Read instructions -- but cannot access antivirus sites for step 1

Hi Broni

I was able to run OTLE with the fix.txt file and here is the log file putput:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mimyzlbo deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\khztokbd deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ikvbbhiq deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gglvftzk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\Alison_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\Alison\AppData\Roaming\Ossa\vyod.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{262ac3aa-d4c5-11de-a9ba-001e3354005b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{262ac3aa-d4c5-11de-a9ba-001e3354005b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{262ac3aa-d4c5-11de-a9ba-001e3354005b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{262ac3aa-d4c5-11de-a9ba-001e3354005b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\runMe.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4537bbab-d24a-11dd-80e7-001e3354005b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4537bbab-d24a-11dd-80e7-001e3354005b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4537bbab-d24a-11dd-80e7-001e3354005b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4537bbab-d24a-11dd-80e7-001e3354005b}\ not found.
File D:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d659fae0-bc98-11df-abb6-9df7a1e37b3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d659fae0-bc98-11df-abb6-9df7a1e37b3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d659fae0-bc98-11df-abb6-9df7a1e37b3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d659fae0-bc98-11df-abb6-9df7a1e37b3f}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6de24a-9e94-11dd-88df-a75e1266564d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc6de24a-9e94-11dd-88df-a75e1266564d}\ not found.
File D:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6de24a-9e94-11dd-88df-a75e1266564d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc6de24a-9e94-11dd-88df-a75e1266564d}\ not found.
File D:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe not found.
C:\ProgramData\HUp5kSreidwXln moved successfully.
C:\Users\Alison\AppData\Roaming\Giyw folder moved successfully.
C:\Users\Alison\AppData\Roaming\Heesyx folder moved successfully.
C:\Users\Alison\AppData\Roaming\Idicw folder moved successfully.
C:\Users\Alison\AppData\Roaming\Izefw folder moved successfully.
C:\Users\Alison\AppData\Roaming\Vacy folder moved successfully.
C:\Users\Alison\AppData\Roaming\Yblys folder moved successfully.
C:\Users\Alison\AppData\Roaming\Ysf folder moved successfully.
ADS C:\Windows\System32\autochk.exe:BAK deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 10042012_004805


I was successfully able to create a restore point.

When I ran Combo fix.exe, it took about an hour to run, Completing 50 Stages, before it started to list files for deletion.

These were files I noticed in the C:\Prgramsdata directory, and then the directory itself, a C:\windows\system32\pt directory, and a coupld of files elsewhere, I have now forgotten.

It then started preparing the log file, was completing that, until it blue screened, rebooted, and Combo fix ran again, until once more it blue-screened, wrote dumps and rebooted. On rebooting the 2nd time, the combofix did not run, with the PC booting normally.

Consequently, this is the only output of the C:\combofix\combofix.txt file:

ComboFix 12-10-03.02 - Alison 04/10/2012 2:39:08.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.1010 [GMT 9.5:30]
Running from: C:\Users\Alison\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

On the bright side,

On rebooting this time, I noticed the Windows Update operating for the first time.

Windows Firewall is now operating again also.

Should I now download and install something like MSE as I still have no antivirus operating other than the Malaware product?

What do I need to do to get a more complete Combofix log?

As an addendum I rebooted again after re-enabling Malabytes, and this time, I noticed that Windows Defender is now working, but out of date as well.

Should I update? Awaiting your instructions in light of all the above.

Cheers, Phil

Hi Broni

I downloaded and unzipped the TDSSKiller program and executed, but the screen just flashed and nothing more happened, even after waiting 20 mins. I searched for TDSS* files on the C: drive but no txt file was to be found.

I did then run Roguekiller as specified, and below is the report contained. I didn't go any further with the next step just in case, given the failure of TDSSKiller. Please advise, many thanks.

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Alison [Admin rights]
Mode : Remove -- Date : 10/05/2012 00:33:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Waafloete (C:\Users\Alison\AppData\Roaming\Ossa\vyod.exe) -> DELETED
[TASK][BLPATH] HPCustParticipation HP Photosmart 7510 series : "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005 -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Users\Alison\AppData\Local\{27785302-92ce-583f-e9a2-93c72cea99d8}\@ --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\Users\Alison\AppData\Local\{27785302-92ce-583f-e9a2-93c72cea99d8}\U\00000001.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Users\Alison\AppData\Local\{27785302-92ce-583f-e9a2-93c72cea99d8}\U\80000000.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Alison\AppData\Local\{27785302-92ce-583f-e9a2-93c72cea99d8}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Alison\AppData\Local\{27785302-92ce-583f-e9a2-93c72cea99d8}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$2778530292ce583fe9a293c72cea99d8\@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$2778530292ce583fe9a293c72cea99d8\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 800000cb.@ : C:\$recycle.bin\S-1-5-18\$2778530292ce583fe9a293c72cea99d8\U\800000cb.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$2778530292ce583fe9a293c72cea99d8\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$2778530292ce583fe9a293c72cea99d8\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVS-26UST0 +++++
--- User ---
[MBR] 81137687323a89604b05f0cbcdd936d4
[BSP] 0508d4ad4490bc101f66d69920798d72 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 106831 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 221863936 | Size: 6133 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 3b08e0f2e9c7679c842336d62cc4b557
[BSP] 0508d4ad4490bc101f66d69920798d72 : Windows Vista MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 106831 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 221863936 | Size: 6133 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 234424320 | Size: 8 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 3b08e0f2e9c7679c842336d62cc4b557
[BSP] 0508d4ad4490bc101f66d69920798d72 : Windows Vista MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 106831 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 221863936 | Size: 6133 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 234424320 | Size: 8 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

No it wouldn't run in Safe Mode either Broni.

Ok, so this is trying the repair option that didn't work previously now after a couple of cleaning tools have been run yes?
Cheers, phil

Ok, will do when I get home tonite.
Cheers Broni

Combofix Log - Normal Boot:

ComboFix 12-10-04.02 - Alison 05/10/2012 23:03:50.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.1131 [GMT 9.5:30]
Running from: c:\users\Alison\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\windows\dsdd.dat
c:\programdata\Windows\nudr.dat
c:\users\Alison\AppData\Roaming\FEE514.dat
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 14:06 . 2012-10-05 14:08 -------- d-----w- c:\users\Alison\AppData\Local\temp
2012-10-05 14:06 . 2012-10-05 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 04:48 . 2012-10-04 04:48 -------- d-----w- C:\_OTL
2012-10-01 00:05 . 2012-10-01 00:05 -------- d-----w- c:\users\Alison\AppData\Roaming\Malwarebytes
2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-01 00:04 . 2012-09-07 07:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 09:31 . 2012-08-21 03:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 09:30 . 2012-09-28 09:30 -------- d-----w- c:\program files\iPod
2012-09-28 09:30 . 2012-09-28 09:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\program files\HP Photo Creations
2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\programdata\HP Photo Creations
2012-09-28 06:56 . 2012-10-05 13:20 -------- d-----w- c:\users\Alison\AppData\Roaming\HpUpdate
2012-09-28 06:55 . 2011-08-31 08:37 544616 ------w- c:\windows\system32\HPDiscoPMA611.dll
2012-09-28 06:53 . 2012-09-28 06:53 -------- d-----w- c:\programdata\HP
2012-09-28 06:52 . 2012-09-28 06:56 -------- d-----w- c:\program files\HP
2012-09-28 06:52 . 2012-09-28 08:14 -------- d-----w- c:\users\Alison\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 04:26 . 2007-09-17 09:58 192512 ----a-w- c:\windows\system32\recdisc.exe
2012-08-21 03:31 . 2010-05-28 07:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 04:12 . 2012-07-09 04:12 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 04:12 . 2012-07-09 04:12 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-05-10 04:46 . 2011-11-13 10:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
2011-05-09 08:49 176936 ----a-w- c:\program files\FLV_Runner\prxtbFLV_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3BBD3C14-4C16-4989-8366-95BC9179779D}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-26 91648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...yRFQrMS1UQk4rMS1VMTArMQ&prod=90&ver=10.0.1411" [?]
.
c:\users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-1-21 1233920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-10-05 c:\windows\Tasks\User_Feed_Synchronization-{F286256D-BAC5-40C4-B58B-2459DA730926}.job
- c:\windows\system32\msfeedssync.exe [2011-11-13 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3027459&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MakeMeBabies 2.0 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3027459&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d609352&I=23&tp=ab&nt=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 23:38
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2220)
c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-10-05 23:55:36
ComboFix-quarantined-files.txt 2012-10-05 14:25
.
Pre-Run: 52,415,373,312 bytes free
Post-Run: 52,151,980,032 bytes free
.
- - End Of File - - 2D80F07FC9A63EF8C5506D7F550F55AC


ComboFix Log - SAFE MODE Log


ComboFix 12-10-04.02 - Alison 06/10/2012 0:27.3.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2037.1448 [GMT 9.5:30]
Running from: c:\users\Alison\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 15:27 . 2012-10-05 15:28 -------- d-----w- c:\users\Alison\AppData\Local\temp
2012-10-05 15:27 . 2012-10-05 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 04:48 . 2012-10-04 04:48 -------- d-----w- C:\_OTL
2012-10-01 00:05 . 2012-10-01 00:05 -------- d-----w- c:\users\Alison\AppData\Roaming\Malwarebytes
2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 00:04 . 2012-10-01 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-01 00:04 . 2012-09-07 07:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 09:31 . 2012-08-21 03:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 09:30 . 2012-09-28 09:30 -------- d-----w- c:\program files\iPod
2012-09-28 09:30 . 2012-09-28 09:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\program files\HP Photo Creations
2012-09-28 06:57 . 2012-09-28 06:57 -------- d-----w- c:\programdata\HP Photo Creations
2012-09-28 06:56 . 2012-10-05 13:20 -------- d-----w- c:\users\Alison\AppData\Roaming\HpUpdate
2012-09-28 06:55 . 2011-08-31 08:37 544616 ------w- c:\windows\system32\HPDiscoPMA611.dll
2012-09-28 06:53 . 2012-09-28 06:53 -------- d-----w- c:\programdata\HP
2012-09-28 06:52 . 2012-09-28 06:56 -------- d-----w- c:\program files\HP
2012-09-28 06:52 . 2012-09-28 08:14 -------- d-----w- c:\users\Alison\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 04:26 . 2007-09-17 09:58 192512 ----a-w- c:\windows\system32\recdisc.exe
2012-08-21 03:31 . 2010-05-28 07:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 04:12 . 2012-07-09 04:12 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 04:12 . 2012-07-09 04:12 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-05-10 04:46 . 2011-11-13 10:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
2011-05-09 08:49 176936 ----a-w- c:\program files\FLV_Runner\prxtbFLV_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3BBD3C14-4C16-4989-8366-95BC9179779D}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-26 91648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...yRFQrMS1UQk4rMS1VMTArMQ&prod=90&ver=10.0.1411" [?]
.
c:\users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
Sidebar.lnk - c:\program files\Windows Sidebar\sidebar.exe [2008-1-21 1233920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-10-05 c:\windows\Tasks\User_Feed_Synchronization-{F286256D-BAC5-40C4-B58B-2459DA730926}.job
- c:\windows\system32\msfeedssync.exe [2011-11-13 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3027459&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MakeMeBabies 2.0 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3027459&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d609352&I=23&tp=ab&nt=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 00:58
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1068)
c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\igfxcpl.cpl
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2012-10-06 01:14:13
ComboFix-quarantined-files.txt 2012-10-05 15:43
ComboFix2.txt 2012-10-05 14:25
.
Pre-Run: 54,305,173,504 bytes free
Post-Run: 54,276,759,552 bytes free
.
- - End Of File - - 166127FBB992D9E9327BF6D5A1863361

Cheers, Phil

Hi Broni

It is looking better no question in that some of the functionality like the firewall, MS Update etc are now saying the work etc, but interestingly the computer seemed to run well (speed-wise) even with the viruses - I suspect these have been on the computer for several weeks unoticed by my daughter until I looked at the machine and noticed no antivirus icon in the task tray.

There are still things no doubt that are still affected - when I boot with the Malwarebytes active, its comes up each time with a site or two, the last saying "successfully blocked access to potentially malicious website 193.169.86.56, outgoing port 49166 svchost.exe.

I guess I'll feel more comforatble when I can create a restore disk successfully and get an antiviris loaded and working once it has been cleaned the best we can.

Anyhow, thanks so much for sticking with me, and below are the OTL and Extras reports requested, ssplit into 2 parts due to the character limit.

Cheers, Phil

OTL logfile created on: 6/10/2012 6:39:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alison\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.43% Memory free
4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.33 Gb Total Space | 48.62 Gb Free Space | 46.61% Space Free | Partition Type: NTFS

Computer Name: ALISON-PC | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 18:37:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/14 11:38:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/10 14:16:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/10/29 15:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 15:07:04 | 000,091,648 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
PRC - [2008/01/29 20:21:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/10 07:32:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/12/26 06:37:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/12/26 06:36:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/06/15 20:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/10 14:16:44 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/07/18 12:51:00 | 003,883,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008/08/26 15:07:04 | 000,091,648 | ---- | M] () -- C:\Windows\System32\SupportAppXL\AutoDect.exe
MOD - [2007/12/25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/12/14 20:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/09/13 15:41:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/11 05:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 05:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/10 14:16:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 21:57:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 11:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/26 06:37:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/29 23:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2006/10/05 13:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Alison\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/11 09:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/04/28 07:44:56 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/04/28 07:44:54 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/04/28 07:44:42 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/04/28 07:44:34 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/07/29 04:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/31 16:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2006/11/28 16:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 07:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/19 05:20:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4d609404&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MakeMeBabies 2.0 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3027459&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MakeMeBabies 2.0 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3027459&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: {9E2C191D-C57A-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: {d4330680-c0ae-4226-8a21-0afe2fd1ac24}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1410
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4d609352&I=23&tp=ab&nt=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 14:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9E2C191D-C57A-11E1-8270-B8AC6F996F26}: C:\Users\Alison\AppData\Local\{9E2C191D-C57A-11E1-8270-B8AC6F996F26}\ [2012/07/04 11:20:24 | 000,000,000 | ---D | M]

[2009/07/18 10:59:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Extensions
[2012/09/28 22:08:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions
[2012/08/27 17:37:32 | 000,000,000 | ---D | M] (MakeMeBabies 2.0 Community Toolbar) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}
[2012/03/24 18:24:13 | 000,020,591 | -H-- | M] () (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/09/28 22:08:52 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/04/05 13:35:34 | 000,000,935 | ---- | M] () -- C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\a12r84fu.default\searchplugins\conduit.xml
[2011/11/13 20:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/04 11:20:24 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ALISON\APPDATA\LOCAL\{9E2C191D-C57A-11E1-8270-B8AC6F996F26}
[2012/05/10 14:16:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/10 14:16:41 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/24 18:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/10 14:16:41 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/10 14:16:41 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/10 14:16:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/10 14:16:41 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/10/04 03:17:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\..\Toolbar\WebBrowser: (FLV Runner Toolbar) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - C:\Program Files\FLV_Runner\prxtbFLV_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Windows\System32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alison\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE5C39F8-23C8-4A19-A0B0-BC23C74B7A48}: DhcpNameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB86AD1-BDE7-408B-A121-1BF279B5B29C}: DhcpNameServer = 203.12.160.35 203.12.160.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 18:36:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe
[2012/10/06 01:14:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/06 01:14:42 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\temp
[2012/10/06 01:12:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/06 00:20:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/05 22:48:52 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Alison\Desktop\ComboFix.exe
[2012/10/05 00:31:38 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\RK_Quarantine
[2012/10/05 00:20:43 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\tdsskiller
[2012/10/04 14:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/04 03:19:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/04 02:30:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/04 02:30:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/04 02:30:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/04 02:28:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/04 02:26:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/01 17:18:39 | 000,905,740 | ---- | C] (Farbar) -- C:\Users\Alison\Desktop\FRST.exe
[2012/10/01 17:18:39 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Alison\Desktop\dds.com
[2012/10/01 17:18:31 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alison\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/01 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\Desktop\Attempt1
[2012/10/01 09:35:09 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Malwarebytes
[2012/10/01 09:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/01 09:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/01 09:34:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/01 09:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/28 19:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/28 19:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/28 19:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/28 18:53:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/28 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/09/28 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/09/28 16:26:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\HpUpdate
[2012/09/28 16:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/09/28 16:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/09/28 16:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/09/28 16:22:06 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\HP
[2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alison\Desktop\TDSSKiller.exe
[2010/05/28 16:50:23 | 097,547,048 | ---- | C] (Apple Inc.) -- C:\Users\Alison\iTunesSetup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 18:41:32 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F286256D-BAC5-40C4-B58B-2459DA730926}.job
[2012/10/06 18:37:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Desktop\OTL.exe
[2012/10/06 18:29:40 | 000,600,770 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/06 18:29:40 | 000,106,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/06 18:25:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 18:25:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 18:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 18:25:16 | 2136,969,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 00:01:01 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/10/05 22:49:43 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Alison\Desktop\ComboFix.exe
[2012/10/05 10:07:08 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alison\Desktop\TDSSKiller.exe
[2012/10/05 00:30:14 | 001,422,336 | ---- | M] () -- C:\Users\Alison\Desktop\RogueKiller.exe
[2012/10/05 00:20:20 | 002,193,278 | ---- | M] () -- C:\Users\Alison\Desktop\tdsskiller.zip
[2012/10/04 03:19:45 | 240,088,771 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/04 03:17:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/01 17:04:51 | 000,905,740 | ---- | M] (Farbar) -- C:\Users\Alison\Desktop\FRST.exe
[2012/10/01 17:02:37 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Alison\Desktop\dds.com
[2012/10/01 17:01:40 | 000,302,592 | ---- | M] () -- C:\Users\Alison\Desktop\Gmerrbhhj6er.exe
[2012/10/01 17:00:40 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alison\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/01 13:49:24 | 000,117,168 | ---- | M] () -- C:\Users\Alison\Desktop\recdisc_x86.zip
[2012/10/01 11:17:31 | 000,002,311 | ---- | M] () -- C:\Users\Alison\Desktop\[Active] - Read Instructions - but cannot access antivirus sites for Step 1 - TechSpot Forums#post-1236488#post-1236488.url
[2012/10/01 09:34:45 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 15:55:07 | 000,173,056 | ---- | M] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/29 11:52:53 | 000,002,305 | ---- | M] () -- C:\Users\Alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/09/29 11:21:03 | 000,002,651 | ---- | M] () -- C:\Users\Alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/09/28 19:01:47 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/28 18:54:33 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/09/28 16:27:19 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/09/28 16:25:45 | 000,002,160 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7510 series.lnk
[2012/09/28 16:25:45 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7510 series.lnk
[2012/09/28 16:25:44 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 7510 series.lnk
[2012/09/28 16:22:47 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/09/16 20:30:07 | 000,000,374 | ---- | M] () -- C:\Users\Alison\Desktop\Media Makeup Character Assignment.pdf - Shortcut.lnk
[2012/09/11 11:08:36 | 001,063,607 | ---- | M] () -- C:\Users\Alison\Documents\Slim-Down-Meal-Plan.pdf
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 01:17:16 | 2136,969,216 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/05 00:30:13 | 001,422,336 | ---- | C] () -- C:\Users\Alison\Desktop\RogueKiller.exe
[2012/10/04 23:41:20 | 002,193,278 | ---- | C] () -- C:\Users\Alison\Desktop\tdsskiller.zip
[2012/10/04 03:19:20 | 240,088,771 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/04 02:30:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/04 02:30:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/04 02:30:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/04 02:30:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/04 02:30:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/01 17:18:28 | 000,302,592 | ---- | C] () -- C:\Users\Alison\Desktop\Gmerrbhhj6er.exe
[2012/10/01 13:48:59 | 000,117,168 | ---- | C] () -- C:\Users\Alison\Desktop\recdisc_x86.zip
[2012/10/01 11:17:31 | 000,002,311 | ---- | C] () -- C:\Users\Alison\Desktop\[Active] - Read Instructions - but cannot access antivirus sites for Step 1 - TechSpot Forums#post-1236488#post-1236488.url
[2012/10/01 09:34:45 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/28 19:01:47 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/28 16:27:19 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/09/28 16:27:16 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/09/28 16:25:45 | 000,002,160 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7510 series.lnk
[2012/09/28 16:25:45 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7510 series.lnk
[2012/09/28 16:25:44 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 7510 series.lnk
[2012/09/28 16:22:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/09/16 20:30:07 | 000,000,374 | ---- | C] () -- C:\Users\Alison\Desktop\Media Makeup Character Assignment.pdf - Shortcut.lnk
[2012/09/11 11:08:36 | 001,063,607 | ---- | C] () -- C:\Users\Alison\Documents\Slim-Down-Meal-Plan.pdf
[2012/06/16 15:51:53 | 000,363,432 | ---- | C] () -- C:\Users\Alison\new5.jpg
[2011/11/13 11:49:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/13 11:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/21 20:49:35 | 000,024,206 | -H-- | C] () -- C:\Users\Alison\AppData\Roaming\UserTile.png
[2008/10/21 20:40:43 | 000,173,056 | ---- | C] () -- C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 19:17:43 | 000,000,680 | -H-- | C] () -- C:\Users\Alison\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 22:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/22 01:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 14:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 11:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/10 08:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\AVG
[2012/06/29 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Caguah
[2012/10/06 18:28:00 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Dropbox
[2012/06/27 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Gely
[2012/04/02 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\GetRightToGo
[2010/12/26 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\LimeWire
[2012/07/31 22:17:04 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Lite
[2012/10/04 14:18:06 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Ossa
[2009/12/29 09:17:42 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\PC Suite
[2012/07/08 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Qukun
[2011/11/08 21:08:49 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\Samsung
[2008/10/24 21:21:57 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\toshiba
[2011/11/08 19:44:24 | 000,000,000 | -H-D | M] -- C:\Users\Alison\AppData\Roaming\Ulead Systems

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2008/01/21 11:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\erdnt\cache\services.exe
[2008/01/21 11:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/21 11:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

< End of report >

Extras Report

OTL Extras logfile created on: 6/10/2012 6:39:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alison\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.43% Memory free
4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.33 Gb Total Space | 48.62 Gb Free Space | 46.61% Space Free | Partition Type: NTFS

Computer Name: ALISON-PC | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C58F298-0E5F-470d-B718-ACFBC477FB1F}_is1" = Aiseesoft iPhone 4 Movie Converter 6.2.16
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BC72E97-FE98-48DF-82BF-C744F716BE28}" = HP Photosmart 7510 series Basic Device Software
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{516A7147-BAB9-4F4F-A168-8E553E535E52}" = HP Photosmart 7510 series Product Improvement Study
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}" = HP Photosmart 7510 series Help
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"FLV_Runner Toolbar" = FLV Runner Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HipHop eJay 4" = HipHop eJay 4 - Deinstallation
"HP Photo Creations" = HP Photo Creations
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 0.9.8a
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3856432456-3556964881-2861625783-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/02/2011 12:31:33 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/02/2011 12:31:33 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 355728082

Error - 7/02/2011 12:31:33 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 355728082

Error - 7/02/2011 12:31:49 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/02/2011 12:31:49 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 355743682

Error - 7/02/2011 12:31:49 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 355743682

Error - 7/02/2011 12:32:04 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/02/2011 12:32:04 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 355759282

Error - 7/02/2011 12:32:04 PM | Computer Name = Alison-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 355759282

Error - 12/02/2011 12:16:34 AM | Computer Name = Alison-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 14/09/2012 12:47:18 PM | Computer Name = Alison-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6596
seconds with 4680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/10/2012 11:47:35 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/10/2012 11:48:25 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/10/2012 11:48:48 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 5/10/2012 11:57:28 AM | Computer Name = Alison-PC | Source = DCOM | ID = 10010
Description =

Error - 6/10/2012 4:55:16 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/10/2012 4:55:23 AM | Computer Name = Alison-PC | Source = HTTP | ID = 15016
Description =

Error - 6/10/2012 4:55:28 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/10/2012 4:56:17 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/10/2012 4:56:28 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 6/10/2012 5:16:16 AM | Computer Name = Alison-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >

Hello Broni
It looks like you are taking a well-earned break.
I am too from tonight. I will be away from this infected PC for 5 weeks due to a work posting.
I will copy the log to a file, if you can instrauct me how to park this post, so that we can resume in 5 weeks time.

Thanks so much for your help so far.
Cheers, Phil