Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow System - infected while my firewall was down? [Solved]


  • Please log in to reply

#1
buice

buice

    Member

  • Member
  • PipPip
  • 84 posts
Hello, I'm having some internet performance issues (pages are very slow to load, sometimes everything will stop loading until I hear the fan kick up, etc - I do not have these issues using another machine on the same network). I suspect that my machine may have been infected while the firewall was down (Online Armor - it's back up now) for a while and someone else was using my machine.

OTL logfile created on: 4/26/2012 9:23:02 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Stamppot\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.65% Memory free
7.74 Gb Paging File | 5.76 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.68 Gb Total Space | 239.27 Gb Free Space | 83.17% Space Free | Partition Type: NTFS

Computer Name: STAMPPOT-PC | User Name: Stamppot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 21:11:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stamppot\Desktop\OTL\OTL.exe
PRC - [2012/03/19 22:45:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 23:22:16 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/06/05 09:03:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/08/27 18:22:00 | 002,356,848 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2010/08/27 18:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2010/08/27 18:21:58 | 000,969,944 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2010/08/27 18:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2003/08/29 22:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 14:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/14 08:15:22 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/03/19 22:45:55 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/29 04:23:42 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/29 04:23:33 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/05 21:21:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2003/08/29 22:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 14:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/14 08:15:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/13 23:22:16 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 17:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/09/01 18:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/27 18:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/08/27 18:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 22:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/27 18:22:16 | 000,032,728 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 12:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 20:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/08/27 18:22:36 | 000,054,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2010/08/27 18:22:16 | 000,037,872 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2010/08/27 18:22:14 | 000,053,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AF58695A-3854-4A4C-BFA9-D6AE61862BAF}
IE:64bit: - HKLM\..\SearchScopes\{AF58695A-3854-4A4C-BFA9-D6AE61862BAF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {A040139A-9FF0-49C2-A31C-8ABECE589042}
IE - HKLM\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\..\SearchScopes,DefaultScope = {3BE3DA78-EA4F-44E4-AD26-C6F641CDB248}
IE - HKCU\..\SearchScopes\{3BE3DA78-EA4F-44E4-AD26-C6F641CDB248}: "URL" = http://www.google.co...1I7TSNA_enUS401
IE - HKCU\..\SearchScopes\{7198829E-5455-441A-AF49-B0971AD12E24}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 14:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/05 09:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 22:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/03 15:25:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 14:18:56 | 000,000,000 | ---D | M]

[2010/10/12 00:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Extensions
[2012/03/02 10:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\6fifznt0.default\extensions
[2012/03/02 10:04:28 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\6fifznt0.default\extensions\[email protected]
[2012/01/03 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/16 15:07:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/19 22:45:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/27 00:12:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/10/24 15:27:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/27 00:12:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\OAui.exe (Emsi Software GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E895CAFD-2B11-4838-B24E-C30C87F23C0B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\OTL
[2012/04/22 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{B8CCE964-991D-4EF1-AA53-1C5569AB74BD}
[2012/04/22 19:16:13 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{ACC6F600-18C7-426B-9DCB-D0860B7797E5}
[2012/04/22 17:51:43 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{75D2438B-0B80-4DB8-813F-6FB49409D257}
[2012/04/22 17:51:21 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{190ADBA3-4C52-47E2-BA7D-00712216D487}
[2012/04/22 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{4F0886FD-99A6-428B-BC7F-A391A80C06A8}
[2012/04/22 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{1D10AF8E-7952-4424-9EFE-062590D0C7DC}
[2012/04/22 16:05:34 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{526DEC6F-D627-4A16-BDE9-DE5C10BBBEFE}
[2012/04/22 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\Ama Bday
[2012/04/10 22:24:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/26 21:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 21:01:30 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/26 21:01:30 | 000,626,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/26 21:01:30 | 000,107,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/26 21:00:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/24 07:37:01 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 07:37:01 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 07:28:43 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 09:57:33 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2011/02/20 19:26:29 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/14 14:07:05 | 000,207,034 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/11/06 14:53:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 01:11:30 | 000,054,896 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2010/10/12 01:11:30 | 000,053,840 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys

========== LOP Check ==========

[2010/10/12 01:14:00 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\OnlineArmor
[2012/03/24 14:06:30 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Opera
[2012/04/22 16:16:58 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\PamFax Office Integrations
[2010/12/18 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Scendix Software
[2010/12/18 17:56:18 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Softland
[2011/07/04 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\SumatraPDF
[2010/10/30 13:28:40 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Tific
[2012/02/29 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Toshiba
[2010/10/12 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\WinBatch
[2011/01/19 11:25:47 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Windows Live Writer
[2011/04/30 08:33:09 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi buice, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Because it's been a few days, I'd like you to run a custom OTL scan to see if there were any changes.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Select LOP Check and Purity Check.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
  • 0

#3
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thank you for the reply! Here are the three logs you requested. Note that I had to run the second scan twice, because my machine restarted itself during the first attempt.

OTL logfile created on: 4/29/2012 6:50:01 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Stamppot\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.65% Memory free
7.74 Gb Paging File | 5.78 Gb Available in Paging File | 74.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.68 Gb Total Space | 238.50 Gb Free Space | 82.91% Space Free | Partition Type: NTFS

Computer Name: STAMPPOT-PC | User Name: Stamppot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 21:11:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stamppot\Desktop\OTL\OTL.exe
PRC - [2012/01/13 23:22:16 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/06/05 09:03:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/04/30 08:52:06 | 004,442,552 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/08/27 18:22:00 | 002,356,848 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2010/08/27 18:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2010/08/27 18:21:58 | 000,969,944 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2010/08/27 18:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2003/08/29 22:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 14:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/29 04:23:42 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/29 04:23:33 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/05 21:21:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2003/08/29 22:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 14:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/14 08:15:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/13 23:22:16 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/22 17:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/09/01 18:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/27 18:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/08/27 18:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 22:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/27 18:22:16 | 000,032,728 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 12:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 20:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/08/27 18:22:36 | 000,054,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2010/08/27 18:22:16 | 000,037,872 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2010/08/27 18:22:14 | 000,053,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AF58695A-3854-4A4C-BFA9-D6AE61862BAF}
IE:64bit: - HKLM\..\SearchScopes\{AF58695A-3854-4A4C-BFA9-D6AE61862BAF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {A040139A-9FF0-49C2-A31C-8ABECE589042}
IE - HKLM\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes,DefaultScope = {3BE3DA78-EA4F-44E4-AD26-C6F641CDB248}
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes\{3BE3DA78-EA4F-44E4-AD26-C6F641CDB248}: "URL" = http://www.google.co...1I7TSNA_enUS401
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes\{7198829E-5455-441A-AF49-B0971AD12E24}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 14:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/05 09:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 22:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/03 15:25:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 14:18:56 | 000,000,000 | ---D | M]

[2010/10/12 00:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Extensions
[2012/04/27 18:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\6fifznt0.default\extensions
[2012/03/02 10:04:28 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\6fifznt0.default\extensions\[email protected]
[2012/01/03 15:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/16 15:07:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/19 22:45:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/27 00:12:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/10/24 15:27:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/27 00:12:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\OAui.exe (Emsi Software GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E895CAFD-2B11-4838-B24E-C30C87F23C0B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/04/27 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\Shuttle
[2012/04/27 19:48:03 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Roaming\HPAppData
[2012/04/26 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\OTL
[2012/04/22 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{B8CCE964-991D-4EF1-AA53-1C5569AB74BD}
[2012/04/22 19:16:13 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{ACC6F600-18C7-426B-9DCB-D0860B7797E5}
[2012/04/22 17:51:43 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{75D2438B-0B80-4DB8-813F-6FB49409D257}
[2012/04/22 17:51:21 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{190ADBA3-4C52-47E2-BA7D-00712216D487}
[2012/04/22 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{4F0886FD-99A6-428B-BC7F-A391A80C06A8}
[2012/04/22 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{1D10AF8E-7952-4424-9EFE-062590D0C7DC}
[2012/04/22 16:05:34 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{526DEC6F-D627-4A16-BDE9-DE5C10BBBEFE}
[2012/04/22 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\Ama Bday
[2012/04/10 22:25:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/10 22:25:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/10 22:25:40 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/10 22:25:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/10 22:25:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/10 22:25:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/10 22:25:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/10 22:25:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/10 22:25:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/10 22:25:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/10 22:25:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/10 22:25:11 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/10 22:25:10 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/10 22:25:10 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/10 22:24:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/10 22:21:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/10 22:21:32 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/10 22:21:31 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/01 18:54:45 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 09:57:27 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/03/19 19:06:07 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{BF3ABF6C-13DC-4BC3-90E5-82FE5CC62CF3}
[2012/03/19 19:05:57 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{8B993626-EDF5-437D-A248-3172739541A0}
[2012/03/19 19:00:19 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\CustomShirts
[2012/03/13 22:13:34 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/13 22:13:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/13 22:13:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/13 22:13:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/13 22:13:06 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/13 22:13:06 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/04/29 18:49:31 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/29 18:49:31 | 000,626,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/29 18:49:31 | 000,107,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/29 18:48:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/29 18:32:44 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 07:37:01 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 07:37:01 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 07:28:43 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 08:15:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 08:15:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 08:14:36 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/19 22:43:11 | 000,425,496 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/06 02:53:37 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/06 01:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/06 01:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/03/01 02:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/03/01 02:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 09:57:33 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2011/02/20 19:26:29 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/14 14:07:05 | 000,207,034 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/11/06 14:53:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 01:11:30 | 000,054,896 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2010/10/12 01:11:30 | 000,053,840 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys

========== LOP Check ==========

[2010/10/12 01:14:00 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\OnlineArmor
[2012/03/24 14:06:30 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Opera
[2012/04/29 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\PamFax Office Integrations
[2010/12/18 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Scendix Software
[2010/12/18 17:56:18 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Softland
[2011/07/04 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\SumatraPDF
[2010/10/30 13:28:40 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Tific
[2012/02/29 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Toshiba
[2010/10/12 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\WinBatch
[2011/01/19 11:25:47 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Windows Live Writer
[2011/04/30 08:33:09 | 000,032,620 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: STAMPPOT-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C TI105847W0F NTFS Partition 287 GB Healthy Boot
Volume 2 System NTFS Partition 1500 MB Healthy Hidden

< End of report >









OTL Extras logfile created on: 4/29/2012 6:50:01 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Stamppot\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.65% Memory free
7.74 Gb Paging File | 5.78 Gb Available in Paging File | 74.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.68 Gb Total Space | 238.50 Gb Free Space | 82.91% Space Free | Partition Type: NTFS

Computer Name: STAMPPOT-PC | User Name: Stamppot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA39199-328C-454D-B24A-322ED7E569E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{112E4BBC-B3A8-4FD6-93C2-05FEC7F52925}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1450CEE6-806A-4D03-B9E8-5658B005C247}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{211B020E-6328-4E12-97F4-01359164A680}" = lport=139 | protocol=6 | dir=in | app=system |
"{25768B90-D50C-42B1-B67E-3CA4F94643CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32901AD3-98E8-4E09-9442-44AD2B24226A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{452761D7-EE31-48E4-931D-F4546A6B7820}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57C4D776-4F09-4431-9AF8-E38ED4715F05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60193881-C3D1-4F57-8213-9C050E68043D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{6FBD37DE-2CB5-417D-B593-FD2F0B931B18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7223A510-769B-423B-B703-34B955CE4950}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80034AD9-0024-499A-81D3-66A9951FF055}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F929CC9-EEEA-4622-B99C-A35638FD7B68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{97B775BD-1664-4537-9E98-5E2AE5EE5F33}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B1FAE84-4B0A-4CA0-AC06-8285C62BFB72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A728165C-6C46-4EA5-8484-BA9EE676E931}" = rport=139 | protocol=6 | dir=out | app=system |
"{B50643AC-73EA-41B8-9388-D278010E6B27}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6B10CA5-7A52-40BF-8472-5D2DF00B5E34}" = lport=137 | protocol=17 | dir=in | app=system |
"{BBC3D4D0-BFF0-4A36-B09E-D2BCD98D8E8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C0C145BB-1CBC-43B9-A334-27982022A3D8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5674E2E-6706-47FB-AFD6-E9462E33179F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{CADDC899-161B-4CED-AA0D-00A1E5C489C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC01A808-1B5E-4A47-A783-D86382BDF9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D179B4E2-6896-4650-A906-81F602C59988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EE7AED6D-D3ED-4029-9CDF-328CFC68B224}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F07796A1-B7D6-46FB-8E95-D1E32D114D85}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC3C5355-4A23-4750-8D0B-1BF94C370BA6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AC266A-0319-4F08-80CC-C369EF83B715}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{059A6D8F-089E-4390-AD51-2F4569F66859}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{063032AF-8982-4004-92F1-1C87E6F41E48}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{080AA088-D37E-497F-801C-355B9B44021A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{0B062990-A6E9-4C74-B63D-A82F260D3264}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0B5E15DF-160F-48D1-96F6-0556588B3467}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DFEAB9B-FE32-4966-BE12-3677CBC9A47C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0FB09A56-C570-4F86-A33B-6CDFF23C6840}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{114FF878-B7D4-4E8F-B99A-1C6252092BB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{1370730A-5D37-4EAA-8FE3-E37EE4E44B4D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{144ED007-1FF2-44CF-B49B-9F3370EE84F7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1F20F0F8-5F16-4618-BE37-6AAFC118E5D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{28FD2C56-A52E-438C-AC06-19884C6C36B8}" = protocol=58 | dir=out | [email protected],-28546 |
"{2E466822-25D7-4E2E-9E75-2FBA01051C11}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3913D661-B6AC-4B66-A088-CFA3FFEF988F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3AA50B23-49C1-4E47-97DA-A74B29A47EA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{43A9F0BB-4F1A-491C-BBCA-3664FBD3D2BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48E8AE95-9BFC-44B4-AB1F-F0E8E3EC60B3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5002A72B-C424-463C-8C21-898C9530E938}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5978C443-81D3-4DCB-89DD-F72B5D64FE03}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F9ADCDE-58DE-4F2C-B84C-82216544B0FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B0EF29B-A84D-49B7-9AEE-C8FBCB370143}" = protocol=6 | dir=out | app=system |
"{70C97E34-A027-429C-B525-4CEDF955CBF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BDFB86E-7030-4022-A996-CA28C1BC4030}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{7CC0D8F7-9C51-47E2-A8AD-F83DB616C260}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7DC48AFB-A208-486C-8F31-87F59FED4AD4}" = protocol=1 | dir=out | [email protected],-28544 |
"{8D7AFE6F-3AFE-4579-AB38-BA64E9E3CDC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D7E81F4-4BF5-4048-AE6F-FA377F554AC2}" = protocol=58 | dir=in | [email protected],-28545 |
"{9BC9ADA0-FDC2-46ED-BD41-46925CCA6849}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2B6099D-2A81-4E9D-9E51-E8B80C93F342}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{A4DBF35F-1082-4270-89AC-30279BDF1E06}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AF30F9FB-6D17-491B-9F2B-2BD2DD0FC4B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{B198D491-D8F9-4092-890E-8BFF31BDE19D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{BA0294E4-747B-41B0-8B00-506F9F9DD4EF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D341D99C-B9B1-4FF9-BCB9-76F1B9266C6D}" = protocol=1 | dir=in | [email protected],-28543 |
"{D35864DC-7B4A-4B03-AD33-2BBA7257ADE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA53F289-DC56-4CC7-9495-03ABCFBBEDF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E8831881-B883-4F61-B5B4-BD8437A1C195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8DD5518-41FA-432A-A4EA-02034471D64C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{ECA357E1-1991-4326-A10B-A9AA9CE2F6DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F15B6F45-08BF-4BA9-A19F-1AB62B58BE3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F1CBD77B-79AA-403B-AF1D-2E5E9B243641}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F261F978-D9F0-4C88-B664-6CD296CF6F41}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBF679BA-8CE6-459F-BC0F-EA16DB74B1B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{FD02BF2C-F1A5-4009-9C91-45D2AB690CE9}" = dir=in | app=d:\setup\hpznui40.exe |
"TCP Query User{3D56F5C7-CFF0-472A-9570-2BC8A8DFDDEF}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{60679332-F8BD-439F-A042-339752435ACE}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{107CDD66-ED13-44C8-B392-D295B66AB6E8}_is1" = PamFax 3.0.0.3
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BDD6642-76D6-49F7-9157-6100E5C75B97}" = Vz In Home Agent
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF2293F-A286-4891-97F8-6C6079FACCD0}" = PamFax Office Integration
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F06E4CBA-ABAD-4F6A-A793-9A29CD3C5FC2}_is1" = PamFax Office Integration
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineArmor_is1" = Online Armor 4.5
"Opera 11.61.1250" = Opera 11.61
"RealPlayer 12.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"SumatraPDF" = SumatraPDF
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT083969" = Virtual Families
"WT084018" = FATE - The Traitor Soul

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Perler" = Perler

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2012 7:06:54 AM | Computer Name = Stamppot-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Eraser Control driver. System Error: The system cannot find the
file specified. .

Error - 4/10/2012 3:29:44 PM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/10/2012 3:31:23 PM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files (x86)\PamFax\office
integration\adxloader.dll.Manifest".Error in manifest or policy file "c:\program
files (x86)\PamFax\office integration\adxloader.dll.Manifest" on line 2. The manifest
file root element must be assembly.

Error - 4/16/2012 7:47:54 AM | Computer Name = Stamppot-PC | Source = oasrv.exe | ID = 0
Description =

Error - 4/16/2012 11:32:58 PM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/16/2012 11:34:36 PM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files (x86)\PamFax\office
integration\adxloader.dll.Manifest".Error in manifest or policy file "c:\program
files (x86)\PamFax\office integration\adxloader.dll.Manifest" on line 2. The manifest
file root element must be assembly.

Error - 4/18/2012 1:39:45 AM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/18/2012 1:41:21 AM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files (x86)\PamFax\office
integration\adxloader.dll.Manifest".Error in manifest or policy file "c:\program
files (x86)\PamFax\office integration\adxloader.dll.Manifest" on line 2. The manifest
file root element must be assembly.

Error - 4/22/2012 7:45:04 PM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/22/2012 7:46:49 PM | Computer Name = Stamppot-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "c:\program files (x86)\PamFax\office
integration\adxloader.dll.Manifest".Error in manifest or policy file "c:\program
files (x86)\PamFax\office integration\adxloader.dll.Manifest" on line 2. The manifest
file root element must be assembly.

[ System Events ]
Error - 3/14/2012 7:14:52 PM | Computer Name = Stamppot-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/19/2012 10:44:40 PM | Computer Name = Stamppot-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/24/2012 1:42:20 PM | Computer Name = Stamppot-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/1/2012 8:41:39 AM | Computer Name = Stamppot-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/9/2012 8:45:59 PM | Computer Name = Stamppot-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 4/10/2012 10:35:28 PM | Computer Name = Stamppot-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/14/2012 1:50:45 PM | Computer Name = Stamppot-PC | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

Error - 4/14/2012 10:04:13 PM | Computer Name = Stamppot-PC | Source = DCOM | ID = 10000
Description =

Error - 4/14/2012 10:04:44 PM | Computer Name = Stamppot-PC | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
2 time(s).

Error - 4/14/2012 10:19:52 PM | Computer Name = Stamppot-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:17:56 PM on ?4/?14/?2012 was unexpected.


< End of report >







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 19:09:09
-----------------------------
19:09:09.411 OS Version: Windows x64 6.1.7601 Service Pack 1
19:09:09.411 Number of processors: 2 586 0x170A
19:09:09.411 ComputerName: STAMPPOT-PC UserName: Stamppot
19:09:24.325 Initialize success
19:09:36.473 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:09:36.473 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 3
19:09:36.598 Disk 0 MBR read successfully
19:09:36.598 Disk 0 MBR scan
19:09:36.613 Disk 0 Windows VISTA default MBR code
19:09:36.645 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:09:36.676 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294583 MB offset 3074048
19:09:36.723 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9161 MB offset 606380032
19:09:36.816 Disk 0 scanning C:\windows\system32\drivers
19:09:53.181 Service scanning
19:10:27.423 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:11:06.610 Modules scanning
19:11:06.625 Disk 0 trace - called modules:
19:11:06.688 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:11:06.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c41060]
19:11:06.703 3 CLASSPNP.SYS[fffff88001b5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046cb050]
19:11:06.719 Scan finished successfully
19:11:49.448 Disk 0 MBR has been saved successfully to "C:\Users\Stamppot\Desktop\OTL\MBR.dat"
19:11:49.463 The log file has been saved successfully to "C:\Users\Stamppot\Desktop\OTL\20120429_aswMBR.txt"
  • 0

#4
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi buice,

Step One: Remove Programs

Please remove the following programs using Add/Remove programs if they are listed:

Java™ 6 Update 17
Bing Bar
Ask Toolbar
MarketResearch
Coupon Printer for Windows


Step Two: OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    [2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Three: Run Malwarebyte's Anti-Malware

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Four: Run Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What I need in your next post:
1. The OTL logs.
2. The report from MBAM.
3. The report from Security Check.
4. Let me know if there have been any improvements with your computer and what problems remain.
  • 0

#5
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks for your reply. Here are the items you requested:

Step One: Remove Programs

Done, except for “MarketResearch” (I could not find an option to remove that one)

Step Two: OTL Fix

Done, and note that during the process I continually got the message from Online Armor: “C:\windows\system32\SearchIndexer.exe is blocked”. I get this message fairly often, but it came up a lot while OTL was running the fix.

Log:
All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3766221614-456536743-877849824-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
C:\windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stamppot\Desktop\OTL\cmd.bat deleted successfully.
C:\Users\Stamppot\Desktop\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stamppot
->Temp folder emptied: 312073455 bytes
->Temporary Internet Files folder emptied: 391064507 bytes
->Java cache emptied: 533803 bytes
->FireFox cache emptied: 103683014 bytes
->Opera cache emptied: 17550083 bytes
->Flash cache emptied: 43569 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 215621347 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 91307248 bytes

Total Files Cleaned = 1,080.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Stamppot
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stamppot
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 05012012_080748

Files\Folders moved on Reboot...
C:\Users\Stamppot\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Stamppot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{91E0F5F4-1DD7-4A98-B8E5-873C3A8E1B38}.tmp not found!
File\Folder C:\Users\Stamppot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{02019602-4A96-49C8-8E3F-843D8A8A2417}.tmp not found!
File\Folder C:\Users\Stamppot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7BB96427-A9D8-4AA4-9001-D33866AE1558}.tmp not found!
File\Folder C:\Users\Stamppot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F4A2AD5F-AEC4-43AE-9055-CB1FA47DBDB7}.tmp not found!
C:\Users\Stamppot\AppData\Local\Mozilla\Firefox\Profiles\6fifznt0.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

Step Three: Run Malwarebyte's Anti-Malware

Done, “No malicious items were detected”

Report:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stamppot :: STAMPPOT-PC [administrator]

5/1/2012 8:25:50 AM
mbam-log-2012-05-01 (08-25-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197205
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Step Four: Run Security Check

Done.

Report:
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Online Armor 4.5
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.4
SpywareGuard v2.2
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
  • 0

#6
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
How is your computer running? What problems are remaining?
  • 0

#7
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
There are still periods where my system will be slow (there is usually an audible sound - the fan perhaps - when the sound goes away the system goes back to normal). Any chance the SearchIndexer that is being blocked by Online Armor is relevant?
  • 0

#8
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi buice,

Any chance the SearchIndexer that is being blocked by Online Armor is relevant?


Yes, that is relevant. First, we'll check if that file is infected.

Step One: Submit File

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\windows\system32\SearchIndexer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step Two: Run ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



What I need in your next post:
1. The VirSCAN results.
2. The ComboFix log, C:\ComboFix.txt.
  • 0

#9
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks again - here are the results you requested:

VirSCAN.org Scanned Report :
Scanned time : 2012/05/03 06:54:14 (EDT)
Scanner results: Scanners did not find malware!
File Name : SearchIndexer.exe
File Size : 427520 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 236f286e103fd44bd85fdd93097fd5dd
SHA1 : 855df07d843bebc54597f29e028ccfa5b45fbe22
Online report : http://r.virscan.org...120027760bfa808

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 00050000000000 0005-00-00 7.13 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.10 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.36 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.47 -
Arcavir 2011 201205021247 2012-05-02 4.51 -
Authentium 5.1.1 201205022342 2012-05-02 1.63 -
AVAST! 4.7.4 120502-1 2012-05-02 0.57 -
AVG 12.0.1782 2409/4974 2012-05-02 0.49 -
BitDefender 7.90123.7127096 7.42133 2012-05-02 3.87 -
ClamAV 0.97.3 14872 2012-05-03 0.44 -
Comodo 5.1 12214 2012-05-02 2.49 -
CP Secure 1.3.0.5 2012.05.03 2012-05-03 0.45 -
Dr.Web 7.0.1.2210 2012.05.01 2012-05-01 13.41 -
F-Prot 4.6.2.117 20120502 2012-05-02 1.19 -
F-Secure 7.02.73807 2012.05.03.03 2012-05-03 2.78 -
Fortinet 4.3.392 15.489 2012-05-02 0.23 -
GData 22.4846 20120503 2012-05-03 5.25 -
ViRobot 20120502 2012.05.02 2012-05-02 0.37 -
Ikarus T3.1.32.20.0 2012.05.03.81096 2012-05-03 5.17 -
JiangMin 13.0.900 2012.05.03 2012-05-03 2.13 -
Kaspersky 5.5.10 2012.05.03 2012-05-03 0.47 -
KingSoft 2009.2.5.15 2012.5.3.9 2012-05-03 0.92 -
McAfee 5400.1158 6699 2012-05-02 8.80 -
Microsoft 1.8304 2012.05.03 2012-05-03 3.44 -
NOD32 3.0.21 7107 2012-05-03 0.41 -
Panda 9.05.01 2012.05.02 2012-05-02 2.80 -
Trend Micro 9.500-1005 8.965.00 2012-05-02 0.39 -
Quick Heal 11.00 2012.05.02 2012-05-02 1.10 -
Rising 20.0 24.08.02.02 2012-05-02 2.72 -
Sophos 3.30.0 4.76 2012-05-03 5.21 -
Sunbelt 11868 11868 2012-05-02 0.85 -
Symantec 1.3.0.24 20120502.005 2012-05-02 0.64 -
nProtect 20120430.01 11213036 2012-04-30 1.47 -
The Hacker 6.7.0.1 v00457 2012-05-02 0.62 -
VBA32 3.12.16.4 20120502.0732 2012-05-02 3.68 -
VirusBuster 5.5.0.2 14.2.54.0/8581270 2012-05-02 0.37 -




ComboFix 12-05-03.01 - Stamppot 05/03/2012 7:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2410 [GMT -4:00]
Running from: c:\users\Stamppot\Desktop\OTL\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Disabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 11:20 . 2012-05-03 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 11:04 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D682332-F892-431A-AA0A-CD91FE685DCB}\mpengine.dll
2012-05-01 12:25 . 2012-05-01 12:25 -------- d-----w- c:\users\Stamppot\AppData\Roaming\Malwarebytes
2012-05-01 12:25 . 2012-05-01 12:25 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 12:24 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 12:24 . 2012-05-01 12:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-01 12:07 . 2012-05-01 12:07 -------- d-----w- C:\_OTL
2012-04-11 02:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:21 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:21 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 12:15 . 2012-04-01 13:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 12:15 . 2011-05-14 23:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 12:14 . 2012-04-01 22:54 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 08:46 . 2010-10-23 05:51 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-17 06:38 . 2012-03-14 02:13 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 02:13 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 02:13 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 02:13 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-11 03:18 . 2012-02-11 03:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAA5A6C1-B4AC-4778-8E6C-C6272B444CEA}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 02:13 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 02:13 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-05 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys [2010-08-27 53840]
S1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2010-08-27 54896]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys [2010-08-27 37872]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-01-14 135608]
S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe [2010-08-27 380272]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]
S2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe [2010-08-27 3638240]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"@OnlineArmor GUI"="c:\program files (x86)\Online Armor\OAui.exe" [2010-08-27 2356848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\6fifznt0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Perler - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-03 07:31:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-03 11:31
.
Pre-Run: 257,529,147,392 bytes free
Post-Run: 257,020,108,800 bytes free
.
- - End Of File - - 7C335118662029CE0248C2998F8896E5
  • 0

#10
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi buice,

Thanks again


You're welcome!

Step One: Disable Search Indexer

  • Open Control Panel-> Programs and Features.
  • In the left side menu, select Turn Windows Features on or off.
  • Remove the check mark from the Indexing Service option.

Step Two: Run ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step Three: How is your computer running?

Please let me know how your computer is running and what problems remain.


What I need in your next post:
1. The ESET Online Scanner results.
2. A list of problems that remain.
  • 0

Advertisements


#11
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Great, I'll run those steps and respond ideally Sunday evening (I'll be away from my machine for a couple of days).
  • 0

#12
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
I ran the scan and had no derogatory results. Here is the log:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

As for how my machine is performing, after running that last round of procedures my machine will now stall for extended periods of time when I am online. For example, if I click a link (e.g. from a google search results page) I will get a delay while the display indicates "connecting...". I may need to wait minutes at a time before closing the browser and/or restarting the computer. I had similar delays before, but nothing this dramatic. Any ideas? Do I need to re-activate the search indexer? Note that I am still getting the same message from Online Armor about search indexer being blocked.
  • 0

#13
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi buice,

Step One: Run Kaspersky AVP

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image



Step Two: OTL Custom scan

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    %SYSTEMDRIVE%\SearchIndexer.exe /s /md5
    tasklist /SVC /c
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.


What I need in your next post:
1. Both AVP logs.
3. The OTL log, OTL.txt.
  • 0

#14
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks for the reply. I tried running the scan but ran out of time after ~2 hours. I'll have to try this again at the end of next week (i.e. when I can devote the time to running the scan). I'll report back after then.
  • 0

#15
buice

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Okay, I ran the steps and have attached/pasted as requested. Note that there were no detected threats after the first AVP scan, so there is no log.

OTL logfile created on: 5/18/2012 9:02:28 PM - Run 3
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Stamppot\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 40.25% Memory free
7.74 Gb Paging File | 5.53 Gb Available in Paging File | 71.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.68 Gb Total Space | 236.79 Gb Free Space | 82.31% Space Free | Partition Type: NTFS

Computer Name: STAMPPOT-PC | User Name: Stamppot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 07:18:54 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/12 15:02:32 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2012/04/26 21:11:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stamppot\Desktop\OTL\OTL.exe
PRC - [2012/01/13 23:22:16 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/06/05 09:03:27 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 06:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/08/27 18:22:00 | 002,356,848 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2010/08/27 18:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2010/08/27 18:21:58 | 000,969,944 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2010/08/27 18:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2003/08/29 22:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 14:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 07:18:52 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/17 21:06:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll
MOD - [2012/05/17 19:56:05 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/17 19:55:56 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/17 19:55:32 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/17 19:55:27 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/17 19:55:16 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/06 22:14:53 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/01/16 21:09:26 | 000,756,288 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.Office.Interop.Visio\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.dll
MOD - [2012/01/16 21:09:26 | 000,195,184 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.Office.Interop.FrontPage\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.FrontPage.dll
MOD - [2012/01/16 21:09:25 | 000,780,904 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.Office.Interop.MSProject\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.MSProject.dll
MOD - [2012/01/03 22:51:03 | 003,190,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/03 22:50:59 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/12/14 14:47:44 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\PamFax\Office Integration\adxloader.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 21:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/10/12 01:46:28 | 000,907,120 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
MOD - [2010/10/12 01:46:21 | 000,247,680 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
MOD - [2010/10/12 01:46:20 | 000,386,944 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
MOD - [2010/10/12 01:46:00 | 000,004,608 | ---- | M] () -- C:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2010/10/12 01:45:44 | 000,972,664 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2010/10/12 01:45:28 | 001,550,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
MOD - [2003/08/29 22:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 14:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
MOD - [2003/08/03 02:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files (x86)\SpywareGuard\dlprotect.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/18 07:18:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/12 15:02:32 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2012/05/06 22:14:55 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 23:22:16 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/10/22 17:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/29 07:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 07:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/09/01 18:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/27 18:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/08/27 18:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 22:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/27 18:22:16 | 000,032,728 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 12:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 20:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/08/27 18:22:36 | 000,054,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2010/08/27 18:22:16 | 000,037,872 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2010/08/27 18:22:14 | 000,053,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AF58695A-3854-4A4C-BFA9-D6AE61862BAF}
IE:64bit: - HKLM\..\SearchScopes\{AF58695A-3854-4A4C-BFA9-D6AE61862BAF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {A040139A-9FF0-49C2-A31C-8ABECE589042}
IE - HKLM\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes,DefaultScope = {3BE3DA78-EA4F-44E4-AD26-C6F641CDB248}
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes\{3BE3DA78-EA4F-44E4-AD26-C6F641CDB248}: "URL" = http://www.google.co...1I7TSNA_enUS401
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes\{7198829E-5455-441A-AF49-B0971AD12E24}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-3766221614-456536743-877849824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 14:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/05 09:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 07:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/01 08:06:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 14:18:56 | 000,000,000 | ---D | M]

[2010/10/12 00:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Extensions
[2012/05/11 06:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\6fifznt0.default\extensions
[2012/05/11 07:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/11 07:04:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/18 07:18:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/18 07:18:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/10/24 15:27:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/05/18 07:18:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/03 07:22:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\OAui.exe (Emsi Software GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_32887918.lnk = C:\Users\Stamppot\AppData\Local\Temp\_uninst_32887918.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3766221614-456536743-877849824-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3766221614-456536743-877849824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...rt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E895CAFD-2B11-4838-B24E-C30C87F23C0B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2012/05/18 20:56:58 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Roaming\HPAppData
[2012/05/18 07:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 07:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/17 20:28:44 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\32887918.sys
[2012/05/12 17:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/12 17:06:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/12 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\Diagnostics
[2012/05/12 15:02:44 | 000,217,400 | ---- | C] (Cisco WebEx LLC) -- C:\windows\SysWow64\atsckernel.exe
[2012/05/12 15:02:44 | 000,134,456 | ---- | C] (Cisco WebEx LLC) -- C:\windows\SysWow64\atashost.exe
[2012/05/12 15:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2012/05/12 13:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/12 09:44:31 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\LexarMedia
[2012/05/12 09:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Credant
[2012/05/11 07:08:13 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/11 07:08:11 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/11 07:08:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/11 07:08:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/05/11 07:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/06 20:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/03 07:34:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/03 07:05:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/03 07:05:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/03 07:05:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/03 07:05:04 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/03 07:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/01 08:25:20 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Roaming\Malwarebytes
[2012/05/01 08:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 08:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/01 08:24:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/01 08:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/01 08:07:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/29 19:06:07 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/04/27 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\Shuttle
[2012/04/26 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\OTL
[2012/04/22 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{B8CCE964-991D-4EF1-AA53-1C5569AB74BD}
[2012/04/22 19:16:13 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{ACC6F600-18C7-426B-9DCB-D0860B7797E5}
[2012/04/22 17:51:43 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{75D2438B-0B80-4DB8-813F-6FB49409D257}
[2012/04/22 17:51:21 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{190ADBA3-4C52-47E2-BA7D-00712216D487}
[2012/04/22 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{4F0886FD-99A6-428B-BC7F-A391A80C06A8}
[2012/04/22 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{1D10AF8E-7952-4424-9EFE-062590D0C7DC}
[2012/04/22 16:05:34 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Local\{526DEC6F-D627-4A16-BDE9-DE5C10BBBEFE}
[2012/04/22 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\Ama Bday
[2012/04/10 22:25:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/10 22:25:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/10 22:25:40 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/10 22:25:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/10 22:25:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/10 22:25:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/10 22:25:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/10 22:25:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/10 22:25:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/10 22:25:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/10 22:25:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/10 22:21:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/10 22:21:32 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/10 22:21:31 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/01 18:54:45 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/01 09:57:27 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

========== Files - Modified Within 60 Days ==========

[2012/05/18 20:53:12 | 000,729,880 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/18 20:53:12 | 000,626,540 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/18 20:53:12 | 000,107,784 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/18 20:50:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/18 07:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 20:30:55 | 000,001,024 | ---- | M] () -- C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_32887918.lnk
[2012/05/17 20:00:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 20:00:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 19:50:39 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/12 18:44:32 | 000,425,496 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/12 17:12:25 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/05/12 17:12:09 | 000,744,030 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/12 17:04:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\32887918.sys
[2012/05/12 16:50:27 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/12 15:06:51 | 122,601,808 | ---- | M] () -- C:\Users\Stamppot\Desktop\blackberrydesktopsoftware.exe
[2012/05/12 15:02:32 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\windows\SysWow64\atashost.exe
[2012/05/12 15:02:30 | 000,217,400 | ---- | M] (Cisco WebEx LLC) -- C:\windows\SysWow64\atsckernel.exe
[2012/05/06 22:14:54 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/05/06 22:14:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/06 22:14:12 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/03 07:22:58 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/29 19:06:01 | 738,046,232 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/03/31 02:05:57 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/31 00:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/31 00:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\NisDrvWFP.sys

========== Files Created - No Company Name ==========

[2012/05/17 20:30:54 | 000,001,024 | ---- | C] () -- C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_32887918.lnk
[2012/05/12 16:50:27 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/12 15:06:25 | 122,601,808 | ---- | C] () -- C:\Users\Stamppot\Desktop\blackberrydesktopsoftware.exe
[2012/05/03 07:05:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/03 07:05:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/03 07:05:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/03 07:05:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/03 07:05:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/29 19:06:01 | 738,046,232 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/04/01 09:57:33 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2011/02/20 19:26:29 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/14 14:07:05 | 000,207,034 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/11/06 14:53:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 01:11:30 | 000,054,896 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2010/10/12 01:11:30 | 000,053,840 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\SearchIndexer.exe /s /md5 >
[2011/05/04 00:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=236F286E103FD44BD85FDD93097FD5DD -- C:\Windows\System32\SearchIndexer.exe
[2011/05/04 00:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=236F286E103FD44BD85FDD93097FD5DD -- C:\Windows\SysWOW64\SearchIndexer.exe
[2009/07/13 21:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) MD5=AD31942BDF3D594C404874613BC2FE4D -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7600.16385_none_cf4f145f352676dd\SearchIndexer.exe
[2011/05/04 01:24:09 | 000,593,408 | ---- | M] (Microsoft Corporation) MD5=8CD2A697B18069A62A035E756E51E934 -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7600.16808_none_cfa89e1b34e2d51d\SearchIndexer.exe
[2011/05/04 01:14:18 | 000,593,408 | ---- | M] (Microsoft Corporation) MD5=C4C0779BC5CF45F91ABB29325B9E8371 -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7600.20959_none_cffd2b944e2819f3\SearchIndexer.exe
[2009/07/13 21:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) MD5=AD31942BDF3D594C404874613BC2FE4D -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchIndexer.exe
[2011/05/04 01:19:28 | 000,591,872 | ---- | M] (Microsoft Corporation) MD5=E0B340996A41C9A75DFA3B99BBA9C500 -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchIndexer.exe
[2011/05/04 01:18:51 | 000,591,872 | ---- | M] (Microsoft Corporation) MD5=E0779417540301DB5BDB74B784FC310C -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_d1faf5c44b3e4dfd\SearchIndexer.exe
[2009/07/13 21:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) MD5=622D95520182F6D3D05310D5810CA8B3 -- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7600.16385_none_d9a3beb1698738d8\SearchIndexer.exe
[2011/05/04 00:52:12 | 000,428,032 | ---- | M] (Microsoft Corporation) MD5=71402C7923F6B7F8ACB48E50F35463E7 -- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7600.16808_none_d9fd486d69439718\SearchIndexer.exe
[2011/05/04 00:32:15 | 000,428,032 | ---- | M] (Microsoft Corporation) MD5=9914FAC167B4B753B4B0954CE5D826DF -- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7600.20959_none_da51d5e68288dbee\SearchIndexer.exe
[2009/07/13 21:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) MD5=622D95520182F6D3D05310D5810CA8B3 -- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchIndexer.exe
[2011/05/04 00:28:31 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=236F286E103FD44BD85FDD93097FD5DD -- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_dbd0d3376679543d\SearchIndexer.exe
[2011/05/04 00:25:57 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=EAABB1781F0CC738C0257DA799C43986 -- C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_dc4fa0167f9f0ff8\SearchIndexer.exe

< tasklist /SVC /c >
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 304 N/A
csrss.exe 408 N/A
wininit.exe 460 N/A
csrss.exe 472 N/A
services.exe 520 N/A
lsass.exe 556 EFS, KeyIso, SamSs
lsm.exe 564 N/A
winlogon.exe 604 N/A
svchost.exe 692 DcomLaunch, PlugPlay, Power
svchost.exe 772 RpcEptMapper, RpcSs
MsMpEng.exe 864 MsMpSvc
svchost.exe 908 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 948 AudioEndpointBuilder, HomeGroupListener,
Netman, PcaSvc, SysMain, TrkWks, UxSms,
Wlansvc, wudfsvc
svchost.exe 976 AeLookupSvc, Appinfo, BITS, Browser,
EapHost, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, ProfSvc, RasMan, Schedule,
seclogon, SENS, ShellHWDetection, Themes,
Winmgmt, wuauserv
svchost.exe 1076 EventSystem, fdPHost, netprofm, nsi,
SstpSvc, WdiServiceHost, WinHttpAutoProxySv
svchost.exe 1204 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TapiSrv
oacat.exe 1428 OAcat
oasrv.exe 1476 SvcOnlineArmor
dwm.exe 1604 N/A
explorer.exe 1628 N/A
spoolsv.exe 1856 Spooler
svchost.exe 1900 BFE, DPS, MpsSvc
taskhost.exe 2008 N/A
igfxtray.exe 640 N/A
hkcmd.exe 1148 N/A
igfxpers.exe 1256 N/A
cAudioFilterAgent64.exe 1292 N/A
igfxsrvc.exe 244 N/A
atashost.exe 768 atashost
SynTPEnh.exe 592 N/A
TPwrMain.exe 1924 N/A
SmoothView.exe 1680 N/A
svchost.exe 1820 FDResPub, FontCache, SSDPSRV, upnphost,
wcncsvc
TCrdMain.exe 1980 N/A
svchost.exe 2120 hpqcxs08, hpqddsvc
ccSvcHst.exe 2224 PCCUJobMgr
TosNcCore.exe 2400 N/A
TosReelTimeMonitor.exe 2428 N/A
oaui.exe 2440 N/A
oahlp.exe 2700 N/A
sprtsvc.exe 2760 sprtsvc_verizondm
svchost.exe 2840 stisvc
tgsrvc.exe 2972 tgsrvc_verizondm
TODDSrv.exe 2712 TODDSrv
TosCoSrv.exe 1416 TosCoSrv
WLIDSVC.EXE 2536 wlidsvc
igfxext.exe 3084 N/A
WLIDSVCM.EXE 3168 N/A
svchost.exe 3772 HPSLPSVC
ccSvcHst.exe 3252 N/A
svchost.exe 3420 PolicyAgent
wmpnetwk.exe 4332 WMPNetworkSvc
svchost.exe 4432 p2pimsvc, p2psvc, PNRPsvc
msseces.exe 4776 N/A
Skype.exe 4304 N/A
hpqtra08.exe 4104 N/A
sgmain.exe 2932 N/A
ToshibaServiceStation.exe 4976 N/A
sprtcmd.exe 5100 N/A
SynTPHelper.exe 4288 N/A
sgbhp.exe 3880 N/A
dllhost.exe 5256 N/A
TosSmartSrv.exe 5380 TOSHIBA HDD SSD Alert Service
TosSENotify.exe 3660 N/A
TMachInfo.exe 664 TMachInfo
SymcPCCULaunchSvc.exe 1912 Norton PC Checkup Application Launcher
firefox.exe 7436 N/A
plugin-container.exe 7800 N/A
realsched.exe 2144 N/A
WINWORD.EXE 5300 N/A
OSPPSVC.EXE 4324 osppsvc
splwow64.exe 5908 N/A
iexplore.exe 3620 N/A
iexplore.exe 5008 N/A
hpswp_clipbook.exe 6120 N/A
iexplore.exe 6736 N/A
OSE.EXE 6660 ose
TrustedInstaller.exe 4040 TrustedInstaller
OTL.exe 7496 N/A
svchost.exe 424 WerSvc
cmd.exe 2448 N/A
conhost.exe 6216 N/A
tasklist.exe 2172 N/A
WmiPrvSE.exe 1260 N/A

< End of report >

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP