My friends daughters comptuer seems to be infected with a list of thnings. I've ran Mbam on it and it came up with 197 issues all relating to
Adaware.Agent.ZGen
Adaware.ClickPotato
Adaware.Hotbar.Gen
Adaware.ShopperReport
Adaware.Hotbar.CP
Adaware.Suptomate
Adaware.Hotbar
Adaware.ScanQuery
Malware Trace
The computer has 2 user accounts, It has McAfee internet security on it but it is either expired or infections have corrupt it. I am also unable to connect to the internet with it.
Here's the OTL log.
Thanks in advance for the help.
OTL logfile created on: 22/01/2012 22:10:33 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kimbo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.87 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 55.70% Memory free
3.98 Gb Paging File | 3.07 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 7.65 Gb Free Space | 10.28% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 67.95 Gb Free Space | 92.81% Space Free | Partition Type: NTFS
Computer Name: KIMBO-PC | User Name: Kimbo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kimbo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Nokia\MPlatform\sqlite3.dll ()
========== Win32 Services (SafeList) ==========
SRV - (McSysmon) -- File not found
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TwonkyMedia) -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (PacketVideo)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 D2 E4 CB 79 19 CC 01 [binary data]
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://www.scanquery...ryPB&keywords="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kimbo\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kimbo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/12 03:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/12 14:20:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/22 19:46:53 | 000,000,000 | ---D | M]
[2008/12/18 17:43:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimbo\AppData\Roaming\Mozilla\Extensions
[2011/07/12 14:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimbo\AppData\Roaming\Mozilla\Firefox\Profiles\56i52jvb.default\extensions
[2009/09/05 13:43:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kimbo\AppData\Roaming\Mozilla\Firefox\Profiles\56i52jvb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/12 14:20:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kimbo\AppData\Roaming\Mozilla\Firefox\Profiles\56i52jvb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/07 14:13:34 | 000,001,632 | ---- | M] () -- C:\Users\Kimbo\AppData\Roaming\Mozilla\Firefox\Profiles\56i52jvb.default\searchplugins\live-search.xml
[2012/01/22 19:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/16 14:19:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/01/12 03:11:01 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/07/12 14:20:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 08:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 08:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 08:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 08:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2009/02/17 19:34:53 | 000,292,080 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101006185946.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4054419834-2219131176-2473536219-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kimbo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kimbo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a418d94-3361-11de-a075-001e3363a975}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{b00176e7-fc6c-11dd-907e-001e3363a975}\Shell - "" = AutoRun
O33 - MountPoints2\{b00176e7-fc6c-11dd-907e-001e3363a975}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c333807b-17ba-11df-9ccf-001e3363a975}\Shell - "" = AutoRun
O33 - MountPoints2\{c333807b-17ba-11df-9ccf-001e3363a975}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/22 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/22 19:18:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kimbo\Desktop\OTL.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/22 22:15:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6DEFD21E-F95D-4A22-B84D-E49C30AC4B27}.job
[2012/01/22 22:14:51 | 000,608,542 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 22:14:51 | 000,109,146 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 22:08:22 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/01/22 22:07:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 22:07:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 22:06:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 22:06:52 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 19:19:17 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 19:15:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kimbo\Desktop\OTL.exe
[2012/01/12 03:03:39 | 000,373,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/11 03:12:24 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/22 22:06:52 | 2009,071,616 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/22 19:19:17 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 03:12:24 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/24 20:26:54 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/24 20:26:54 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/19 22:28:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 22:28:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 22:26:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/28 11:10:59 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/03/28 11:10:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/03/28 11:10:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/03/28 11:10:59 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/03/28 11:10:59 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/03/28 11:10:59 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/03/28 11:10:59 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/03/28 11:10:59 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/03/28 11:10:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/03/28 11:10:59 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/03/28 11:10:59 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/03/28 11:10:59 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/03/28 11:10:59 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/03/28 11:10:59 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/03/28 11:10:59 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/03/28 11:10:59 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/03/28 11:10:59 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/03/28 11:10:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/03/28 11:10:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/22 18:23:23 | 000,000,680 | ---- | C] () -- C:\Users\Kimbo\AppData\Local\d3d9caps.dat
[2008/10/21 18:13:14 | 000,000,674 | ---- | C] () -- C:\Users\Kimbo\AppData\Roaming\wklnhst.dat
[2008/10/21 17:37:43 | 000,023,552 | ---- | C] () -- C:\Users\Kimbo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 17:17:36 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/10/21 16:56:32 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/10/21 16:56:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/10/21 16:56:32 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/10/21 16:56:32 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/07 16:37:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/07 16:37:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/07 16:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/07 16:37:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/07 16:37:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/07 16:37:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/07 16:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 16:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 16:15:10 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/07 16:15:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/07 16:15:07 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/07 15:31:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,373,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,542 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,109,146 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2010/12/25 11:38:24 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PC Suite
[2011/04/24 20:09:31 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\.ABC
[2010/03/14 16:46:49 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Facebook
[2010/01/29 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\myphotobook
[2010/07/05 12:43:12 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Nokia
[2010/07/05 12:52:43 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Nseries
[2009/04/06 10:40:44 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Panasonic
[2010/07/05 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\PC Suite
[2008/11/27 18:26:56 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Sports Interactive
[2011/05/14 02:45:14 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Spotify
[2009/03/02 14:50:22 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Template
[2008/12/04 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\Kimbo\AppData\Roaming\Toshiba
[2012/01/22 19:50:12 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/22 22:15:30 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6DEFD21E-F95D-4A22-B84D-E49C30AC4B27}.job
========== Purity Check ==========
< End of report >