TechSpot

Read instructions -- but cannot access antivirus sites for step 1

Inactive
By Phil Ancell
Sep 30, 2012
  1. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    No it wouldn't run in Safe Mode either Broni.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    Ok, so this is trying the repair option that didn't work previously now after a couple of cleaning tools have been run yes?
    Cheers, phil
     
  4. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    I forgot we tried that already...

    Delete your Combofix file, download fresh one and see if it'll run.
    Try normal and safe mode.
     
  5. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    Ok, will do when I get home tonite.
    Cheers Broni
     
  6. Broni

    Broni Malware Annihilator Posts: 47,037   +255

  7. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    Combofix Log - Normal Boot:

    ComboFix 12-10-04.02 - Alison 05/10/2012 23:03:50.2.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.1131 [GMT 9.5:30]
    Running from: c:\users\Alison\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\windows\dsdd.dat
    c:\programdata\Windows\nudr.dat
    c:\users\Alison\AppData\Roaming\FEE514.dat
    c:\windows\system32\pt\toscdspd.cpl.mui
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-05 14:06 . 2012-10-05 14:08 -------- d-----w- c:\users\Alison\AppData\Local\temp
    2012-10-05 14:06 . 2012-10-05 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-04 04:48 . 2012-10-04 04:48 -------- d-----w- C:\_OTL
    2012-10-01 00:05 . 2012-10-01 00:05 -------- d-----w- c:\users\Alison\AppData\Roaming\Malwarebytes
    2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-01 00:04 . 2012-09-07 07:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-28 09:31 . 2012-08-21 03:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-28 09:30 . 2012-09-28 09:30 -------- d-----w- c:\program files\iPod
    2012-09-28 09:30 . 2012-09-28 09:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\program files\HP Photo Creations
    2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\programdata\HP Photo Creations
    2012-09-28 06:56 . 2012-10-05 13:20 -------- d-----w- c:\users\Alison\AppData\Roaming\HpUpdate
    2012-09-28 06:55 . 2011-08-31 08:37 544616 ------w- c:\windows\system32\HPDiscoPMA611.dll
    2012-09-28 06:53 . 2012-09-28 06:53 -------- d-----w- c:\programdata\HP
    2012-09-28 06:52 . 2012-09-28 06:56 -------- d-----w- c:\program files\HP
    2012-09-28 06:52 . 2012-09-28 08:14 -------- d-----w- c:\users\Alison\AppData\Local\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-01 04:26 . 2007-09-17 09:58 192512 ----a-w- c:\windows\system32\recdisc.exe
    2012-08-21 03:31 . 2010-05-28 07:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-09 04:12 . 2012-07-09 04:12 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-09 04:12 . 2012-07-09 04:12 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-05-10 04:46 . 2011-11-13 10:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\FLV_Runner\prxtbFLV_.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3BBD3C14-4C16-4989-8366-95BC9179779D}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
    "autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-26 91648]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...yRFQrMS1UQk4rMS1VMTArMQ&prod=90&ver=10.0.1411" [?]
    .
    c:\users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
    Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-1-21 1233920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-05 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    2012-10-05 c:\windows\Tasks\User_Feed_Synchronization-{F286256D-BAC5-40C4-B58B-2459DA730926}.job
    - c:\windows\system32\msfeedssync.exe [2011-11-13 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
    FF - ProfilePath - c:\users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3027459&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MakeMeBabies 2.0 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3027459&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d609352&I=23&tp=ab&nt=1&q=
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-05 23:38
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2220)
    c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    Completion time: 2012-10-05 23:55:36
    ComboFix-quarantined-files.txt 2012-10-05 14:25
    .
    Pre-Run: 52,415,373,312 bytes free
    Post-Run: 52,151,980,032 bytes free
    .
    - - End Of File - - 2D80F07FC9A63EF8C5506D7F550F55AC


    ComboFix Log - SAFE MODE Log


    ComboFix 12-10-04.02 - Alison 06/10/2012 0:27.3.1 - x86 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.1448 [GMT 9.5:30]
    Running from: c:\users\Alison\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-05 15:27 . 2012-10-05 15:28 -------- d-----w- c:\users\Alison\AppData\Local\temp
    2012-10-05 15:27 . 2012-10-05 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-04 04:48 . 2012-10-04 04:48 -------- d-----w- C:\_OTL
    2012-10-01 00:05 . 2012-10-01 00:05 -------- d-----w- c:\users\Alison\AppData\Roaming\Malwarebytes
    2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-01 00:04 . 2012-09-07 07:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-28 09:31 . 2012-08-21 03:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-28 09:30 . 2012-09-28 09:30 -------- d-----w- c:\program files\iPod
    2012-09-28 09:30 . 2012-09-28 09:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\program files\HP Photo Creations
    2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\programdata\HP Photo Creations
    2012-09-28 06:56 . 2012-10-05 13:20 -------- d-----w- c:\users\Alison\AppData\Roaming\HpUpdate
    2012-09-28 06:55 . 2011-08-31 08:37 544616 ------w- c:\windows\system32\HPDiscoPMA611.dll
    2012-09-28 06:53 . 2012-09-28 06:53 -------- d-----w- c:\programdata\HP
    2012-09-28 06:52 . 2012-09-28 06:56 -------- d-----w- c:\program files\HP
    2012-09-28 06:52 . 2012-09-28 08:14 -------- d-----w- c:\users\Alison\AppData\Local\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-01 04:26 . 2007-09-17 09:58 192512 ----a-w- c:\windows\system32\recdisc.exe
    2012-08-21 03:31 . 2010-05-28 07:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-09 04:12 . 2012-07-09 04:12 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-09 04:12 . 2012-07-09 04:12 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-05-10 04:46 . 2011-11-13 10:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\FLV_Runner\prxtbFLV_.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3BBD3C14-4C16-4989-8366-95BC9179779D}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
    "autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-26 91648]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...yRFQrMS1UQk4rMS1VMTArMQ&prod=90&ver=10.0.1411" [?]
    .
    c:\users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
    Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-1-21 1233920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-05 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    2012-10-05 c:\windows\Tasks\User_Feed_Synchronization-{F286256D-BAC5-40C4-B58B-2459DA730926}.job
    - c:\windows\system32\msfeedssync.exe [2011-11-13 04:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
    FF - ProfilePath - c:\users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3027459&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MakeMeBabies 2.0 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3027459&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d609352&I=23&tp=ab&nt=1&q=
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-06 00:58
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1068)
    c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\igfxcpl.cpl
    c:\windows\system32\hccutils.DLL
    c:\windows\system32\igfxsrvc.dll
    .
    Completion time: 2012-10-06 01:14:13
    ComboFix-quarantined-files.txt 2012-10-05 15:43
    ComboFix2.txt 2012-10-05 14:25
    .
    Pre-Run: 54,305,173,504 bytes free
    Post-Run: 54,276,759,552 bytes free
    .
    - - End Of File - - 166127FBB992D9E9327BF6D5A1863361

    Cheers, Phil
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good :)

    How is computer doing?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    /md5start
    services.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    Hi Broni

    It is looking better no question in that some of the functionality like the firewall, MS Update etc are now saying the work etc, but interestingly the computer seemed to run well (speed-wise) even with the viruses - I suspect these have been on the computer for several weeks unoticed by my daughter until I looked at the machine and noticed no antivirus icon in the task tray.

    There are still things no doubt that are still affected - when I boot with the Malwarebytes active, its comes up each time with a site or two, the last saying "successfully blocked access to potentially malicious website 193.169.86.56, outgoing port 49166 svchost.exe.

    I guess I'll feel more comforatble when I can create a restore disk successfully and get an antiviris loaded and working once it has been cleaned the best we can.

    Anyhow, thanks so much for sticking with me, and below are the OTL and Extras reports requested, ssplit into 2 parts due to the character limit.

    Cheers, Phil

    OTL logfile created on: 6/10/2012 6:39:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alison\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.43% Memory free
    4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 104.33 Gb Total Space | 48.62 Gb Free Space | 46.61% Space Free | Partition Type: NTFS

    Computer Name: ALISON-PC | User Name: Alison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/06 18:37:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/06/14 11:38:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/10 14:16:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/10/29 15:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/26 15:07:04 | 000,091,648 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
    PRC - [2008/01/29 20:21:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/01/22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/01/17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2008/01/10 07:32:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2007/12/26 06:37:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2007/12/26 06:36:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    PRC - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2007/06/15 20:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/05/10 14:16:44 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2009/07/18 12:51:00 | 003,883,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    MOD - [2008/08/26 15:07:04 | 000,091,648 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
    MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2007/12/14 20:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2007/09/13 15:41:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2006/10/11 05:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/08 05:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Services (SafeList) ==========

    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/05/10 14:16:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/03/14 21:57:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/12/26 06:37:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2007/10/29 23:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Alison\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/05/11 09:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/04/28 07:44:56 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2009/04/28 07:44:54 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2009/04/28 07:44:42 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2009/04/28 07:44:34 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/07/29 04:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/01/21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/08/31 16:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/21 07:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/10/19 05:20:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4d609404&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "MakeMeBabies 2.0 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3027459&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "MakeMeBabies 2.0 Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3027459&SearchSource=13"
    FF - prefs.js..extensions.enabledAddons: {9E2C191D-C57A-11E1-8270-B8AC6F996F26}:2.0.14
    FF - prefs.js..extensions.enabledAddons: {d4330680-c0ae-4226-8a21-0afe2fd1ac24}:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1410
    FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4d609352&I=23&tp=ab&nt=1&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 14:16:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:11:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9E2C191D-C57A-11E1-8270-B8AC6F996F26}: C:\Users\Alison\AppData\Local\{9E2C191D-C57A-11E1-8270-B8AC6F996F26}\ [2012/07/04 11:20:24 | 000,000,000 | ---D | M]

    [2009/07/18 10:59:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Extensions
    [2012/09/28 22:08:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions
    [2012/08/27 17:37:32 | 000,000,000 | ---D | M] (MakeMeBabies 2.0 Community Toolbar) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}
    [2012/03/24 18:24:13 | 000,020,591 | -H-- | M] () (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012/09/28 22:08:52 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2012/04/05 13:35:34 | 000,000,935 | ---- | M] () -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\searchplugins\conduit.xml
    [2011/11/13 20:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/04 11:20:24 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ALISON\APPDATA\LOCAL\{9E2C191D-C57A-11E1-8270-B8AC6F996F26}
    [2012/05/10 14:16:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/10 14:16:41 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/03/24 18:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/10 14:16:41 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/05/10 14:16:41 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/05/10 14:16:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/05/10 14:16:41 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/10/04 03:17:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\Toolbar\WebBrowser: (FLV Runner Toolbar) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE5C39F8-23C8-4A19-A0B0-BC23C74B7A48}: DhcpNameServer = 203.12.160.35 203.12.160.36
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB86AD1-BDE7-408B-A121-1BF279B5B29C}: DhcpNameServer = 203.12.160.35 203.12.160.36
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/06 18:36:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe
    [2012/10/06 01:14:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/06 01:14:42 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\temp
    [2012/10/06 01:12:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/06 00:20:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/10/05 22:48:52 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Alison\Desktop\ComboFix.exe
    [2012/10/05 00:31:38 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\RK_Quarantine
    [2012/10/05 00:20:43 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\tdsskiller
    [2012/10/04 14:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/04 03:19:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/10/04 02:30:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/04 02:30:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/04 02:30:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/04 02:28:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/04 02:26:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/01 17:18:39 | 000,905,740 | ---- | C] (Farbar) -- C:\Users\Alison\Desktop\FRST.exe
    [2012/10/01 17:18:39 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Alison\Desktop\dds.com
    [2012/10/01 17:18:31 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alison\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/01 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\Attempt1
    [2012/10/01 09:35:09 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Malwarebytes
    [2012/10/01 09:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/01 09:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/01 09:34:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/10/01 09:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/28 19:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/28 19:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/28 19:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/09/28 18:53:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/09/28 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
    [2012/09/28 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
    [2012/09/28 16:26:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\HpUpdate
    [2012/09/28 16:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/09/28 16:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/09/28 16:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/09/28 16:22:06 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\HP
    [2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alison\Desktop\TDSSKiller.exe
    [2010/05/28 16:50:23 | 097,547,048 | ---- | C] (Apple Inc.) -- C:\Users\Alison\iTunesSetup.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/06 18:41:32 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F286256D-BAC5-40C4-B58B-2459DA730926}.job
    [2012/10/06 18:37:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe
    [2012/10/06 18:29:40 | 000,600,770 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/06 18:29:40 | 000,106,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/06 18:25:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/06 18:25:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/06 18:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/06 18:25:16 | 2136,969,216 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/06 00:01:01 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
    [2012/10/05 22:49:43 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Alison\Desktop\ComboFix.exe
    [2012/10/05 10:07:08 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alison\Desktop\TDSSKiller.exe
    [2012/10/05 00:30:14 | 001,422,336 | ---- | M] () -- C:\Users\Alison\Desktop\RogueKiller.exe
    [2012/10/05 00:20:20 | 002,193,278 | ---- | M] () -- C:\Users\Alison\Desktop\tdsskiller.zip
    [2012/10/04 03:19:45 | 240,088,771 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/04 03:17:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/10/01 17:04:51 | 000,905,740 | ---- | M] (Farbar) -- C:\Users\Alison\Desktop\FRST.exe
    [2012/10/01 17:02:37 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Alison\Desktop\dds.com
    [2012/10/01 17:01:40 | 000,302,592 | ---- | M] () -- C:\Users\Alison\Desktop\Gmerrbhhj6er.exe
    [2012/10/01 17:00:40 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alison\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/01 13:49:24 | 000,117,168 | ---- | M] () -- C:\Users\Alison\Desktop\recdisc_x86.zip
    [2012/10/01 11:17:31 | 000,002,311 | ---- | M] () -- C:\Users\Alison\Desktop\[Active] - Read Instructions - but cannot access antivirus sites for Step 1 - TechSpot Forums#post-1236488#post-1236488.url
    [2012/10/01 09:34:45 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/29 15:55:07 | 000,173,056 | ---- | M] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/29 11:52:53 | 000,002,305 | ---- | M] () -- C:\Users\Alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/09/29 11:21:03 | 000,002,651 | ---- | M] () -- C:\Users\Alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2012/09/28 19:01:47 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/28 18:54:33 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2012/09/28 16:27:19 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
    [2012/09/28 16:25:45 | 000,002,160 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7510 series.lnk
    [2012/09/28 16:25:45 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7510 series.lnk
    [2012/09/28 16:25:44 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 7510 series.lnk
    [2012/09/28 16:22:47 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/09/16 20:30:07 | 000,000,374 | ---- | M] () -- C:\Users\Alison\Desktop\Media Makeup Character Assignment.pdf - Shortcut.lnk
    [2012/09/11 11:08:36 | 001,063,607 | ---- | M] () -- C:\Users\Alison\Documents\Slim-Down-Meal-Plan.pdf
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/06 01:17:16 | 2136,969,216 | -HS- | C] () -- C:\hiberfil.sys
    [2012/10/05 00:30:13 | 001,422,336 | ---- | C] () -- C:\Users\Alison\Desktop\RogueKiller.exe
    [2012/10/04 23:41:20 | 002,193,278 | ---- | C] () -- C:\Users\Alison\Desktop\tdsskiller.zip
    [2012/10/04 03:19:20 | 240,088,771 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/10/04 02:30:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/04 02:30:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/04 02:30:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/04 02:30:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/04 02:30:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/01 17:18:28 | 000,302,592 | ---- | C] () -- C:\Users\Alison\Desktop\Gmerrbhhj6er.exe
    [2012/10/01 13:48:59 | 000,117,168 | ---- | C] () -- C:\Users\Alison\Desktop\recdisc_x86.zip
    [2012/10/01 11:17:31 | 000,002,311 | ---- | C] () -- C:\Users\Alison\Desktop\[Active] - Read Instructions - but cannot access antivirus sites for Step 1 - TechSpot Forums#post-1236488#post-1236488.url
    [2012/10/01 09:34:45 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/28 19:01:47 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/28 16:27:19 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
    [2012/09/28 16:27:16 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Messager.job
    [2012/09/28 16:25:45 | 000,002,160 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7510 series.lnk
    [2012/09/28 16:25:45 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7510 series.lnk
    [2012/09/28 16:25:44 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 7510 series.lnk
    [2012/09/28 16:22:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/09/16 20:30:07 | 000,000,374 | ---- | C] () -- C:\Users\Alison\Desktop\Media Makeup Character Assignment.pdf - Shortcut.lnk
    [2012/09/11 11:08:36 | 001,063,607 | ---- | C] () -- C:\Users\Alison\Documents\Slim-Down-Meal-Plan.pdf
    [2012/06/16 15:51:53 | 000,363,432 | ---- | C] () -- C:\Users\Alison\new5.jpg
    [2011/11/13 11:49:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/11/13 11:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/10/21 20:49:35 | 000,024,206 | -H-- | C] () -- C:\Users\Alison\AppData\Roaming\UserTile.png
    [2008/10/21 20:40:43 | 000,173,056 | ---- | C] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/17 19:17:43 | 000,000,680 | -H-- | C] () -- C:\Users\Alison\AppData\Local\d3d9caps.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 22:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011/01/22 01:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 14:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 11:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/11/10 08:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\AVG
    [2012/06/29 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Caguah
    [2012/10/06 18:28:00 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Dropbox
    [2012/06/27 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Gely
    [2012/04/02 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\GetRightToGo
    [2010/12/26 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\LimeWire
    [2012/07/31 22:17:04 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Lite
    [2012/10/04 14:18:06 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Ossa
    [2009/12/29 09:17:42 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\PC Suite
    [2012/07/08 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Qukun
    [2011/11/08 21:08:49 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\Samsung
    [2008/10/24 21:21:57 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\toshiba
    [2011/11/08 19:44:24 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\Ulead Systems

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < MD5 for: SERVICES.EXE >
    [2008/01/21 11:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\erdnt\cache\services.exe
    [2008/01/21 11:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
    [2008/01/21 11:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

    < End of report >
     
  10. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    Extras Report

    OTL Extras logfile created on: 6/10/2012 6:39:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alison\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.43% Memory free
    4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 104.33 Gb Total Space | 48.62 Gb Free Space | 46.61% Space Free | Partition Type: NTFS

    Computer Name: ALISON-PC | User Name: Alison | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0C58F298-0E5F-470d-B718-ACFBC477FB1F}_is1" = Aiseesoft iPhone 4 Movie Converter 6.2.16
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1BC72E97-FE98-48DF-82BF-C744F716BE28}" = HP Photosmart 7510 series Basic Device Software
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{516A7147-BAB9-4F4F-A168-8E553E535E52}" = HP Photosmart 7510 series Product Improvement Study
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}" = HP Photosmart 7510 series Help
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    "FLV_Runner Toolbar" = FLV Runner Toolbar
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HipHop eJay 4" = HipHop eJay 4 - Deinstallation
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "VLC media player" = VLC media player 0.9.8a
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/02/2011 12:31:33 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/02/2011 12:31:33 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 355728082

    Error - 7/02/2011 12:31:33 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 355728082

    Error - 7/02/2011 12:31:49 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/02/2011 12:31:49 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 355743682

    Error - 7/02/2011 12:31:49 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 355743682

    Error - 7/02/2011 12:32:04 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/02/2011 12:32:04 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 355759282

    Error - 7/02/2011 12:32:04 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 355759282

    Error - 12/02/2011 12:16:34 AM | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
    Description =

    [ OSession Events ]
    Error - 14/09/2012 12:47:18 PM | Computer Name = Alison-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6596
    seconds with 4680 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/10/2012 11:47:35 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 5/10/2012 11:48:25 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 5/10/2012 11:48:48 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 5/10/2012 11:57:28 AM | Computer Name = Alison-PC | Source = DCOM | ID = 10010
    Description =

    Error - 6/10/2012 4:55:16 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 6/10/2012 4:55:23 AM | Computer Name = Alison-PC | Source = HTTP | ID = 15016
    Description =

    Error - 6/10/2012 4:55:28 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 6/10/2012 4:56:17 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 6/10/2012 4:56:28 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 6/10/2012 5:16:16 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .


    < End of report >
     
  11. Phil Ancell

    Phil Ancell TS Rookie Topic Starter Posts: 21

    Hello Broni
    It looks like you are taking a well-earned break.
    I am too from tonight. I will be away from this infected PC for 5 weeks due to a work posting.
    I will copy the log to a file, if you can instrauct me how to park this post, so that we can resume in 5 weeks time.

    Thanks so much for your help so far.
    Cheers, Phil
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    If you find this topic closed simply PM me.

    Re-run OTL.

    Use the following settings:

    • Click the NONE button
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
    services.exe
    /md5stop
    
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.