Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hotbar infection and computer wont function properly

Started by Africanlion , Apr 07 2012 11:50 AM

Please log in to reply

#1
Africanlion

Posted 07 April 2012 - 11:50 AM

Member

Member
108 posts

Hi
My Microsoft Essentials detected some hotbar infection (i forget the name now) and MSE auto delected it. I restarted the computer as a precaution on the advice of a friend. Since then i cant play youtube videos, you tube keeps freezing and he computer is running real slow. The tab windows in Mozilla all keep flickering as if refreshing even when i am doing nothing on the laptop.

Windows Media player wont function and after starting it it says it has encountered a problem and needs to shut down

Help please :upset:

OTL logfile created on: 10/04/2012 16:23:31 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tendai\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 40.86% Memory free
3.98 Gb Paging File | 2.43 Gb Available in Paging File | 61.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.42 Gb Total Space | 14.63 Gb Free Space | 26.88% Space Free | Partition Type: NTFS

Computer Name: TENDAI-PC | User Name: Tendai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 16:22:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tendai\Desktop\OTL.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/13 05:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012/03/01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe
PRC - [2011/08/17 19:01:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/08/27 13:14:48 | 001,050,072 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2010/08/27 13:14:42 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/09/12 08:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/05 21:25:59 | 000,115,137 | ---- | M] () -- C:\Users\Tendai\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/04 13:35:32 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/13 05:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/12 02:37:58 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8345a7a14f0dc106f60d31a2c8eac2f\System.ServiceProcess.ni.dll
MOD - [2012/03/12 02:37:09 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/03/12 02:34:06 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/03/12 02:33:49 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/03/12 01:33:12 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f7283ec1c4b47c6b21777626a76d6611\System.Windows.Forms.ni.dll
MOD - [2012/03/12 01:32:08 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b798dff0ec58f4c76d96bb656d8d04bd\System.Drawing.ni.dll
MOD - [2012/03/12 01:31:09 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\54713c242f2029a417259a10b673873f\PresentationFramework.ni.dll
MOD - [2012/03/12 01:28:34 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b761a3b6e5c751993ff65aafd7fe42b8\PresentationCore.ni.dll
MOD - [2012/03/12 01:27:40 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3ed9c2f173958ae6663134d302cc4f62\WindowsBase.ni.dll
MOD - [2012/03/12 01:26:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/03/12 01:26:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7bbdea460b86c08496e471d808bd386\System.Configuration.ni.dll
MOD - [2012/03/12 01:25:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/03/12 01:24:43 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/03/12 01:23:24 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/03/12 01:21:54 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/02/14 23:24:07 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/14 23:21:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MOD - [2012/02/14 23:21:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/14 23:20:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/14 22:25:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/14 22:24:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/14 22:23:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/14 22:18:03 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/14 22:17:20 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/14 22:16:41 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/12 13:47:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2006/11/24 21:37:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 13:35:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 23:38:04 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/08/17 19:01:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/27 13:14:42 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/09/12 08:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pfc.sys -- (pfc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/10 14:07:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D11A5003-4CBB-4120-BD7F-ECCC07239D92}\MpKsl01cf0dd2.sys -- (MpKsl01cf0dd2)
DRV - [2011/10/12 20:43:58 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/08/05 00:34:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 00:34:58 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/27 03:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/27 03:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010/04/27 03:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010/01/27 03:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\38013711.sys -- (38013711)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/13 08:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/24 21:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/20 18:14:28 | 000,033,792 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/12 09:18:14 | 000,007,680 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2006/08/31 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/14 18:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/02/14 18:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....31245e70ac32cba
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 2C C1 B1 C7 2C CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {2BE7B484-00C5-4DD2-9A92-7FE3A5F160E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2BE7B484-00C5-4DD2-9A92-7FE3A5F160E9}: "URL" = http://www.google.co...rms}&meta=&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox [2012/03/08 22:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/16 21:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/03 07:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 02:22:24 | 000,000,000 | ---D | M]

[2011/06/15 02:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tendai\AppData\Roaming\mozilla\Extensions
[2012/03/15 03:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tendai\AppData\Roaming\mozilla\Firefox\Profiles\rsun6w2c.default\extensions
[2011/06/21 23:02:51 | 000,001,735 | ---- | M] () -- C:\Users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\searchplugins\ask.uk.xml
[2012/04/02 18:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 16:56:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/16 21:42:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/08 22:35:29 | 000,000,000 | ---D | M] (VDownloader) -- C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX
() (No name found) -- C:\USERS\TENDAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RSUN6W2C.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2011/06/15 16:49:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/13 06:38:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 06:38:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/03/13 06:38:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/03/13 06:38:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/04 22:21:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Tendai\AppData\Roaming\Complitly\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Tendai\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tendai\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 16:22:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tendai\Desktop\OTL.exe
[2012/04/06 03:02:29 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\NPS
[2012/04/06 02:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2012/04/06 02:37:07 | 000,123,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_mdm.sys
[2012/04/06 02:37:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bus.sys
[2012/04/06 02:37:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_mdfl.sys
[2012/04/06 02:37:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_cmnt.sys
[2012/04/06 02:37:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_cm.sys
[2012/04/06 02:37:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_whnt.sys
[2012/04/06 02:37:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_wh.sys
[2012/04/06 02:35:06 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2012/04/06 02:34:22 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\My NPS Files
[2012/04/06 01:51:16 | 000,000,000 | ---D | C] -- C:\Download
[2012/04/06 01:46:38 | 000,000,000 | ---D | C] -- C:\AllShare
[2012/04/05 21:22:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012/03/29 20:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 20:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 20:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/12 01:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012/03/12 00:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/03/12 00:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2012/03/12 00:48:32 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\SelfMV
[2012/03/12 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Local\Samsung
[2012/03/12 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Roaming\Samsung
[2012/03/12 00:27:02 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\samsung
[2012/03/12 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{43ff85ef-8d8b-4c32-9e9f-7efb68ab300c}
[2012/03/12 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{0aa9b189-76dc-4bb7-98f0-f1e0d6e3dee5}
[2012/03/12 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{f2d8cc8f-c480-43b6-a05a-f80d96e3ff7b}
[2012/03/12 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{1bc4614a-da4a-4c09-91f0-583022d20035}
[2012/03/12 00:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/03/12 00:10:22 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/03/12 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/03/12 00:09:25 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/03/12 00:09:25 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/03/12 00:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/03/12 00:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/03/12 00:00:12 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Local\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2012/04/10 16:22:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tendai\Desktop\OTL.exe
[2012/04/10 16:06:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 16:06:25 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 16:05:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 15:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 14:13:25 | 000,615,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/10 14:13:25 | 000,114,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/10 14:07:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 14:06:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/06 02:42:08 | 000,001,912 | ---- | M] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/06 02:42:08 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/06 02:21:42 | 173,838,160 | ---- | M] () -- C:\Users\Tendai\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2012/04/06 01:50:42 | 000,001,771 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2012/04/06 01:46:08 | 000,001,795 | ---- | M] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/05 20:17:24 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/02 18:50:37 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/29 20:22:15 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 17:22:03 | 000,043,008 | ---- | M] () -- C:\Users\Tendai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/28 01:53:36 | 000,293,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/26 12:54:13 | 000,007,944 | ---- | M] () -- C:\Users\Tendai\AppData\Local\d3d9caps.dat
[2012/03/26 01:16:08 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/03/26 01:15:02 | 000,000,088 | RHS- | M] () -- C:\ProgramData\E0C60D2CBC.sys
[2012/03/12 01:18:51 | 025,893,376 | ---- | M] () -- C:\Samsung AllShare.msi
[2012/03/12 01:18:42 | 000,023,552 | ---- | M] () -- C:\2057.MST
[2012/03/12 01:16:41 | 000,022,044 | ---- | M] () -- C:\0x0809.ini
[2012/03/12 00:26:18 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/12 00:10:37 | 000,001,723 | ---- | M] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk

========== Files Created - No Company Name ==========

[2012/04/06 02:42:08 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/06 02:42:07 | 000,001,912 | ---- | C] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/06 02:35:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012/04/06 02:35:06 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012/04/06 02:19:05 | 173,838,160 | ---- | C] () -- C:\Users\Tendai\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2012/04/06 01:50:42 | 000,001,771 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2012/04/06 01:46:08 | 000,001,795 | ---- | C] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/04 13:35:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 20:22:15 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/12 01:21:07 | 000,023,552 | ---- | C] () -- C:\2057.MST
[2012/03/12 01:21:07 | 000,022,044 | ---- | C] () -- C:\0x0809.ini
[2012/03/12 01:21:03 | 025,893,376 | ---- | C] () -- C:\Samsung AllShare.msi
[2012/03/12 00:26:18 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/12 00:10:37 | 000,001,723 | ---- | C] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/02/04 20:14:08 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/01/31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/01/25 03:36:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E0C60D2CBC.sys
[2012/01/25 03:36:39 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/08 00:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\RAWImage.INI
[2011/06/30 17:01:58 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/30 17:01:56 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/30 17:01:56 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/06/30 17:01:56 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/06/30 17:01:55 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/30 17:01:55 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/06/30 17:01:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/30 17:01:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/30 17:01:55 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/30 17:01:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/30 17:01:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/30 17:01:55 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/06/30 17:01:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/30 17:01:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/30 17:01:54 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/30 17:01:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/30 17:01:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/30 17:01:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/30 17:01:53 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/29 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2011/06/26 19:18:16 | 000,007,944 | ---- | C] () -- C:\Users\Tendai\AppData\Local\d3d9caps.dat
[2011/06/17 09:55:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 09:55:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/16 23:16:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/16 22:19:45 | 000,000,309 | ---- | C] () -- C:\Users\Tendai\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/06/15 02:48:31 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX640E.ini
[2011/06/15 02:33:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 01:59:49 | 000,043,008 | ---- | C] () -- C:\Users\Tendai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 01:55:12 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011/06/15 01:55:12 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini

========== LOP Check ==========

[2011/07/13 18:28:10 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Auslogics
[2011/06/27 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\AVG10
[2012/03/28 01:42:09 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Azureus
[2011/11/13 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Birdstep Technology
[2012/01/24 21:34:10 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Complitly
[2011/07/10 22:43:02 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\DVDVideoSoft
[2011/07/12 01:46:42 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\EPSON
[2011/08/23 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Foxit Software
[2011/06/16 22:52:10 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\FreeFLVConverter
[2011/06/16 00:02:20 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\InterVideo
[2011/06/30 01:01:30 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\OpenDNS Updater
[2011/06/16 00:50:38 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\OpenOffice.org
[2012/04/06 02:34:22 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Samsung
[2011/10/17 23:16:54 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Synaptics
[2011/10/02 15:46:47 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\T-Mobile
[2011/10/02 15:54:08 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\T-Mobile Internet Manager
[2011/08/01 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Telefónica
[2011/07/11 01:28:03 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Toshiba
[2012/03/26 01:50:27 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\Ulead Systems
[2012/04/01 00:51:27 | 000,000,000 | ---D | M] -- C:\Users\Tendai\AppData\Roaming\VDownloader
[2012/04/09 00:04:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by Africanlion, 10 April 2012 - 09:35 AM.

#2
WhiteHat

Posted 09 April 2012 - 07:51 PM

Trusted Helper

Retired Staff
1,925 posts

Hello Africanlion and welcome to GeeksToGo

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Please do not try to fix anything without being asked
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
Africanlion

Posted 10 April 2012 - 09:15 AM

Member

Topic Starter
Member
108 posts

Sorry but i did not post any logs. I have done it now

Edited by Africanlion, 10 April 2012 - 09:34 AM.

#4
WhiteHat

Posted 10 April 2012 - 04:04 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

Please, do not edit your post to include any information, do a new post instead

# Step 1 #

Run OTL again.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
In Extra Registry, select Use SafeList
Under the Custom Scan box paste this in
netsvcs
msconfig
drives
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U /s
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

# Step 2 #

Posted Image

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be
prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

# Step 3 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#5
Africanlion

Posted 10 April 2012 - 04:40 PM

Member

Topic Starter
Member
108 posts

Hi
Do you mean i should start a new topic with new OTL logs or just continue with this one?

#6
Africanlion

Posted 10 April 2012 - 05:07 PM

Member

Topic Starter
Member
108 posts

OTL logfile created on: 10/04/2012 23:41:16 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tendai\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.09% Memory free
3.99 Gb Paging File | 2.71 Gb Available in Paging File | 67.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.42 Gb Total Space | 14.32 Gb Free Space | 26.32% Space Free | Partition Type: NTFS

Computer Name: TENDAI-PC | User Name: Tendai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 16:22:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tendai\Desktop\OTL.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/13 05:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012/03/01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe
PRC - [2011/08/17 19:01:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/19 07:44:40 | 001,706,040 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/08/27 13:14:48 | 001,050,072 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2010/08/27 13:14:42 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/09/12 08:03:20 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/10 23:18:12 | 000,115,137 | ---- | M] () -- C:\Users\Tendai\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/04 13:35:32 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/13 05:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/12 02:37:58 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8345a7a14f0dc106f60d31a2c8eac2f\System.ServiceProcess.ni.dll
MOD - [2012/03/12 02:37:09 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/03/12 02:34:06 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/03/12 02:33:49 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/03/12 01:33:12 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f7283ec1c4b47c6b21777626a76d6611\System.Windows.Forms.ni.dll
MOD - [2012/03/12 01:32:08 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b798dff0ec58f4c76d96bb656d8d04bd\System.Drawing.ni.dll
MOD - [2012/03/12 01:31:09 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\54713c242f2029a417259a10b673873f\PresentationFramework.ni.dll
MOD - [2012/03/12 01:28:34 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b761a3b6e5c751993ff65aafd7fe42b8\PresentationCore.ni.dll
MOD - [2012/03/12 01:27:40 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3ed9c2f173958ae6663134d302cc4f62\WindowsBase.ni.dll
MOD - [2012/03/12 01:26:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/03/12 01:26:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7bbdea460b86c08496e471d808bd386\System.Configuration.ni.dll
MOD - [2012/03/12 01:25:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/03/12 01:24:43 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/03/12 01:23:24 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/03/12 01:21:54 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/02/14 23:24:07 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/14 23:21:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MOD - [2012/02/14 23:21:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/14 23:20:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/14 22:25:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/14 22:24:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/14 22:23:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/14 22:18:03 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/14 22:17:20 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/14 22:16:41 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/12 13:47:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2009/12/08 17:50:04 | 003,565,056 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax
MOD - [2006/11/24 21:37:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 13:35:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 23:38:04 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/08/17 19:01:17 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/27 13:14:42 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/14 20:06:14 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/09/12 08:03:20 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pfc.sys -- (pfc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/10 23:17:41 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D11A5003-4CBB-4120-BD7F-ECCC07239D92}\MpKsl713c92f3.sys -- (MpKsl713c92f3)
DRV - [2012/04/10 14:07:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D11A5003-4CBB-4120-BD7F-ECCC07239D92}\MpKsl01cf0dd2.sys -- (MpKsl01cf0dd2)
DRV - [2011/10/12 20:43:58 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/08/05 00:34:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 00:34:58 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/27 03:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/27 03:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010/04/27 03:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010/01/27 03:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\38013711.sys -- (38013711)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/13 08:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/24 21:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/20 18:14:28 | 000,033,792 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/12 09:18:14 | 000,007,680 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2006/08/31 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/14 18:50:52 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/02/14 18:41:20 | 000,208,256 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....31245e70ac32cba
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 2C C1 B1 C7 2C CC 01 [binary data]
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\..\SearchScopes,DefaultScope = {2BE7B484-00C5-4DD2-9A92-7FE3A5F160E9}
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\..\SearchScopes\{2BE7B484-00C5-4DD2-9A92-7FE3A5F160E9}: "URL" = http://www.google.co...rms}&meta=&rlz=
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox [2012/03/08 22:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/16 21:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/03 07:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 02:22:24 | 000,000,000 | ---D | M]

[2011/06/15 02:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tendai\AppData\Roaming\mozilla\Extensions
[2012/03/15 03:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tendai\AppData\Roaming\mozilla\Firefox\Profiles\rsun6w2c.default\extensions
[2011/06/21 23:02:51 | 000,001,735 | ---- | M] () -- C:\Users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\searchplugins\ask.uk.xml
[2012/04/02 18:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 16:56:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/16 21:42:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/08 22:35:29 | 000,000,000 | ---D | M] (VDownloader) -- C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX
() (No name found) -- C:\USERS\TENDAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RSUN6W2C.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2011/06/15 16:49:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/13 06:38:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 06:38:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/03/13 06:38:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/03/13 06:38:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/04 22:21:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKU\S-1-5-21-3620444953-280723023-3404930093-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3620444953-280723023-3404930093-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3620444953-280723023-3404930093-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch...acker_url.pl?EN File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Tendai\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tendai\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found
MsConfig - StartUpReg: EEventManager - hkey= - key= - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: TOSHIBA Volume Indicator - hkey= - key= - C:\Program Files\Toshiba\Utilities\VolControl.exe (TOSHIBA Inc.)
MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
MsConfig - State: "bootini" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 22:41:01 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack
[2012/04/10 22:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2012/04/10 16:22:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tendai\Desktop\OTL.exe
[2012/04/06 03:02:29 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\NPS
[2012/04/06 02:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2012/04/06 02:37:07 | 000,123,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_mdm.sys
[2012/04/06 02:37:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bus.sys
[2012/04/06 02:37:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_mdfl.sys
[2012/04/06 02:37:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_cmnt.sys
[2012/04/06 02:37:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_cm.sys
[2012/04/06 02:37:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_whnt.sys
[2012/04/06 02:37:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_wh.sys
[2012/04/06 02:35:06 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2012/04/06 02:34:22 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\My NPS Files
[2012/04/06 01:51:16 | 000,000,000 | ---D | C] -- C:\Download
[2012/04/06 01:46:38 | 000,000,000 | ---D | C] -- C:\AllShare
[2012/04/05 21:22:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012/04/04 13:35:34 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/29 20:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 20:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 20:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/15 03:05:02 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/15 03:04:59 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/15 03:04:57 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/15 03:04:57 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/15 03:04:57 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/15 03:04:57 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/15 03:04:57 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/12 01:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012/03/12 00:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/03/12 00:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2012/03/12 00:48:32 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\SelfMV
[2012/03/12 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Local\Samsung
[2012/03/12 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Roaming\Samsung
[2012/03/12 00:27:02 | 000,000,000 | ---D | C] -- C:\Users\Tendai\Documents\samsung
[2012/03/12 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{43ff85ef-8d8b-4c32-9e9f-7efb68ab300c}
[2012/03/12 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{0aa9b189-76dc-4bb7-98f0-f1e0d6e3dee5}
[2012/03/12 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{f2d8cc8f-c480-43b6-a05a-f80d96e3ff7b}
[2012/03/12 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{1bc4614a-da4a-4c09-91f0-583022d20035}
[2012/03/12 00:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/03/12 00:10:22 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/03/12 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/03/12 00:09:25 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/03/12 00:09:25 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DIFxAPI.dll
[2012/03/12 00:09:25 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/03/12 00:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/03/12 00:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/03/12 00:00:12 | 000,000,000 | ---D | C] -- C:\Users\Tendai\AppData\Local\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2012/04/10 23:42:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 23:23:01 | 000,615,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/10 23:23:01 | 000,114,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/10 23:19:08 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 23:19:03 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 23:17:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 23:16:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 23:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/10 22:51:30 | 000,007,944 | ---- | M] () -- C:\Users\Tendai\AppData\Local\d3d9caps.dat
[2012/04/10 22:41:09 | 000,000,934 | ---- | M] () -- C:\Users\Tendai\Desktop\Media Player Classic.lnk
[2012/04/10 16:22:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tendai\Desktop\OTL.exe
[2012/04/06 02:42:08 | 000,001,912 | ---- | M] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/06 02:42:08 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/06 02:21:42 | 173,838,160 | ---- | M] () -- C:\Users\Tendai\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2012/04/06 01:50:42 | 000,001,771 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2012/04/06 01:46:08 | 000,001,795 | ---- | M] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/05 20:17:24 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/04 13:35:34 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/04 13:35:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/02 18:50:37 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/29 20:22:15 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 17:22:03 | 000,043,008 | ---- | M] () -- C:\Users\Tendai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/28 01:53:36 | 000,293,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/26 01:16:08 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/03/26 01:15:02 | 000,000,088 | RHS- | M] () -- C:\ProgramData\E0C60D2CBC.sys
[2012/03/12 01:18:51 | 025,893,376 | ---- | M] () -- C:\Samsung AllShare.msi
[2012/03/12 01:18:42 | 000,023,552 | ---- | M] () -- C:\2057.MST
[2012/03/12 01:16:41 | 000,022,044 | ---- | M] () -- C:\0x0809.ini
[2012/03/12 00:26:18 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/12 00:10:37 | 000,001,723 | ---- | M] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk

========== Files Created - No Company Name ==========

[2012/04/10 22:41:09 | 000,000,934 | ---- | C] () -- C:\Users\Tendai\Desktop\Media Player Classic.lnk
[2012/04/06 02:42:08 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2012/04/06 02:42:07 | 000,001,912 | ---- | C] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2012/04/06 02:35:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012/04/06 02:35:06 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012/04/06 02:19:05 | 173,838,160 | ---- | C] () -- C:\Users\Tendai\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2012/04/06 01:50:42 | 000,001,771 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2012/04/06 01:46:08 | 000,001,795 | ---- | C] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
[2012/04/04 13:35:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 20:22:15 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/12 01:21:07 | 000,023,552 | ---- | C] () -- C:\2057.MST
[2012/03/12 01:21:07 | 000,022,044 | ---- | C] () -- C:\0x0809.ini
[2012/03/12 01:21:03 | 025,893,376 | ---- | C] () -- C:\Samsung AllShare.msi
[2012/03/12 00:26:18 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/12 00:10:37 | 000,001,723 | ---- | C] () -- C:\Users\Tendai\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/02/04 20:14:08 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/01/31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/01/25 03:36:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E0C60D2CBC.sys
[2012/01/25 03:36:39 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/08 00:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\RAWImage.INI
[2011/06/30 17:01:58 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/30 17:01:56 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/30 17:01:56 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/06/30 17:01:56 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/06/30 17:01:55 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/30 17:01:55 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/06/30 17:01:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/30 17:01:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/30 17:01:55 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/30 17:01:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/30 17:01:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/30 17:01:55 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/06/30 17:01:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/30 17:01:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/30 17:01:54 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/30 17:01:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/30 17:01:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/30 17:01:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/30 17:01:53 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/29 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2011/06/26 19:18:16 | 000,007,944 | ---- | C] () -- C:\Users\Tendai\AppData\Local\d3d9caps.dat
[2011/06/17 09:55:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 09:55:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/16 23:16:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/16 22:19:45 | 000,000,309 | ---- | C] () -- C:\Users\Tendai\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/06/15 02:48:31 | 000,000,027 | ---- | C] () -- C:\Windows\CDE RX640E.ini
[2011/06/15 02:33:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 01:59:49 | 000,043,008 | ---- | C] () -- C:\Users\Tendai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 01:55:12 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011/06/15 01:55:12 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHV2060BH PL ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 54.00GB
Starting Offset: 1573912576
Hidden sectors: 0

< %SYSTEMDRIVE%\*.* >
[2012/03/12 01:16:41 | 000,022,044 | ---- | M] () -- C:\0x0809.ini
[2012/03/12 01:18:42 | 000,023,552 | ---- | M] () -- C:\2057.MST
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/12/20 12:31:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/10/05 15:23:55 | 000,005,227 | ---- | M] () -- C:\debug.txt
[2006/12/20 14:11:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/06 13:33:13 | 000,100,864 | ---- | M] (GMER) -- C:\kgliipob.sys
[2006/12/20 14:11:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/10 23:16:38 | 2325,168,128 | -HS- | M] () -- C:\pagefile.sys
[2012/03/12 01:18:51 | 025,893,376 | ---- | M] () -- C:\Samsung AllShare.msi
[2006/12/21 15:02:50 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/01/31 02:15:42 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\system32\drivers\dgderdrv.sys
[2012/01/21 04:00:56 | 000,000,000 | ---- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf

< %PROGRAMFILES%\*.* >
[2011/06/16 18:30:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< MD5 for: EXPLORER.EXE >
[2011/06/15 14:40:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/06/15 14:40:08 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/06/15 14:40:08 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/06/15 15:43:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/06/15 15:43:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/06/15 14:40:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/06/17 16:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/06/17 16:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/06/17 16:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/17 16:00:22 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/17 16:00:22 | 000,748,336 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/13 06:39:12 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/06/17 16:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/06/17 16:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/06/17 16:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/17 16:00:22 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/17 16:00:22 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 10/04/2012 23:41:16 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tendai\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.09% Memory free
3.99 Gb Paging File | 2.71 Gb Available in Paging File | 67.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.42 Gb Total Space | 14.32 Gb Free Space | 26.32% Space Free | Partition Type: NTFS

Computer Name: TENDAI-PC | User Name: Tendai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4DFFEC57-734A-4F93-9469-63346808BD15}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EF4ADEE-5156-47ED-B0F5-69C1D889FA6B}" = rport=139 | protocol=6 | dir=out | app=system |
"{68846991-4501-420F-B9C2-A6D6819CE973}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CCEA79D-11A6-425F-B9E4-D832B4DC26DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{7B90C265-3514-4FDA-92E5-29E3B4DB802D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{913FDD4F-C347-49A3-9146-9B6D017D9F4B}" = rport=138 | protocol=17 | dir=out | app=system |
"{96DADB31-57A4-4D02-B443-74C0A1791AA0}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBCBFE07-F887-4698-84F8-9D01A869B4FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9440A5D-1977-4CF2-A94B-23ABCD034873}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCE752ED-6E21-44BE-8F6D-BC0C7D5AEAD3}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB05915-EAB9-46EE-A148-FBCC893E6587}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{1A03A11C-2159-491F-B064-92036ABBB8E9}" = protocol=1 | dir=in | [email protected],-28543 |
"{1D57EDBB-C590-4933-BF80-BC188146FC1F}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2E6DABC8-834C-4E30-ADC9-4A8961086EDA}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{3E329954-4447-421F-B4C1-7E5337723984}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{43284385-F595-4AAE-8C38-A5326717DC3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{557CC10A-003D-4042-959C-9482C62555E5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{5D644DCC-2507-4E6A-B6F7-2475988F025B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{60951A90-34E7-487B-8BB4-92D00F333A91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{665AE219-7D29-4A89-BE82-83FAE3548B24}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{727636EC-300E-460F-B94E-7DE226CEDCDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78957D6C-38C2-48E8-B08E-CD0789C811C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B78416E-1655-4CD8-9876-41BFE6279720}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{7CB32850-01CC-4450-8430-E2E35A9D434F}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{80D5F8E1-61C7-4947-A24D-792D8A94294B}" = protocol=58 | dir=in | [email protected],-28545 |
"{83459757-F719-46E8-999D-3164BBDC131A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{954FCC60-CAF5-4EE5-878F-B5CD0FA89D1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9630058C-861D-4B5E-A763-5B50A3B9A228}" = protocol=1 | dir=out | [email protected],-28544 |
"{9694D5AD-0056-40B0-ABD4-40C9D01D49A5}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{9B79F8C0-E4D4-4F71-B948-01C7F2CB2971}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9E4A6710-301A-46AC-97C3-3B8D668B652E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A3ED10E6-EC3D-4BC9-B5F4-663C809C337C}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{ABDE1A52-F277-4AEF-9AE6-47656D329D8E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F9AEB123-1402-4B5B-AE71-7B8C8564CC09}" = protocol=58 | dir=out | [email protected],-28546 |
"{FF997877-4413-4C03-81F4-DD0B09457AA4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{26B1D2C0-715D-41DB-BDCC-09683EAF5939}C:\users\tendai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tendai\appdata\local\akamai\netsession_win.exe |
"TCP Query User{44F0D65E-9CB5-44C4-8793-559AB699999C}C:\users\tendai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tendai\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B359F89E-6C3C-4FE7-9C7D-FAEC03BA0A87}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F705A832-897C-48CB-B81E-EB93542FA649}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{3EAF1A6B-6CE6-4883-98E7-B3FFE5B9449A}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{49963085-AFBA-44BA-9C44-2358AA6DF603}C:\users\tendai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tendai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{66E0ED31-C0EB-42DA-AE20-C2684CE68616}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{CEC32D03-DAB0-42D3-A7A8-741782BF11C5}C:\users\tendai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tendai\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA8A909-F17C-4AE5-85C1-9107B7A60D26}" = Toshiba TEMPRO
"{2C164906-E68F-462A-9010-70DD022223EF}" = RemoteCapture Task 1.0.2
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44FEBA8C-2C89-E2A9-1423-AE5E5A42F472}" = ATI Catalyst Control Center Ex
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{98708E86-46E1-479D-B897-9802E591E762}" = TOSHIBA Volume Indicator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.990
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE998F99-4CEB-4E64-B717-493A2E9797F4}" = TOSHIBA Supervisor Password
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB0B41B1-E84F-483C-91FF-BB83019EE127}" = TOSHIBA Hardware Setup
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Akamai" = Akamai NetSession Interface Service
"Belarc Advisor" = Belarc Advisor 8.2
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Digital Camera Device Driver" = Digital Camera Device Driver
"DivX Setup" = DivX Setup
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX640 User's Guide" = ESPRX640 User's Guide
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader_is1" = Foxit Reader 5.1
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2C164906-E68F-462A-9010-70DD022223EF}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{98708E86-46E1-479D-B897-9802E591E762}" = TOSHIBA Volume Indicator
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{BE998F99-4CEB-4E64-B717-493A2E9797F4}" = TOSHIBA Supervisor Password
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{EB0B41B1-E84F-483C-91FF-BB83019EE127}" = TOSHIBA Hardware Setup
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Revo Uninstaller" = Revo Uninstaller 1.93
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [32-Bit]
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.1.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3620444953-280723023-3404930093-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/04/2012 11:52:04 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31578

Error - 05/04/2012 12:08:50 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/04/2012 12:08:50 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3140

Error - 05/04/2012 12:08:50 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3140

Error - 05/04/2012 12:17:58 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/04/2012 12:17:58 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 551031

Error - 05/04/2012 12:17:58 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 551031

Error - 05/04/2012 12:18:02 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/04/2012 12:18:02 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 555093

Error - 05/04/2012 12:18:02 | Computer Name = Tendai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 555093

[ System Events ]
Error - 10/04/2012 16:52:45 | Computer Name = Tendai-PC | Source = DCOM | ID = 10005
Description =

Error - 10/04/2012 16:52:57 | Computer Name = Tendai-PC | Source = DCOM | ID = 10005
Description =

Error - 10/04/2012 16:53:04 | Computer Name = Tendai-PC | Source = DCOM | ID = 10005
Description =

Error - 10/04/2012 16:53:06 | Computer Name = Tendai-PC | Source = DCOM | ID = 10005
Description =

Error - 10/04/2012 16:53:42 | Computer Name = Tendai-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/04/2012 16:53:42 | Computer Name = Tendai-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/04/2012 17:07:34 | Computer Name = Tendai-PC | Source = DCOM | ID = 10005
Description =

Error - 10/04/2012 17:52:42 | Computer Name = Tendai-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/04/2012 18:16:41 | Computer Name = Tendai-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 10/04/2012 18:16:41 | Computer Name = Tendai-PC | Source = R300 | ID = 43015
Description = I2c return failed

< End of report >

#7
Africanlion

Posted 11 April 2012 - 03:49 AM

Member

Topic Starter
Member
108 posts

******** Malwarebytes Antimalware found nothing, strangely enough :unsure:

Edited by Africanlion, 11 April 2012 - 12:57 PM.

#8
Africanlion

Posted 11 April 2012 - 12:58 PM

Member

Topic Starter
Member
108 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 10:53:25
-----------------------------
10:53:25.191 OS Version: Windows 6.0.6002 Service Pack 2
10:53:25.191 Number of processors: 1 586 0xE08
10:53:25.193 ComputerName: TENDAI-PC UserName: Tendai
10:53:47.733 Initialize success
10:55:27.360 AVAST engine defs: 12041100
10:55:52.105 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:55:52.113 Disk 0 Vendor: FUJITSU_MHV2060BH_PL 0000002A Size: 57231MB BusType: 3
10:55:52.159 Disk 0 MBR read successfully
10:55:52.170 Disk 0 MBR scan
10:55:52.485 Disk 0 Windows VISTA default MBR code
10:55:52.526 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:55:52.579 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 55729 MB offset 3074048
10:55:52.612 Disk 0 scanning sectors +117207040
10:55:52.778 Disk 0 scanning C:\Windows\system32\drivers
10:57:25.881 Service scanning
10:58:48.691 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:00:41.699 Modules scanning
11:01:07.349 Disk 0 trace - called modules:
11:01:07.791 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:01:07.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853cd668]
11:01:07.815 3 CLASSPNP.SYS[881b08b3] -> nt!IofCallDriver -> [0x84d48870]
11:01:07.825 5 acpi.sys[87a476bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d0d528]
11:01:10.528 AVAST engine scan C:\Windows
11:01:27.084 AVAST engine scan C:\Windows\system32
11:16:19.770 AVAST engine scan C:\Windows\system32\drivers
11:17:53.560 AVAST engine scan C:\Users\Tendai
11:29:40.150 AVAST engine scan C:\ProgramData
11:34:47.495 Scan finished successfully
12:28:53.485 Verifying
12:29:03.596 Disk 0 Windows 600 MBR fixed successfully
12:29:03.695 Verifying
12:29:13.719 Disk 0 Windows 600 MBR fixed successfully
13:19:18.273 Disk 0 MBR has been saved successfully to "C:\Users\Tendai\Desktop\MBR.dat"
13:19:18.419 The log file has been saved successfully to "C:\Users\Tendai\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 13:21:30
-----------------------------
13:21:30.813 OS Version: Windows 6.0.6002 Service Pack 2
13:21:30.813 Number of processors: 1 586 0xE08
13:21:30.814 ComputerName: TENDAI-PC UserName: Tendai
13:21:33.575 Initialize success
13:21:58.880 AVAST engine defs: 12041100
13:22:44.292 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:22:44.300 Disk 0 Vendor: FUJITSU_MHV2060BH_PL 0000002A Size: 57231MB BusType: 3
13:22:44.353 Disk 0 MBR read successfully
13:22:44.358 Disk 0 MBR scan
13:22:44.376 Disk 0 Windows VISTA default MBR code
13:22:44.404 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:22:44.445 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 55729 MB offset 3074048
13:22:44.503 Disk 0 scanning sectors +117207040
13:22:44.673 Disk 0 scanning C:\Windows\system32\drivers
13:24:01.605 Service scanning
13:24:44.633 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:25:34.648 Modules scanning
13:26:00.080 Disk 0 trace - called modules:
13:26:00.488 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:26:00.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853cd668]
13:26:00.506 3 CLASSPNP.SYS[881b08b3] -> nt!IofCallDriver -> [0x84d48870]
13:26:00.516 5 acpi.sys[87a476bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d0d528]
13:26:01.282 AVAST engine scan C:\Windows
13:26:13.946 AVAST engine scan C:\Windows\system32
13:45:24.746 AVAST engine scan C:\Windows\system32\drivers
13:47:43.892 AVAST engine scan C:\Users\Tendai
14:01:42.083 AVAST engine scan C:\ProgramData
14:10:07.240 Scan finished successfully
17:59:27.554 Disk 0 MBR has been saved successfully to "C:\Users\Tendai\Desktop\MBR.dat"
17:59:27.879 The log file has been saved successfully to "C:\Users\Tendai\Desktop\aswMBR.txt"

#9
WhiteHat

Posted 11 April 2012 - 05:50 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

Do you mean i should start a new topic with new OTL logs or just continue with this one?

Continue this one.

I just send my Proposed Fix. Please, until my reply is approved. :thumbsup:

#10
Africanlion

Posted 12 April 2012 - 09:50 AM

Member

Topic Starter
Member
108 posts

#11
WhiteHat

Posted 12 April 2012 - 06:27 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

Sorry for delay.

# Step 1 #

Please, can you tell which file/folder Microsoft Security Essentials is detecting as a HotBar Adware?

# Step 2 #

Please reopen Posted Image

on your desktop.

Under the

box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]


 :OTL
[2011/06/21 23:02:51 | 000,001,735 | ---- | M] ()  --  C:\Users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\searchplugins\ask.uk.xml
[2012/03/12 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{43ff85ef-8d8b-4c32-9e9f-7efb68ab300c}
[2012/03/12 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{0aa9b189-76dc-4bb7-98f0-f1e0d6e3dee5}
[2012/03/12 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{f2d8cc8f-c480-43b6-a05a-f80d96e3ff7b}
[2012/03/12 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{1bc4614a-da4a-4c09-91f0-583022d20035}
  
:Commands
[EMPTYTEMP]
[EMPTYFLASH]

Then click the button at the top
Let the program run unhindered, reboot the PC when it is done
Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

#12
Africanlion

Posted 12 April 2012 - 06:34 PM

Member

Topic Starter
Member
108 posts

Hi
I deleted the history in Microsoft Essentials so cant tell you which folder it was in :upset:

#13
Africanlion

Posted 12 April 2012 - 06:59 PM

Member

Topic Starter
Member
108 posts

All processes killed
========== COMMANDS ==========

Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret <[2011/06/21 23:02:51 | 000,001,735 | ---- | M] () -- C:\Users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\searchplugins\ask.uk.xml> in the current context!
Error: Unable to interpret <[2012/03/12 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{43ff85ef-8d8b-4c32-9e9f-7efb68ab300c}> in the current context!
Error: Unable to interpret <[2012/03/12 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{0aa9b189-76dc-4bb7-98f0-f1e0d6e3dee5}> in the current context!
Error: Unable to interpret <[2012/03/12 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{f2d8cc8f-c480-43b6-a05a-f80d96e3ff7b}> in the current context!
Error: Unable to interpret <[2012/03/12 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{1bc4614a-da4a-4c09-91f0-583022d20035}> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tendai
->Temp folder emptied: 97182627 bytes
->Temporary Internet Files folder emptied: 4726403 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 638608253 bytes
->Flash cache emptied: 4526 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11857054 bytes
RecycleBin emptied: 512 bytes

Total Files Cleaned = 718.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tendai
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04132012_014000

Files\Folders moved on Reboot...
C:\Users\Tendai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PLUK3V0\r[1].htm moved successfully.
C:\Users\Tendai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PLUK3V0\r[2].htm moved successfully.

Registry entries deleted on Reboot...

#14
Africanlion

Posted 12 April 2012 - 07:05 PM

Member

Topic Starter
Member
108 posts

Still no change at all :upset:

#15
WhiteHat

Posted 14 April 2012 - 10:24 AM

Trusted Helper

Retired Staff
1,925 posts

Hi,

I'm a little confuse. Microsoft Security Essentials is still detecting HotBar? If the answer is Yes, please, could you tell me which file/folder is detecting?

# Step 1 #

Repeat the step with OTL:
Please reopen Posted Image

on your desktop.

Under the

box at the bottom, paste in the following

:OTL
[2011/06/21 23:02:51 | 000,001,735 | ---- | M]  ()  --  C:\Users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\searchplugins\ask.uk.xml
[2012/03/12 00:19:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{43ff85ef-8d8b-4c32-9e9f-7efb68ab300c}
[2012/03/12 00:18:19 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{0aa9b189-76dc-4bb7-98f0-f1e0d6e3dee5}
[2012/03/12 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{f2d8cc8f-c480-43b6-a05a-f80d96e3ff7b}
[2012/03/12 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tendai\{1bc4614a-da4a-4c09-91f0-583022d20035}

Then click the button at the top
Let the program run unhindered, reboot the PC when it is done
Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.