Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer problem [Solved]


  • This topic is locked This topic is locked

#1
alabadeeb

alabadeeb

    Member

  • Member
  • PipPip
  • 12 posts
Hi,
I have problems with my computer that started about 3 weeks ago. Sometimes when i turn on the computer I am not able to click the desktop icons and I have to restart the computer in order for it to work. Other times when I turn the computer on it just freezies on the homepage and doesn't start. Also the computer is running slow and it freezies a lot.

Thanks in advance,
Here is the scan log using OTL
OTL logfile created on: 07/10/2012 21:05:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NEW\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.16% Memory free
4.21 Gb Paging File | 2.35 Gb Available in Paging File | 55.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 49.26 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 104.94 Gb Free Space | 91.15% Space Free | Partition Type: NTFS

Computer Name: BC | User Name: NEW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 21:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NEW\Downloads\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 21:21:56 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/21 17:36:28 | 001,045,904 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2009/04/21 17:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/16 19:54:18 | 006,158,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2008/12/26 08:41:36 | 000,126,976 | ---- | M] () -- C:\Windows\System32\UAService7.exe
PRC - [2008/08/25 06:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/01/29 10:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/25 03:22:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/25 02:24:08 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 12:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/22 06:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/22 03:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 08:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 08:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 08:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/16 10:06:52 | 002,573,640 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/01/09 06:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/01/09 02:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/12/25 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 05:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/29 06:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/25 09:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/04 10:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 08:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 03:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/10/05 03:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/04/26 15:12:02 | 000,933,967 | ---- | M] () -- C:\Program Files\USB ADSL MODEM\USB ADSL MODEM\DSLMON.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/27 09:51:13 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/24 04:20:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/14 13:36:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 13:36:01 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 13:34:01 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 22:03:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 22:00:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 21:48:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 15:02:36 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 15:02:29 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 15:02:09 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2008/01/22 03:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/12/25 04:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 13:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/12/14 13:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/09/13 06:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/01 10:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/10 03:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 03:57:04 | 000,053,248 | ---- | M] () -- c:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2006/04/26 15:12:04 | 000,069,632 | ---- | M] () -- C:\Program Files\USB ADSL MODEM\USB ADSL MODEM\languages\English.dll
MOD - [2006/04/26 15:12:02 | 000,933,967 | ---- | M] () -- C:\Program Files\USB ADSL MODEM\USB ADSL MODEM\DSLMON.exe
MOD - [2005/07/22 13:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
MOD - [2003/06/30 03:57:00 | 000,337,920 | ---- | M] () -- C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll


========== Services (SafeList) ==========

SRV - [2012/09/17 14:40:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/04/21 17:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2008/12/26 08:41:36 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2008/08/25 06:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/01/21 08:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/17 08:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 09:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/28 08:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/05 03:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [1998/06/05 14:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/04/10 21:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/02/15 10:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/22 12:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/21 07:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/12/17 03:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/29 08:47:36 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/11/29 01:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 06:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 03:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/25 22:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/30 03:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 02:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 06:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 06:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 03:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 11:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/04/26 14:26:50 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER)
DRV - [2006/04/26 14:26:48 | 000,128,825 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2005/01/06 21:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {A9673518-BA72-42C0-94C7-70E94D98D7B4}
IE - HKLM\..\SearchScopes\{24A62A83-6394-48FC-BF6C-EF6ABED09DC7}: "URL" = http://www.zumie.com...s={searchTerms}
IE - HKLM\..\SearchScopes\{A9673518-BA72-42C0-94C7-70E94D98D7B4}: "URL" = http://www.google.co...}&sourceid=ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 51 BB 42 40 D3 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {FF55DE2E-1D86-4C2A-BD13-1F4A7483F737}
IE - HKCU\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = http://www.zumie.com...s={searchTerms}
IE - HKCU\..\SearchScopes\{A9673518-BA72-42C0-94C7-70E94D98D7B4}: "URL" = http://www.google.co...z=1I7TSEA_en-GB
IE - HKCU\..\SearchScopes\{FF55DE2E-1D86-4C2A-BD13-1F4A7483F737}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {48C55EF5-050A-11E2-8271-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.9.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: e:\programes\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: e:\programes\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: e:\programes\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NEW\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NEW\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/05/09 00:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/02 19:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/10/07 13:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 14:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 00:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{48C55EF5-050A-11E2-8271-B8AC6F996F26}: C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}\ [2012/09/22 16:07:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\NEW\AppData\Roaming\IDM\idmmzcc3

[2011/01/06 13:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NEW\AppData\Roaming\mozilla\Extensions
[2009/05/15 22:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NEW\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/08/28 20:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions
[2011/01/08 21:23:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/28 20:53:09 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/01/31 11:54:41 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions\[email protected]
[2012/02/14 21:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 09:42:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2008/10/26 11:37:33 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Program Files\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2012/09/22 16:07:48 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\NEW\APPDATA\LOCAL\{48C55EF5-050A-11E2-8271-B8AC6F996F26}
[2012/09/17 14:40:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/02/07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/02/07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/02/07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2007/03/16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2007/03/16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2007/03/16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/02/07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/02/07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/05/04 16:11:52 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/01 13:21:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/04 16:11:52 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 16:11:51 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/01 13:21:08 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 16:11:51 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\NEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16244 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\NEW\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\NEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\NEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120702125053.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TheFreeDictionarycom Toolbar) - {D1E06B91-60E6-4492-AF9F-53043FA32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [adiras] C:\Windows\adiras.exe ()
O4 - HKLM..\Run: [autoclk] autoclk.exe File not found
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [mgpogi] C:\Users\NEW\AppData\Roaming\mgpogi.dll (Windows ® Server 2003 DDK provider)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{764F8048-4CDE-4720-95D6-18E485BF9D52}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A135CA9-C5BF-4A10-B715-73290F96FC29}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26047f74-93c5-11dd-a262-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{26047f74-93c5-11dd-a262-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/07 11:42:48 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3B14BAB0-5939-4D65-935A-9D09B187BB00}
[2012/10/07 11:05:59 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{0EFE2FA1-09EF-4444-8E45-4A6C66927304}
[2012/10/06 08:47:22 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{D0372C8A-BD6D-4E7C-9EF2-1BD529F61636}
[2012/10/05 13:52:43 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{2DFD2255-DC4D-4F6D-8C37-A33EBDD3FD92}
[2012/10/04 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{14CA4C87-8577-4E0E-BE39-0E6C065823A2}
[2012/10/03 16:28:03 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{137270BC-65F6-4B93-A508-2262C6592D24}
[2012/10/02 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{03B5F909-2F63-4E95-B157-493FCBD82FB2}
[2012/10/01 14:16:58 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{B30158B0-C33A-4A77-BCB2-B6C533D1D239}
[2012/09/30 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{B6373F82-D728-41F9-80BB-A99CA0CDA2C1}
[2012/09/30 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{8D62AFFB-08B7-47E2-B7F2-897A8E10CF8C}
[2012/09/29 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{A7F5DF53-F6A3-46F0-B1DB-B4429BB80F36}
[2012/09/29 09:49:47 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{51E8BD52-6F9B-4CF4-98F4-E32564CA8E77}
[2012/09/28 13:51:41 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{457F70AB-9F88-4DC1-B850-D6338FDA15C4}
[2012/09/26 16:41:52 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3BC1F95A-4491-4CED-B21E-D1D8238AB6D7}
[2012/09/25 18:43:11 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{59183A2A-BAD5-454E-B24A-924EF3583AC6}
[2012/09/24 15:08:19 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{CD752E37-547B-4B55-BF68-B43DC8C5D3FD}
[2012/09/23 14:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 14:59:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/23 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{8195B2AB-E11C-48BD-BFD6-53880F65A06B}
[2012/09/22 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}
[2012/09/22 16:07:27 | 000,433,152 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\Users\NEW\AppData\Roaming\mgpogi.dll
[2012/09/22 10:11:39 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3294F04C-BC40-4F75-9B2B-20D027AA21C5}
[2012/09/21 08:15:39 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{AA85DF26-080B-439D-A81C-920406301074}
[2012/09/20 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{7F2BCFB8-C902-4B24-8DA3-72EC782E4891}
[2012/09/19 14:14:03 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{9EBFC3EA-284F-426F-B25E-74771AD73C58}
[2012/09/18 13:58:05 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{5E2641DB-4C58-4AA5-835C-5C2A489A29CC}
[2012/09/17 10:44:53 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{04C12600-990B-406B-9D29-037C5FE52337}
[2012/09/16 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{E6D1C635-BB88-4923-B6C5-5FBB1D290875}
[2012/09/15 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{56BF82A4-F173-4BDC-AB8C-D60BAAC56D8C}
[2012/09/15 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{C23FADE9-F771-40B7-AFD7-C72FD43A958C}
[2012/09/14 14:22:07 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{F010E480-BFDC-49EE-A144-D9BB4E0C62FD}
[2012/09/13 08:39:37 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{BB810E31-63D7-466C-9359-3EC59B67CCFA}
[2012/09/12 14:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/12 14:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/12 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{7975374E-B9FC-444E-8207-DD0B538BC72E}
[2012/09/11 08:24:13 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{2A76CE93-0CFE-458C-904A-D07ED1F5846F}
[2012/09/10 05:58:12 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{43368DE8-7FA2-4F73-B779-6921358A91EB}
[2012/09/09 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{4E2EE8C3-5914-4243-9B94-88D805484FC7}
[2012/09/08 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{60A5BCD3-8622-4F65-B10D-350AFD186AFD}
[2012/09/08 10:09:53 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{A914AD73-9281-4485-B262-E94AE234D6F0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 21:14:01 | 000,000,000 | ---- | M] () -- C:\Users\NEW\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/10/07 20:02:25 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/10/07 19:40:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 19:40:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 19:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1938868486-2373448917-2144510592-1000UA.job
[2012/10/07 18:59:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 18:39:59 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/10/07 18:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 14:59:05 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 14:19:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1938868486-2373448917-2144510592-1000Core.job
[2012/10/07 13:00:00 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012/10/07 12:32:18 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/07 12:32:18 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/01 20:01:44 | 000,005,399 | ---- | M] () -- C:\Users\NEW\Documents\Unofficial_Transcript_Fall2012.pdf
[2012/09/29 12:48:42 | 000,733,309 | ---- | M] () -- C:\Users\NEW\Desktop\Resume Writing 101 updated 4-18-12.pdf
[2012/09/28 19:06:08 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/23 14:59:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 16:09:55 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/09/12 14:44:03 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Users\NEW\AppData\Roaming\bcasxy.dll
[2012/10/07 11:10:17 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/10/01 20:01:43 | 000,005,399 | ---- | C] () -- C:\Users\NEW\Documents\Unofficial_Transcript_Fall2012.pdf
[2012/09/29 12:48:41 | 000,733,309 | ---- | C] () -- C:\Users\NEW\Desktop\Resume Writing 101 updated 4-18-12.pdf
[2012/09/23 14:59:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 16:07:49 | 000,000,000 | ---- | C] () -- C:\Users\NEW\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/12 14:44:03 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/04 11:08:23 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
[2012/06/04 11:06:58 | 000,032,768 | ---- | C] () -- C:\Windows\adiras.exe
[2012/06/04 11:06:58 | 000,000,369 | ---- | C] () -- C:\Windows\adiras.ini
[2012/06/04 11:06:55 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE
[2012/06/04 11:06:29 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2012/06/04 11:06:25 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2012/01/21 20:42:01 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/01/21 20:41:52 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/01/21 20:41:52 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/01/21 20:41:52 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/01/21 20:41:52 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/01/21 20:41:51 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/01/21 20:41:51 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/01/21 20:41:51 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/01/21 20:41:51 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/01/21 20:41:51 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/01/21 20:41:51 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/01/21 20:41:51 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/01/21 20:41:51 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/01/21 20:41:50 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/01/21 20:41:50 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/01/21 20:41:50 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/01/21 20:41:50 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2011/09/23 16:49:53 | 000,000,145 | ---- | C] () -- C:\Users\NEW\.appletviewer
[2009/01/04 10:26:36 | 000,005,864 | ---- | C] () -- C:\Users\NEW\AppData\Local\d3d9caps.dat
[2009/01/02 05:57:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/29 11:18:29 | 000,000,000 | ---- | C] () -- C:\Users\NEW\AppData\Roaming\wklnhst.dat
[2008/10/17 07:42:23 | 000,106,496 | ---- | C] () -- C:\Users\NEW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/09/22 16:07:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$cdac5a76316f865061eec597658c732e\L
[2012/09/22 16:07:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$cdac5a76316f865061eec597658c732e\U
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/24 21:17:26 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\DMCache
[2012/05/09 00:36:00 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\DPlot
[2009/01/15 02:11:52 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\ESET
[2012/10/07 12:39:51 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\FinalMediaPlayer
[2011/01/21 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Helios
[2011/10/31 20:13:40 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\ICAClient
[2009/01/26 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\ldoce4
[2009/06/06 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\LimeWire
[2011/03/19 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Maple
[2008/12/09 02:04:57 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\myphotobook
[2008/10/24 05:59:43 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Nokia
[2008/10/24 06:06:13 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\NSeries
[2008/12/22 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\PC Suite
[2011/09/11 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Roaming
[2008/10/29 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Template
[2011/01/21 15:47:24 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\TextPad
[2008/10/17 07:42:37 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\TOSHIBA
[2012/05/11 16:13:46 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\uTorrent
[2010/07/26 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Video Converter for Any Flv Player
[2011/04/02 18:59:05 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\Windows Live Writer
[2010/06/10 00:49:04 | 000,000,000 | ---D | M] -- C:\Users\NEW\AppData\Roaming\WirelessManager

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/24 16:03:08 | 000,011,245 | ---- | M] ()(C:\Users\NEW\Desktop\???? ???? ????? ?? ??? ?????.docx) -- C:\Users\NEW\Desktop\دعاء لدفع الملل في طلب العلم.docx
[2011/10/24 16:03:05 | 000,011,245 | ---- | C] ()(C:\Users\NEW\Desktop\???? ???? ????? ?? ??? ?????.docx) -- C:\Users\NEW\Desktop\دعاء لدفع الملل في طلب العلم.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B879A65B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Edited by alabadeeb, 07 October 2012 - 10:36 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello alabadeeb and welcome to my office here at G2G! Posted Image

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 2


NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
    O2 - BHO: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (TheFreeDictionarycom Toolbar) - {D1E06B91-60E6-4492-AF9F-53043FA32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
    O33 - MountPoints2\{26047f74-93c5-11dd-a262-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{26047f74-93c5-11dd-a262-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
    [2012/10/07 11:42:48 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3B14BAB0-5939-4D65-935A-9D09B187BB00}
    [2012/10/07 11:05:59 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{0EFE2FA1-09EF-4444-8E45-4A6C66927304}
    [2012/10/06 08:47:22 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{D0372C8A-BD6D-4E7C-9EF2-1BD529F61636}
    [2012/10/05 13:52:43 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{2DFD2255-DC4D-4F6D-8C37-A33EBDD3FD92}
    [2012/10/04 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{14CA4C87-8577-4E0E-BE39-0E6C065823A2}
    [2012/10/03 16:28:03 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{137270BC-65F6-4B93-A508-2262C6592D24}
    [2012/10/02 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{03B5F909-2F63-4E95-B157-493FCBD82FB2}
    [2012/10/01 14:16:58 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{B30158B0-C33A-4A77-BCB2-B6C533D1D239}
    [2012/09/30 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{B6373F82-D728-41F9-80BB-A99CA0CDA2C1}
    [2012/09/30 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{8D62AFFB-08B7-47E2-B7F2-897A8E10CF8C}
    [2012/09/29 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{A7F5DF53-F6A3-46F0-B1DB-B4429BB80F36}
    [2012/09/29 09:49:47 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{51E8BD52-6F9B-4CF4-98F4-E32564CA8E77}
    [2012/09/28 13:51:41 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{457F70AB-9F88-4DC1-B850-D6338FDA15C4}
    [2012/09/26 16:41:52 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3BC1F95A-4491-4CED-B21E-D1D8238AB6D7}
    [2012/09/25 18:43:11 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{59183A2A-BAD5-454E-B24A-924EF3583AC6}
    [2012/09/24 15:08:19 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{CD752E37-547B-4B55-BF68-B43DC8C5D3FD}
    [2012/09/22 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{8195B2AB-E11C-48BD-BFD6-53880F65A06B}
    [2012/09/22 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}
    [2012/09/22 10:11:39 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3294F04C-BC40-4F75-9B2B-20D027AA21C5}
    [2012/09/21 08:15:39 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{AA85DF26-080B-439D-A81C-920406301074}
    [2012/09/20 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{7F2BCFB8-C902-4B24-8DA3-72EC782E4891}
    [2012/09/19 14:14:03 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{9EBFC3EA-284F-426F-B25E-74771AD73C58}
    [2012/09/18 13:58:05 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{5E2641DB-4C58-4AA5-835C-5C2A489A29CC}
    [2012/09/17 10:44:53 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{04C12600-990B-406B-9D29-037C5FE52337}
    [2012/09/16 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{E6D1C635-BB88-4923-B6C5-5FBB1D290875}
    [2012/09/15 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{56BF82A4-F173-4BDC-AB8C-D60BAAC56D8C}
    [2012/09/15 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{C23FADE9-F771-40B7-AFD7-C72FD43A958C}
    [2012/09/14 14:22:07 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{F010E480-BFDC-49EE-A144-D9BB4E0C62FD}
    [2012/09/13 08:39:37 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{BB810E31-63D7-466C-9359-3EC59B67CCFA}
    [2012/09/12 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{7975374E-B9FC-444E-8207-DD0B538BC72E}
    [2012/09/11 08:24:13 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{2A76CE93-0CFE-458C-904A-D07ED1F5846F}
    [2012/09/10 05:58:12 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{43368DE8-7FA2-4F73-B779-6921358A91EB}
    [2012/09/09 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{4E2EE8C3-5914-4243-9B94-88D805484FC7}
    [2012/09/08 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{60A5BCD3-8622-4F65-B10D-350AFD186AFD}
    [2012/09/08 10:09:53 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{A914AD73-9281-4485-B262-E94AE234D6F0}
    [2012/10/07 21:14:01 | 000,000,000 | ---- | M] () -- C:\Users\NEW\AppData\Local\


    :Files
    C:\Users\NEW\AppData\Roaming\bcasxy.dll

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • OTL fix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,
I did what you told me and i hope I did it alright
Here is the combofix log
ComboFix 12-10-04.02 - NEW 07/10/2012 23:29:04.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.44.1033.18.2037.842 [GMT -7:00]
Running from: c:\users\NEW\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR86F.tmp
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\NEW\AppData\Roaming\mgpogi.dll
c:\users\NEW\AppData\Roaming\Roaming
c:\users\NEW\AppData\Roaming\Roaming\ICAClient\webica.ini
c:\windows\system\VI30AUT.DLL
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 06:41 . 2012-10-08 06:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 21:59 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 21:59 . 2012-09-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-22 23:07 . 2012-09-22 23:07 -------- d-----w- c:\users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}
2012-09-21 21:19 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE3CCCDC-42DF-42AA-894E-C0383A4376FF}\mpengine.dll
2012-09-12 22:05 . 2012-09-01 20:21 266720 ----a-w- c:\program files\Mozilla Firefox\updated\components\browsercomps.dll
2012-09-12 22:05 . 2012-09-01 20:21 73696 ----a-w- c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2012-09-12 22:05 . 2012-09-01 20:21 18912 ----a-w- c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-09-12 21:43 . 2012-09-12 21:43 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-09-17 21:40 . 2012-02-15 04:38 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-10-28 23:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d1e06b91-60e6-4492-af9f-53043fa32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1e06b91-60e6-4492-af9f-53043fa32716}]
2011-05-09 09:49 176936 ----a-w- c:\program files\TheFreeDictionarycom\prxtbThe0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d1e06b91-60e6-4492-af9f-53043fa32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D1E06B91-60E6-4492-AF9F-53043FA32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-17 6158240]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-22 1045904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"NDSTray.exe"="NDSTray.exe" [BU]
"adiras"="adiras.exe" [2006-04-26 32768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2012-03-09 4280184]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-17 6158240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
DSLMON.lnk - c:\program files\USB ADSL MODEM\USB ADSL MODEM\dslmon.exe [2012-6-4 933967]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^NEW^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\NEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
2006-04-26 22:12 32768 ----a-w- c:\windows\adiras.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 09:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-05-07 22:50 116648 ----atw- c:\users\NEW\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- e:\longman\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 20:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-03 02:53 273528 ----a-w- e:\programes\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-26 17:26 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-07-27 05:22]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 19:12]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-02 19:12]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938868486-2373448917-2144510592-1000Core.job
- c:\users\NEW\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 22:50]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1938868486-2373448917-2144510592-1000UA.job
- c:\users\NEW\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-07 22:50]
.
2011-03-19 c:\windows\Tasks\hpwebreg_CN0BF3P1ZM05D1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-06-14 23:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\NEW\AppData\Roaming\Mozilla\Firefox\Profiles\zno6vpgl.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-mgpogi - c:\users\NEW\AppData\Roaming\mgpogi.dll
HKLM-Run-autoclk - autoclk.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-autoclk - autoclk.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Toshiba TEMPO - c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-07 23:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1938868486-2373448917-2144510592-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ef,4c,ab,40,a0,20,14,1e,0a,90,b9,3f,e5,9e,ee,28,78,ae,90,55,08,
78,c4,c6,63,02,d0,b4,e3,37,13,5c,a8,29,71,54,13,a2,f4,4c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1938868486-2373448917-2144510592-1000_Classes\CLSID\{8de3bffa-ac0b-49e6-baa2-3961e31ff777}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000051
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8e,2d,71,1a,39,d4,07,12,d1,32,19,9e,1f,e4,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\Toshiba TEMPRO\TemproSvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-10-07 23:53:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-08 06:53
.
Pre-Run: 52,530,397,184 bytes free
Post-Run: 52,619,132,928 bytes free
.
- - End Of File - - 9A6ECD0323145C87933B7125E91F6AB6
  • 0

#4
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And here is the OTL fix log
OTL logfile created on: 08/10/2012 00:11:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NEW\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.04% Memory free
4.21 Gb Paging File | 2.97 Gb Available in Paging File | 70.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 49.07 Gb Free Space | 42.20% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 104.94 Gb Free Space | 91.15% Space Free | Partition Type: NTFS

Computer Name: BC | User Name: NEW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 21:04:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NEW\Downloads\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/21 17:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2009/04/10 23:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/26 08:41:36 | 000,126,976 | ---- | M] () -- C:\Windows\System32\UAService7.exe
PRC - [2008/08/25 06:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/01/29 10:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/25 03:22:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/22 06:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/21 08:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 08:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 08:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/25 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/28 08:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/10/05 03:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/04/26 15:12:02 | 000,933,967 | ---- | M] () -- C:\Program Files\USB ADSL MODEM\USB ADSL MODEM\DSLMON.exe


========== Modules (No Company Name) ==========

MOD - [2007/12/25 04:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 13:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/12/14 13:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/09/13 06:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/01 10:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/10 03:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 03:57:04 | 000,053,248 | ---- | M] () -- c:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2006/04/26 15:12:04 | 000,069,632 | ---- | M] () -- C:\Program Files\USB ADSL MODEM\USB ADSL MODEM\languages\English.dll
MOD - [2006/04/26 15:12:02 | 000,933,967 | ---- | M] () -- C:\Program Files\USB ADSL MODEM\USB ADSL MODEM\DSLMON.exe


========== Services (SafeList) ==========

SRV - [2012/09/17 14:40:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/04/21 17:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2008/12/26 08:41:36 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2008/08/25 06:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/01/21 08:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 08:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 05:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 09:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 09:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/28 08:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/05 03:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 08:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [1998/06/05 14:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/04/10 21:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/02/15 10:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/22 12:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/21 07:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/12/17 03:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/29 08:47:36 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/11/29 01:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 06:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 03:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/25 22:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/30 03:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 02:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 06:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 06:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 03:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 11:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/04/26 14:26:50 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER)
DRV - [2006/04/26 14:26:48 | 000,128,825 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2005/01/06 21:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [1999/09/10 04:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {A9673518-BA72-42C0-94C7-70E94D98D7B4}
IE - HKLM\..\SearchScopes\{24A62A83-6394-48FC-BF6C-EF6ABED09DC7}: "URL" = http://www.zumie.com...s={searchTerms}
IE - HKLM\..\SearchScopes\{A9673518-BA72-42C0-94C7-70E94D98D7B4}: "URL" = http://www.google.co...}&sourceid=ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 51 BB 42 40 D3 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {FF55DE2E-1D86-4C2A-BD13-1F4A7483F737}
IE - HKCU\..\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E}: "URL" = http://www.zumie.com...s={searchTerms}
IE - HKCU\..\SearchScopes\{A9673518-BA72-42C0-94C7-70E94D98D7B4}: "URL" = http://www.google.co...z=1I7TSEA_en-GB
IE - HKCU\..\SearchScopes\{FF55DE2E-1D86-4C2A-BD13-1F4A7483F737}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {48C55EF5-050A-11E2-8271-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.9.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: e:\programes\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: e:\programes\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: e:\programes\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NEW\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NEW\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/05/09 00:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/02 19:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/10/08 00:10:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/17 14:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 00:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{48C55EF5-050A-11E2-8271-B8AC6F996F26}: C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}\ [2012/09/22 16:07:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\NEW\AppData\Roaming\IDM\idmmzcc3

[2011/01/06 13:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NEW\AppData\Roaming\mozilla\Extensions
[2009/05/15 22:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NEW\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/08/28 20:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions
[2011/01/08 21:23:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/28 20:53:09 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/01/31 11:54:41 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\NEW\AppData\Roaming\mozilla\Firefox\Profiles\zno6vpgl.default\extensions\[email protected]
[2012/02/14 21:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 09:42:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2008/10/26 11:37:33 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Program Files\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2012/09/22 16:07:48 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\NEW\APPDATA\LOCAL\{48C55EF5-050A-11E2-8271-B8AC6F996F26}
[2012/09/17 14:40:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/02/07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/02/07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/02/07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2007/03/16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2007/03/16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2007/03/16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/02/07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/02/07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/05/04 16:11:52 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/01 13:21:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/04 16:11:52 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 16:11:51 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/01 13:21:08 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 16:11:51 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\NEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16244 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\NEW\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\NEW\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\NEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\NEW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/10/07 23:44:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120702125053.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TheFreeDictionarycom Toolbar) - {D1E06B91-60E6-4492-AF9F-53043FA32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [adiras] C:\Windows\adiras.exe ()
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{764F8048-4CDE-4720-95D6-18E485BF9D52}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A135CA9-C5BF-4A10-B715-73290F96FC29}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 00:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/07 23:53:32 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\temp
[2012/10/07 23:45:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/07 23:26:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/07 23:26:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/07 23:26:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/07 23:17:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/07 23:17:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/07 23:06:43 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\NEW\Desktop\ComboFix.exe
[2012/10/07 11:42:48 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3B14BAB0-5939-4D65-935A-9D09B187BB00}
[2012/10/07 11:05:59 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{0EFE2FA1-09EF-4444-8E45-4A6C66927304}
[2012/10/06 08:47:22 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{D0372C8A-BD6D-4E7C-9EF2-1BD529F61636}
[2012/10/05 13:52:43 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{2DFD2255-DC4D-4F6D-8C37-A33EBDD3FD92}
[2012/10/04 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{14CA4C87-8577-4E0E-BE39-0E6C065823A2}
[2012/10/03 16:28:03 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{137270BC-65F6-4B93-A508-2262C6592D24}
[2012/10/02 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{03B5F909-2F63-4E95-B157-493FCBD82FB2}
[2012/10/01 14:16:58 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{B30158B0-C33A-4A77-BCB2-B6C533D1D239}
[2012/09/30 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{B6373F82-D728-41F9-80BB-A99CA0CDA2C1}
[2012/09/30 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{8D62AFFB-08B7-47E2-B7F2-897A8E10CF8C}
[2012/09/29 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{A7F5DF53-F6A3-46F0-B1DB-B4429BB80F36}
[2012/09/29 09:49:47 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{51E8BD52-6F9B-4CF4-98F4-E32564CA8E77}
[2012/09/28 13:51:41 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{457F70AB-9F88-4DC1-B850-D6338FDA15C4}
[2012/09/26 16:41:52 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3BC1F95A-4491-4CED-B21E-D1D8238AB6D7}
[2012/09/25 18:43:11 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{59183A2A-BAD5-454E-B24A-924EF3583AC6}
[2012/09/24 15:08:19 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{CD752E37-547B-4B55-BF68-B43DC8C5D3FD}
[2012/09/23 14:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 14:59:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/23 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{8195B2AB-E11C-48BD-BFD6-53880F65A06B}
[2012/09/22 20:52:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 20:52:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 20:52:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 20:52:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 20:52:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 20:52:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 20:52:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 20:52:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}
[2012/09/22 10:11:39 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{3294F04C-BC40-4F75-9B2B-20D027AA21C5}
[2012/09/21 08:15:39 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{AA85DF26-080B-439D-A81C-920406301074}
[2012/09/20 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{7F2BCFB8-C902-4B24-8DA3-72EC782E4891}
[2012/09/19 14:14:03 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{9EBFC3EA-284F-426F-B25E-74771AD73C58}
[2012/09/18 13:58:05 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{5E2641DB-4C58-4AA5-835C-5C2A489A29CC}
[2012/09/17 10:44:53 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{04C12600-990B-406B-9D29-037C5FE52337}
[2012/09/16 10:44:13 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{E6D1C635-BB88-4923-B6C5-5FBB1D290875}
[2012/09/15 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{56BF82A4-F173-4BDC-AB8C-D60BAAC56D8C}
[2012/09/15 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{C23FADE9-F771-40B7-AFD7-C72FD43A958C}
[2012/09/14 14:22:07 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{F010E480-BFDC-49EE-A144-D9BB4E0C62FD}
[2012/09/13 08:39:37 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{BB810E31-63D7-466C-9359-3EC59B67CCFA}
[2012/09/12 14:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/12 14:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/12 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{7975374E-B9FC-444E-8207-DD0B538BC72E}
[2012/09/11 08:24:13 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{2A76CE93-0CFE-458C-904A-D07ED1F5846F}
[2012/09/10 05:58:12 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{43368DE8-7FA2-4F73-B779-6921358A91EB}
[2012/09/09 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{4E2EE8C3-5914-4243-9B94-88D805484FC7}
[2012/09/08 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{60A5BCD3-8622-4F65-B10D-350AFD186AFD}
[2012/09/08 10:09:53 | 000,000,000 | ---D | C] -- C:\Users\NEW\AppData\Local\{A914AD73-9281-4485-B262-E94AE234D6F0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 00:19:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1938868486-2373448917-2144510592-1000UA.job
[2012/10/08 00:11:57 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/08 00:11:57 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/08 00:11:14 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/10/08 00:07:13 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 00:07:05 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/10/08 00:06:27 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/10/08 00:06:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 00:06:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 00:06:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 00:02:47 | 000,000,104 | ---- | M] () -- C:\Users\NEW\Desktop\The Internet - Shortcut.lnk
[2012/10/07 23:59:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 23:44:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/07 23:39:37 | 000,000,000 | ---- | M] () -- C:\Users\NEW\AppData\Local\
[2012/10/07 23:06:50 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\NEW\Desktop\ComboFix.exe
[2012/10/07 14:19:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1938868486-2373448917-2144510592-1000Core.job
[2012/10/01 20:01:44 | 000,005,399 | ---- | M] () -- C:\Users\NEW\Documents\Unofficial_Transcript_Fall2012.pdf
[2012/09/29 12:48:42 | 000,733,309 | ---- | M] () -- C:\Users\NEW\Desktop\Resume Writing 101 updated 4-18-12.pdf
[2012/09/28 19:06:08 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/23 14:59:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 14:44:03 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 00:02:47 | 000,000,104 | ---- | C] () -- C:\Users\NEW\Desktop\The Internet - Shortcut.lnk
[2012/10/07 23:26:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/07 23:26:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/07 23:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/07 23:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/07 23:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/07 11:10:17 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/10/01 20:01:43 | 000,005,399 | ---- | C] () -- C:\Users\NEW\Documents\Unofficial_Transcript_Fall2012.pdf
[2012/09/29 12:48:41 | 000,733,309 | ---- | C] () -- C:\Users\NEW\Desktop\Resume Writing 101 updated 4-18-12.pdf
[2012/09/23 14:59:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 16:07:49 | 000,000,000 | ---- | C] () -- C:\Users\NEW\AppData\Local\
[2012/09/12 14:44:03 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/04 11:08:23 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
[2012/06/04 11:06:58 | 000,032,768 | ---- | C] () -- C:\Windows\adiras.exe
[2012/06/04 11:06:58 | 000,000,369 | ---- | C] () -- C:\Windows\adiras.ini
[2012/06/04 11:06:55 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE
[2012/06/04 11:06:29 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2012/06/04 11:06:25 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2012/01/21 20:42:01 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/01/21 20:41:52 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/01/21 20:41:52 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/01/21 20:41:52 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/01/21 20:41:52 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/01/21 20:41:51 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/01/21 20:41:51 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/01/21 20:41:51 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/01/21 20:41:51 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/01/21 20:41:51 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/01/21 20:41:51 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/01/21 20:41:51 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/01/21 20:41:51 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/01/21 20:41:50 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/01/21 20:41:50 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/01/21 20:41:50 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/01/21 20:41:50 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2011/09/23 16:49:53 | 000,000,145 | ---- | C] () -- C:\Users\NEW\.appletviewer
[2009/01/04 10:26:36 | 000,005,864 | ---- | C] () -- C:\Users\NEW\AppData\Local\d3d9caps.dat
[2009/01/02 05:57:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/29 11:18:29 | 000,000,000 | ---- | C] () -- C:\Users\NEW\AppData\Roaming\wklnhst.dat
[2008/10/17 07:42:23 | 000,106,496 | ---- | C] () -- C:\Users\NEW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2011/10/24 16:03:08 | 000,011,245 | ---- | M] ()(C:\Users\NEW\Desktop\???? ???? ????? ?? ??? ?????.docx) -- C:\Users\NEW\Desktop\???? ???? ????? ?? ??? ?????.docx
[2011/10/24 16:03:05 | 000,011,245 | ---- | C] ()(C:\Users\NEW\Desktop\???? ???? ????? ?? ??? ?????.docx) -- C:\Users\NEW\Desktop\???? ???? ????? ?? ??? ?????.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B879A65B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >



Thanks for the Help
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi alabadeeb,

You clicked wrong button in Step 2. You must click Run Fix button. Please read my instructions one more time and do Step 2 again.
  • 0

#6
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry I posted the wrong log
Here is the right one
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d1e06b91-60e6-4492-af9f-53043fa32716} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e06b91-60e6-4492-af9f-53043fa32716}\ deleted successfully.
C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d1e06b91-60e6-4492-af9f-53043fa32716} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e06b91-60e6-4492-af9f-53043fa32716}\ not found.
File C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1e06b91-60e6-4492-af9f-53043fa32716}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e06b91-60e6-4492-af9f-53043fa32716}\ not found.
File C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d1e06b91-60e6-4492-af9f-53043fa32716} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e06b91-60e6-4492-af9f-53043fa32716}\ not found.
File C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D1E06B91-60E6-4492-AF9F-53043FA32716} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1E06B91-60E6-4492-AF9F-53043FA32716}\ not found.
File C:\Program Files\TheFreeDictionarycom\prxtbThe0.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26047f74-93c5-11dd-a262-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26047f74-93c5-11dd-a262-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26047f74-93c5-11dd-a262-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26047f74-93c5-11dd-a262-806e6f6e6963}\ not found.
File F:\SETUP.EXE not found.
C:\Users\NEW\AppData\Local\{3B14BAB0-5939-4D65-935A-9D09B187BB00} folder moved successfully.
C:\Users\NEW\AppData\Local\{0EFE2FA1-09EF-4444-8E45-4A6C66927304} folder moved successfully.
C:\Users\NEW\AppData\Local\{D0372C8A-BD6D-4E7C-9EF2-1BD529F61636} folder moved successfully.
C:\Users\NEW\AppData\Local\{2DFD2255-DC4D-4F6D-8C37-A33EBDD3FD92} folder moved successfully.
C:\Users\NEW\AppData\Local\{14CA4C87-8577-4E0E-BE39-0E6C065823A2} folder moved successfully.
C:\Users\NEW\AppData\Local\{137270BC-65F6-4B93-A508-2262C6592D24} folder moved successfully.
C:\Users\NEW\AppData\Local\{03B5F909-2F63-4E95-B157-493FCBD82FB2} folder moved successfully.
C:\Users\NEW\AppData\Local\{B30158B0-C33A-4A77-BCB2-B6C533D1D239} folder moved successfully.
C:\Users\NEW\AppData\Local\{B6373F82-D728-41F9-80BB-A99CA0CDA2C1} folder moved successfully.
C:\Users\NEW\AppData\Local\{8D62AFFB-08B7-47E2-B7F2-897A8E10CF8C} folder moved successfully.
C:\Users\NEW\AppData\Local\{A7F5DF53-F6A3-46F0-B1DB-B4429BB80F36} folder moved successfully.
C:\Users\NEW\AppData\Local\{51E8BD52-6F9B-4CF4-98F4-E32564CA8E77} folder moved successfully.
C:\Users\NEW\AppData\Local\{457F70AB-9F88-4DC1-B850-D6338FDA15C4} folder moved successfully.
C:\Users\NEW\AppData\Local\{3BC1F95A-4491-4CED-B21E-D1D8238AB6D7} folder moved successfully.
C:\Users\NEW\AppData\Local\{59183A2A-BAD5-454E-B24A-924EF3583AC6} folder moved successfully.
C:\Users\NEW\AppData\Local\{CD752E37-547B-4B55-BF68-B43DC8C5D3FD} folder moved successfully.
C:\Users\NEW\AppData\Local\{8195B2AB-E11C-48BD-BFD6-53880F65A06B} folder moved successfully.
C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}\chrome\content folder moved successfully.
C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26}\chrome folder moved successfully.
C:\Users\NEW\AppData\Local\{48C55EF5-050A-11E2-8271-B8AC6F996F26} folder moved successfully.
C:\Users\NEW\AppData\Local\{3294F04C-BC40-4F75-9B2B-20D027AA21C5} folder moved successfully.
C:\Users\NEW\AppData\Local\{AA85DF26-080B-439D-A81C-920406301074} folder moved successfully.
C:\Users\NEW\AppData\Local\{7F2BCFB8-C902-4B24-8DA3-72EC782E4891} folder moved successfully.
C:\Users\NEW\AppData\Local\{9EBFC3EA-284F-426F-B25E-74771AD73C58} folder moved successfully.
C:\Users\NEW\AppData\Local\{5E2641DB-4C58-4AA5-835C-5C2A489A29CC} folder moved successfully.
C:\Users\NEW\AppData\Local\{04C12600-990B-406B-9D29-037C5FE52337} folder moved successfully.
C:\Users\NEW\AppData\Local\{E6D1C635-BB88-4923-B6C5-5FBB1D290875} folder moved successfully.
C:\Users\NEW\AppData\Local\{56BF82A4-F173-4BDC-AB8C-D60BAAC56D8C} folder moved successfully.
C:\Users\NEW\AppData\Local\{C23FADE9-F771-40B7-AFD7-C72FD43A958C} folder moved successfully.
C:\Users\NEW\AppData\Local\{F010E480-BFDC-49EE-A144-D9BB4E0C62FD} folder moved successfully.
C:\Users\NEW\AppData\Local\{BB810E31-63D7-466C-9359-3EC59B67CCFA} folder moved successfully.
C:\Users\NEW\AppData\Local\{7975374E-B9FC-444E-8207-DD0B538BC72E} folder moved successfully.
C:\Users\NEW\AppData\Local\{2A76CE93-0CFE-458C-904A-D07ED1F5846F} folder moved successfully.
C:\Users\NEW\AppData\Local\{43368DE8-7FA2-4F73-B779-6921358A91EB} folder moved successfully.
C:\Users\NEW\AppData\Local\{4E2EE8C3-5914-4243-9B94-88D805484FC7} folder moved successfully.
C:\Users\NEW\AppData\Local\{60A5BCD3-8622-4F65-B10D-350AFD186AFD} folder moved successfully.
C:\Users\NEW\AppData\Local\{A914AD73-9281-4485-B262-E94AE234D6F0} folder moved successfully.
C:\Users\NEW\AppData\Local\ moved successfully.
========== FILES ==========
File\Folder C:\Users\NEW\AppData\Roaming\bcasxy.dll not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_141756
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Before we continue can you tell me your current problems?
  • 0

#8
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
these two days I haven't had any problems,if anything came up I will let you know
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#10
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,
Sorry I have been busy for these couple of days. Can you give me a 2 days extension to do what u asked me and post the log?

Thanks for your help
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi alabadeeb,

Thank you for letting me know. I'll be here. Post log when you done scan.
  • 0

#12
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,
After scaning the computer with Kaspersky virus removal it says that there were no threats detected
Capture.JPG

So I was unable to find the detected threats log
Capture2.JPG


Thank you
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi alabadeeb,

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendors patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#14
alabadeeb

alabadeeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thank you so much for your help. May I ask what was the problem with the computer?

Thanks again
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You had variant of ZeroAccess botnet with some other leftovers on you web browsers that we cleaned.

Glad I could help :thumbsup:

Goodbye and stay safe!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP