346-9AD2-C605-732C-85C08EE56CC7}" = Catalyst Control Center Localization Spanish
    "{3F7A3D9A-A533-DBAA-5612-C1A6AB268A2B}" = CCC Help Chinese Traditional
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{42C4B45A-8B9C-7334-D302-F57C68B7FCF5}" = Catalyst Control Center Graphics Previews Vista
    "{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
    "{43902A6C-0419-442A-BA7B-9D3A23864AF9}" = CCC Help Russian
    "{4547B9CA-4015-8DCC-17E3-7FFAD103EAC7}" = CCC Help English
    "{492CF17F-6832-DE1F-F9DB-873A52584975}" = CCC Help Spanish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4CCE46B0-37A3-484E-DE40-F90A8F4BC3EF}" = Catalyst Control Center Localization Chinese Traditional
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{507764D4-924F-5CE4-F8D5-ED3A51F51F51}" = Catalyst Control Center Graphics Full New
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{53C27557-66CF-7B38-4B6F-6E40A6352146}" = CCC Help Turkish
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{540B2234-B947-B698-7DA5-58BB8AF95B00}" = Catalyst Control Center Localization Turkish
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6C9E7BDB-B8FA-DE3D-36FC-9F10E6CE0656}" = CCC Help French
    "{6D4AB42E-8D7D-8FDF-FE12-0355F5616B25}" = CCC Help Danish
    "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C4ADD-1692-C93A-D162-7AAAE01391F6}" = CCC Help Chinese Standard
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{7591D6FC-10E8-D6CF-2C0E-67D3FB6E7568}" = CCC Help Swedish
    "{75C559A2-72EA-52FD-F8D7-5B0653F37EC9}" = ccc-core-static
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.2.0.4
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B8F80FE-4EBD-368E-1F69-04EDBC15B6FC}" = Catalyst Control Center Localization German
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D715946-8739-E0FC-104C-379927F0A7AA}" = Catalyst Control Center Localization Chinese Standard
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9329C4BD-1509-9B1B-9379-E148FF5B88CF}" = Catalyst Control Center Localization Danish
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.0 for HDC
    "{96EDF35E-C465-9E95-22B5-DC62D574AF6A}" = CCC Help Czech
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9EB98F06-7F00-BAFB-0B1D-07865F3FFE8A}" = CCC Help Japanese
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{BB4B5FEA-37F8-8783-8E85-3576F8425DF0}" = Catalyst Control Center Core Implementation
    "{BC22330F-2F0B-3FDF-560F-3269C8A7B8D1}" = Catalyst Control Center Localization Russian
    "{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CA3CEA84-3319-1F16-E4AF-EE22AE2DC7EA}" = Catalyst Control Center Localization Swedish
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5B1C6D3-14A1-D148-C7D5-01AAEB1596DB}" = Catalyst Control Center Localization Greek
    "{D6EA616D-9322-5BBF-6799-A37DADB72235}" = CCC Help Hungarian
    "{D81E2742-A084-64C0-ED03-DEAEF614A68C}" = Catalyst Control Center Localization Italian
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EFF57BCA-8FFD-A571-B675-5927A3A74206}" = CCC Help Greek
    "{F0A1BC2F-AB05-568D-778E-CEBFFCBD4266}" = Catalyst Control Center Localization Finnish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F165BBB8-6A3D-6628-33C6-A33CCE3EF49A}" = CCC Help Italian
    "{F17FB244-1419-D368-5171-3EFFCA7FF378}" = Catalyst Control Center Localization Czech
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F9FDE6EA-F023-F67F-6D79-250CCEF0AA52}" = Catalyst Control Center Localization Japanese
    "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
    "{FC858979-6381-EBE3-6032-E639FCFE64D9}" = CCC Help Korean
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Akamai" = Akamai NetSession Interface Service
    "au.com.perthmint.desktopwidget" = Perth Mint Bullion Wealth Tracker
    "BitZipper_is1" = BitZipper 2010
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Corel Applications" = Corel Applications
    "DivX Setup" = DivX Setup
    "Graboid Video" = Graboid Video 3.05
    "iLivid" = iLivid
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Momento" = Momento 5.1.0
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "RealPlayer 15.0" = RealPlayer
    "Searchqu 406 MediaBar" = Windows iLivid Toolbar
    "Searchqu Toolbar" = Searchqu Toolbar
    "TeamViewer 6" = TeamViewer 6
    "TomTom HOME" = TomTom HOME 2.8.3.2458
    "VLC media player" = VLC media player 1.0.1
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "Xvid Video Codec 1.3.1" = Xvid Video Codec
    "Yahoo! Companion" = Yahoo!7 Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-532649568-593773556-1797586730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "Akamai" = Akamai NetSession Interface
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/08/2012 1:12:47 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0x1350, application
    start time 0x01cd706d749a4487.

    Error - 2/08/2012 1:14:51 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0x1008, application
    start time 0x01cd706dbe73c907.

    Error - 2/08/2012 1:16:55 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0xca0, application
    start time 0x01cd706e07fcace7.

    Error - 2/08/2012 1:18:58 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0x4b8, application
    start time 0x01cd706e519a12c7.

    Error - 2/08/2012 1:21:01 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0x1afc, application
    start time 0x01cd706e9b085257.

    Error - 2/08/2012 1:23:04 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0x1830, application
    start time 0x01cd706ee473e267.

    Error - 2/08/2012 1:25:07 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47919291, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x0000000000000000, process id 0x1b78, application
    start time 0x01cd706f2ddafdd7.

    Error - 2/08/2012 1:38:50 AM | Computer Name = INGLISH-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/08/2012 1:47:21 AM | Computer Name = INGLISH-PC | Source = Application Error | ID = 1000
    Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
    0x4549bb52, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x000000006ffd0180, process id 0xc10, application
    start time 0x01cd7072177fe192.

    Error - 2/08/2012 2:37:23 AM | Computer Name = INGLISH-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 2/08/2012 1:46:36 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/08/2012 1:47:06 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/08/2012 1:48:01 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 2/08/2012 1:48:01 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/08/2012 2:12:57 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/08/2012 2:29:46 AM | Computer Name = INGLISH-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 2/08/2012 2:31:56 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/08/2012 2:32:13 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/08/2012 2:37:25 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/08/2012 2:41:52 AM | Computer Name = INGLISH-PC | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2012/01/03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKU\S-1-5-21-532649568-593773556-1797586730-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
      O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www4.snapfish.com.au/SnapfishOutlookImport.cab (Reg Error: Key error.)
      O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Reg Error: Key error.)
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-au.cab (Reg Error: Key error.)
      [2012/08/02 17:01:41 | 000,000,000 | ---D | C] -- C:\FRST
      File not found -- C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\U\800000cb.@
      File not found -- C:\Users\JAMES INGLISH\AppData\Local\{5c17f1d0-9626-e7cf-8ec3-4be005d187f5}\@
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Here we go the long reports begin over several pages....

    All processes killed
    ========== OTL ==========
    No active process named Updater.exe was found!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-532649568-593773556-1797586730-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-532649568-593773556-1797586730-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
    Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
    C:\Windows\Downloaded Program Files\PhotoUploader5.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Starting removal of ActiveX control {10E0E75E-6701-4134-9D95-C0942ED1F1C8}
    C:\Windows\Downloaded Program Files\SnapfishOutlookImport1001.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10E0E75E-6701-4134-9D95-C0942ED1F1C8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10E0E75E-6701-4134-9D95-C0942ED1F1C8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10E0E75E-6701-4134-9D95-C0942ED1F1C8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10E0E75E-6701-4134-9D95-C0942ED1F1C8}\ not found.
    Starting removal of ActiveX control {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
    C:\Windows\Downloaded Program Files\ImageUploader5.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
    Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
    C:\Windows\Downloaded Program Files\PhotoUploader55.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
    C:\Windows\Downloaded Program Files\EPUWALcontrol.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
    C:\Windows\Downloaded Program Files\MSNPUpld.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets folder moved successfully.
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JAMES INGLISH
    ->Temp folder emptied: 678362 bytes
    ->Temporary Internet Files folder emptied: 1316207049 bytes
    ->Java cache emptied: 2337348 bytes
    ->Google Chrome cache emptied: 6609874 bytes
    ->Flash cache emptied: 15220549 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1034223 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,280.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: JAMES INGLISH
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: JAMES INGLISH
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08042012_130352
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
     
  12. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.43
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Trend Micro Titanium Internet Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    AVG PC Tuneup 2011
    Java(TM) 6 Update 31
    Java(TM) 6 Update 6
    Java version out of Date!
    Adobe Flash Player 11.3.300.270
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Trend Micro AMSP coreServiceShell.exe
    Trend Micro UniClient UiFrmWrk uiWatchDog.exe
    Trend Micro AMSP coreFrameworkHost.exe
    Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
     
  13. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 04-08-2012 01
    Ran by JAMES INGLISH (administrator) on 04-08-2012 at 13:48:23
    Running from "C:\Users\JAMES INGLISH\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 20:09] - [2012-01-04 00:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-11 06:59] - [2012-03-30 22:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
    C:\Windows\System32\dnsrslvr.dll
    [2011-04-13 07:38] - [2011-03-03 02:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
    C:\Windows\System32\mpssvc.dll
    [2009-11-02 22:08] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
    C:\Windows\System32\bfe.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe
    [2009-11-02 22:06] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
    C:\Windows\System32\wscsvc.dll
    [2009-11-02 22:05] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-11-02 22:04] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
    C:\Windows\System32\es.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 16:39] - [2012-04-24 02:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

    **** End of log ****
     
  14. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    ESET Scan results

    C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\Users\JAMES INGLISH\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101104211934463.rsc multiple threats deleted - quarantined
    C:\Users\JAMES INGLISH\Desktop\RK_Quarantine\0i763f66bz.exe.vir Win32/Wigon.OW trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\08042012_130352\C_FRST\Quarantine\services.exe Win64/Patched.B trojan deleted - quarantined

    That should be it until I hear from you again.
     
  15. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Did you want me to Delete the ESET Quarantined files? and also remove the ESET Program?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    You can delete quarantined files. Keep Eset so you can run it in the future once in a while.

    ========================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =====================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  17. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 04-08-2012 01
    Ran by JAMES INGLISH (administrator) on 05-08-2012 at 09:55:30
    Running from "C:\Users\JAMES INGLISH\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 20:09] - [2012-01-04 00:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-11 06:59] - [2012-03-30 22:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
    C:\Windows\System32\dnsrslvr.dll
    [2011-04-13 07:38] - [2011-03-03 02:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
    C:\Windows\System32\mpssvc.dll
    [2009-11-02 22:08] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
    C:\Windows\System32\bfe.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe
    [2009-11-02 22:06] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
    C:\Windows\System32\wscsvc.dll
    [2009-11-02 22:05] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-11-02 22:04] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
    C:\Windows\System32\es.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 16:39] - [2012-04-24 02:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-11-02 22:07] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  19. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JAMES INGLISH
    ->Temp folder emptied: 6040977 bytes
    ->Temporary Internet Files folder emptied: 121370155 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 739 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 538018 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 17104431 bytes

    Total Files Cleaned = 138.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: JAMES INGLISH
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: JAMES INGLISH
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.55.0 log created on 08062012_190339
    Files\Folders moved on Reboot...
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DF11E7.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DF1308.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB353.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB3CB.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB4C8.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB513.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB5A6.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB5F0.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC08D.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC1BB.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC3CD.tmp not found!
    File\Folder C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC604.tmp not found!
    C:\Users\JAMES INGLISH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\JAMES INGLISH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DF11E7.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DF1308.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB353.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB3CB.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB4C8.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB513.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB5A6.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFB5F0.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC08D.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC1BB.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC3CD.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Temp\~DFC604.tmp not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\JAMES INGLISH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
    Registry entries deleted on Reboot...
     
  20. Confused Newby

    Confused Newby TS Rookie Topic Starter Posts: 24

    Broni,

    The computer is working really really well, I have downloaded all the extra programs you suggested to keep my computer safe in the future. Fingers crossed this is an end to it all now.

    I would like to say a huge thankyou to you for giving up your time and sharing you expirience with us all..

    Best wishes

    James
     
  21. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.