Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

probable new folder virus infection

Started by gokulnath , Dec 03 2011 11:07 AM

  • Please log in to reply

#1
gokulnath
Posted 03 December 2011 - 11:07 AM

gokulnath

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I am getting a New folder on my desktop screen every time when I log in to my system.I have scanned using updated malware bytes antimalware .I deleted that folder, but it is coming back when i restart. Please help me.

I use avast antivirus. version 6.0.1367

Thank you and here is the OTL log and extras file.

I am a very basic computer user.

OTL logfile created on: 03/12/2011 22:30:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Welcome\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd/MM/yyyy

2.70 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 50.86% Memory free
5.40 Gb Paging File | 3.98 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 24.12 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
Drive D: | 103.92 Gb Total Space | 86.35 Gb Free Space | 83.10% Space Free | Partition Type: NTFS
Drive E: | 103.92 Gb Total Space | 98.05 Gb Free Space | 94.36% Space Free | Partition Type: NTFS
Drive F: | 97.66 Gb Total Space | 89.07 Gb Free Space | 91.21% Space Free | Partition Type: NTFS

Computer Name: WELCOME-PC | User Name: Welcome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/03 21:51:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Welcome\Downloads\OTL.exe
PRC - [2011/11/28 23:31:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 23:31:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/15 22:18:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/14 11:31:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 11:31:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/09/14 02:55:56 | 000,875,520 | ---- | M] (Carthago Software) -- C:\Program Files\MemInfo\meminfo.exe
PRC - [2011/08/25 03:31:35 | 000,218,624 | ---- | M] () -- C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe
PRC - [2011/08/03 18:53:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2011/06/24 09:52:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/15 13:08:58 | 000,495,232 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 06:54:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 06:54:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/15 03:43:06 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/11/21 02:59:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/21 02:59:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/11/20 00:20:32 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 19:07:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/11/02 23:08:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2010/09/29 00:58:30 | 000,468,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2010/09/29 00:58:18 | 000,521,640 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2010/09/07 04:48:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/08/24 04:42:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/08/24 04:42:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2010/05/09 05:32:06 | 000,742,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2010/04/12 23:16:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/06/21 05:03:00 | 000,116,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng_D.exe
PRC - [2009/04/04 06:47:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/19 10:03:36 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/15 22:18:31 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/03 18:53:58 | 000,069,136 | ---- | M] () -- C:\Program Files\TightVNC\screenhooks.dll
MOD - [2010/04/08 04:36:58 | 009,487,672 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2010/03/04 02:44:58 | 000,016,184 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\Hotkey\FnF11.dll
MOD - [2010/03/04 02:44:56 | 000,016,184 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\Hotkey\FnF10.dll
MOD - [2009/11/04 01:56:26 | 000,058,680 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\Hotkey\FnZ.dll
MOD - [2009/03/13 07:38:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (HWDeviceService.exe)
SRV - [2011/11/28 23:31:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/14 11:31:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/08/25 03:31:35 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MegaFon Modem\UpdateDog\ouc.exe -- (MegaFon Modem. RunOuc)
SRV - [2011/08/18 03:19:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/03 18:53:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/21 06:54:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/21 06:54:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/29 00:58:30 | 000,468,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010/04/12 23:16:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 23:23:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 23:23:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 23:22:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 23:22:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 23:22:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 23:21:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/04 13:42:02 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/11/04 13:42:02 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/11/04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/11/04 13:42:02 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/11/04 13:42:02 | 000,082,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2011/08/25 03:31:43 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/25 03:31:43 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/08/25 03:31:43 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/25 03:31:43 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/10 17:02:28 | 001,282,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/12/18 08:14:24 | 002,129,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/12/12 12:38:40 | 000,234,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010/12/03 07:59:00 | 000,056,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010/11/30 00:17:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010/11/21 02:59:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/21 02:59:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 02:59:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 02:59:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/21 02:59:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/21 02:59:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 02:59:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 02:59:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/21 02:59:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 02:59:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/21 02:59:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/21 02:59:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 02:59:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 22:56:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010/10/20 05:03:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010/10/19 02:43:58 | 000,033,640 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010/09/01 14:00:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/30 23:18:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010/06/19 05:14:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2010/04/27 00:18:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010/03/04 17:53:06 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/25 00:01:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 05:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/23 05:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/18 00:29:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 43 8E CE 74 7C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: C:\Program Files\VideoScavenger_1e\bar\1.bin\NP1eStub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Welcome\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Welcome\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Welcome\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Welcome\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com: C:\Program Files\VideoScavenger_1e\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/29 19:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/19 09:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/19 09:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Welcome\AppData\Roaming\mozilla\Extensions
[2011/11/23 20:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Welcome\AppData\Roaming\mozilla\Firefox\Profiles\qqvcl28q.default\extensions
[2011/11/19 09:48:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Welcome\AppData\Roaming\mozilla\Firefox\Profiles\qqvcl28q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/19 09:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/29 19:40:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\WELCOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQVCL28Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/15 22:18:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/15 18:14:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 18:14:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_MegaFon | Modem] C:\Program Files\MegaFon Modem\UpdateDog\ouc.exe ()
O4 - Startup: C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe (Carthago Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.83.21.12 202.83.21.11 202.54.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0273E8E9-CD7A-4F6D-A8D6-9AD324327600}: NameServer = 4.2.2.2 218.248.240.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78106867-496D-4B4A-897B-EC5D32CF3022}: DhcpNameServer = 202.83.21.12 202.83.21.11 202.54.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D74950AC-08F3-447F-A3FB-2811AAA44499}: NameServer = 4.2.2.2 218.248.240.135
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/14 17:13:03 | 000,771,620 | ---- | M] () - E:\Autonomous_Theory_Exam_Time_Table_-_Nov_Dec_2011.pdf -- [ NTFS ]
O33 - MountPoints2\{480aa6d2-ce97-11e0-ab38-d0df9a53cc4d}\Shell - "" = AutoRun
O33 - MountPoints2\{480aa6d2-ce97-11e0-ab38-d0df9a53cc4d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{f0076dd0-cdcc-11e0-9744-d0df9a53cc4d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0076dd0-cdcc-11e0-9744-d0df9a53cc4d}\Shell\AutoRun\command - "" = I:\.\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 22:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2011/12/03 22:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2011/12/03 21:25:08 | 000,000,000 | ---D | C] -- C:\Users\Welcome\Desktop\New Folder
[2011/12/03 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/30 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Local\Google
[2011/11/29 17:58:24 | 000,000,000 | ---D | C] -- C:\Users\Welcome\Desktop\ravi
[2011/11/19 15:18:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/19 12:14:20 | 000,000,000 | R--D | C] -- C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/19 12:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\MemInfo
[2011/11/19 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Carthago
[2011/11/19 11:07:48 | 000,000,000 | ---D | C] -- C:\Users\Welcome\VirtualBox VMs
[2011/11/19 10:44:54 | 000,000,000 | ---D | C] -- C:\Users\Welcome\.VirtualBox
[2011/11/19 10:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/11/19 10:43:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/11/19 10:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/11/19 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Skype
[2011/11/19 10:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/19 10:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/19 10:22:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/19 10:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/11/19 10:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\CoSoSys Ltd
[2011/11/19 10:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoRun Disable
[2011/11/19 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\CoSoSys Ltd
[2011/11/19 10:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/11/19 10:13:23 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/11/19 10:13:21 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Notepad++
[2011/11/19 10:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/11/19 10:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/11/19 10:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/11/19 10:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/19 09:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/19 09:41:14 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Mozilla
[2011/11/19 09:41:14 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Local\Mozilla
[2011/11/19 09:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/19 09:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/19 09:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/11/19 09:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/11/19 08:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/11/19 08:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/11/19 08:12:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/19 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Malwarebytes
[2011/11/19 08:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/19 08:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/19 07:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/19 07:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/19 07:59:47 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/19 07:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\Welcome\AppData\Roaming\Macromedia
[2011/11/04 20:23:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/04/04 19:23:46 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/12/03 22:15:58 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 22:15:58 | 000,020,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 21:41:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040212047-660546292-483464263-1000UA.job
[2011/12/03 21:13:47 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 21:13:47 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/03 21:02:30 | 000,000,914 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2011/12/03 21:01:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 21:01:31 | 2175,160,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 20:41:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040212047-660546292-483464263-1000Core.job
[2011/11/29 19:40:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/28 23:31:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 23:31:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 23:23:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 23:23:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 23:22:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 23:22:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 23:22:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 23:21:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/21 08:27:22 | 000,403,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/19 12:14:20 | 000,001,807 | ---- | M] () -- C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemInfo.lnk
[2011/11/19 10:06:56 | 000,000,088 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/19 09:57:45 | 000,001,024 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/11/19 09:02:41 | 000,001,367 | ---- | M] () -- C:\Users\Welcome\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/19 08:59:30 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/11/19 08:17:53 | 000,000,983 | ---- | M] () -- C:\Users\Welcome\Desktop\Puran Defrag.lnk
[2011/11/19 08:01:10 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/12/03 08:36:15 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2011/11/30 20:36:59 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040212047-660546292-483464263-1000UA.job
[2011/11/30 20:36:57 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040212047-660546292-483464263-1000Core.job
[2011/11/19 12:14:20 | 000,001,807 | ---- | C] () -- C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemInfo.lnk
[2011/11/19 12:14:20 | 000,001,783 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MemInfo.lnk
[2011/11/19 09:57:45 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/11/19 09:57:45 | 000,000,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/11/19 09:42:57 | 000,000,088 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/19 09:40:50 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/19 09:02:41 | 000,001,373 | ---- | C] () -- C:\Users\Welcome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/19 08:59:30 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/19 08:17:53 | 000,000,983 | ---- | C] () -- C:\Users\Welcome\Desktop\Puran Defrag.lnk
[2011/11/19 08:01:10 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/15 21:03:01 | 000,260,352 | ---- | C] () -- C:\Users\Welcome\Documents\bundle_api-0.2-ref imp code.pdf
[2011/07/02 01:52:10 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/06/27 16:29:27 | 000,030,895 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
[2011/04/04 19:58:26 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/04/04 19:58:26 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/04/04 19:58:26 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/04/04 19:22:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/04 19:18:54 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010/11/21 02:59:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/21 02:59:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/21 08:41:02 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBT.bin
[2009/07/14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:03:53 | 000,403,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 07:35:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 07:35:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/19 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\Carthago
[2011/08/18 05:53:05 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\CometPlayer
[2011/11/19 10:17:50 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\CoSoSys Ltd
[2011/11/19 10:13:31 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\Notepad++
[2011/08/28 10:21:15 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\tigerplayer
[2011/07/02 02:03:24 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\toshiba
[2011/07/02 01:54:42 | 000,000,000 | ---D | M] -- C:\Users\Welcome\AppData\Roaming\WinBatch
[2011/11/30 18:57:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

OTL Extras logfile created on: 03/12/2011 22:30:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Welcome\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd/MM/yyyy

2.70 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 50.86% Memory free
5.40 Gb Paging File | 3.98 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 24.12 Gb Free Space | 48.23% Space Free | Partition Type: NTFS
Drive D: | 103.92 Gb Total Space | 86.35 Gb Free Space | 83.10% Space Free | Partition Type: NTFS
Drive E: | 103.92 Gb Total Space | 98.05 Gb Free Space | 94.36% Space Free | Partition Type: NTFS
Drive F: | 97.66 Gb Total Space | 89.07 Gb Free Space | 91.21% Space Free | Partition Type: NTFS

Computer Name: WELCOME-PC | User Name: Welcome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{5494B59E-6E82-499E-91AC-C53199955EC5}" = Atheros Bluetooth Filter Driver Package
"{553CB6F4-CE15-4C37-A624-AF14667B8006}" = AutoRun Disable by Endpoint Protector
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{650E4124-292E-4638-944C-99A880C9D0F0}" = Oracle VM VirtualBox 4.1.6
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MegaFon Modem" = MegaFon Modem
"MemInfo" = MemInfo (remove only)
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Notepad++" = Notepad++
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TightVNC" = TightVNC 2.0.4
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/12/2011 11:32:24 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 03/12/2011 11:32:24 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 03/12/2011 11:32:24 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 03/12/2011 11:32:24 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 03/12/2011 11:32:24 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 03/12/2011 11:32:25 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 03/12/2011 11:32:25 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 03/12/2011 11:32:25 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 03/12/2011 11:32:25 | Computer Name = Welcome-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 03/12/2011 11:55:00 | Computer Name = Welcome-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ OSession Events ]
Error - 08/10/2011 05:56:58 | Computer Name = Welcome-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3971
seconds with 3600 seconds of active time. This session ended with a crash.

Error - 14/11/2011 12:12:16 | Computer Name = Welcome-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1220
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/12/2011 05:31:26 | Computer Name = Welcome-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MegaFon
Modem. OUC service to connect.

Error - 03/12/2011 05:31:26 | Computer Name = Welcome-PC | Source = Service Control Manager | ID = 7000
Description = The MegaFon Modem. OUC service failed to start due to the following
error: %%1053

Error - 03/12/2011 08:19:50 | Computer Name = Welcome-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/12/2011 08:19:51 | Computer Name = Welcome-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/12/2011 08:19:51 | Computer Name = Welcome-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 03/12/2011 11:31:48 | Computer Name = Welcome-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:42:43 on ?03-?12-?2011 was unexpected.

Error - 03/12/2011 11:31:53 | Computer Name = Welcome-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MegaFon
Modem. OUC service to connect.

Error - 03/12/2011 11:31:53 | Computer Name = Welcome-PC | Source = Service Control Manager | ID = 7000
Description = The MegaFon Modem. OUC service failed to start due to the following
error: %%1053

Error - 03/12/2011 11:32:25 | Computer Name = Welcome-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 03/12/2011 11:32:25 | Computer Name = Welcome-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >


< End of report >

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP