Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer, Virus? [Closed]

Started by Lustig426 , Nov 01 2012 09:37 PM

  • This topic is locked This topic is locked

#1
Lustig426
Posted 01 November 2012 - 09:37 PM

Lustig426

    New Member

  • Member
  • Pip
  • 4 posts
Hi,

For the past month or so I have noticed a slowing down of my computer. There have also been subtle changes that I have not done myself such as the toolbar moving around and toolbars being added to the internet browser. (I use firefox and IE). I was wondering what is the best thing to do to get rid of the virus I am guessing I have on my laptop.

PLEASE HELP!

Thank you.
  • 0

Advertisements

#2
Lustig426
Posted 01 November 2012 - 10:18 PM

Lustig426

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I also ran the OTL software. Here are the results:

OTL logfile created on: 11/1/2012 11:51:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\joe\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.26% Memory free
8.17 Gb Paging File | 5.85 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.69 Gb Total Space | 168.45 Gb Free Space | 58.35% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/01 23:50:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\joe\Downloads\OTL.exe
PRC - [2012/10/28 19:33:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/28 16:46:16 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/10/28 16:46:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/09 17:53:33 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2011/09/07 12:33:26 | 027,727,712 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/16 19:32:19 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
PRC - [2010/02/04 06:10:48 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2010/02/04 06:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/10 21:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2007/12/13 22:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/28 19:33:55 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:13 | 012,435,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/10/09 17:53:33 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/02 11:06:56 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/06/12 19:06:00 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/12 18:56:41 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/12 04:26:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 04:14:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll
MOD - [2012/05/12 04:12:16 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 04:12:04 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/04 06:10:48 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
MOD - [2010/02/04 06:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2010/02/04 05:52:35 | 000,081,920 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2010/02/04 05:52:27 | 000,380,928 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2010/02/04 05:52:26 | 001,036,288 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2010/02/04 05:35:59 | 000,069,632 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2010/01/21 06:09:29 | 000,036,864 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\app4r.monitor.core.dll
MOD - [2010/01/21 06:09:28 | 000,028,672 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\app4r.monitor.common.dll
MOD - [2010/01/21 06:08:32 | 000,065,536 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2009/10/16 12:53:41 | 000,188,416 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2009/10/16 12:53:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducats.dll
MOD - [2008/07/10 21:35:34 | 000,765,952 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/07/10 21:35:28 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/10/16 16:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/10/16 15:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2008/05/01 00:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 23:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/24 22:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/04/08 01:58:44 | 000,870,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/02/06 17:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 21:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 20:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/10/28 19:33:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/28 16:46:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/09 17:53:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:27:34 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/16 19:32:19 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 15:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/10/16 13:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/07/10 20:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 21:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/04/11 14:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/01 23:25:26 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/10/28 16:46:36 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/01 01:28:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/18 22:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 20:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/04/28 10:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/04/15 13:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/08 06:24:48 | 004,257,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/27 23:36:28 | 000,174,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/02/21 13:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:46:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/12/11 18:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 21:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 18:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 02:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 02:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV - [2012/10/30 07:56:09 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/28 16:46:36 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/10/28 16:46:36 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/10/05 14:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121005.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/13 03:13:29 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121101.017\ex64.sys -- (NAVEX15)
DRV - [2012/09/13 03:13:28 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121101.017\eng64.sys -- (NAVENG)
DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121101.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 21:07:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 21:07:25 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42E9EDCE-A13E-4E4B-A03C-2189F087EC10}
IE:64bit: - HKLM\..\SearchScopes\{42E9EDCE-A13E-4E4B-A03C-2189F087EC10}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{2E27B516-55AE-4138-AB2D-AFD9E4C896A4}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{4B0AC9E7-A519-4B9E-BB82-B599EBC6B584}: "URL" = http://websearch.ask...D-D5469201AAB2
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSHB_enUS324
IE - HKCU\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}:10.13.1.89
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.13.2
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\joe\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\joe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/11 14:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/11/01 23:25:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 19:33:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 19:33:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\joe\AppData\Roaming\Move Networks [2009/09/19 23:02:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 19:33:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 19:33:50 | 000,000,000 | ---D | M]

[2009/05/25 16:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joe\AppData\Roaming\Mozilla\Extensions
[2012/10/23 09:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\extensions
[2012/10/11 13:50:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/10/02 16:55:59 | 000,000,000 | ---D | M] (Produtools Manuals 2.1) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\extensions\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}
[2012/02/04 18:27:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/12/09 18:51:31 | 000,002,580 | ---- | M] () -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\searchplugins\askcom.xml
[2011/08/07 10:57:29 | 000,009,987 | ---- | M] () -- C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\hnf7rsm5.default\searchplugins\mywebsearch.xml
[2012/10/28 19:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/01 23:25:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_13_2
[2012/02/11 14:40:15 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/10/28 19:33:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/28 18:09:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/28 18:09:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: LivingPlay Textlinks Plugin (Enabled) = C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\joe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\joe\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: LivingPlay = C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (BetterLinks) - {6921710F-6AC6-4113-8AE6-82A1660EBB09} - C:\Program Files (x86)\BetterLinks\BetterLinks.dll (MashLogic Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files (x86)\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series] C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxduamon] C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bna.com ([vpa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: orioles.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: smarthrmanager.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} https://znycsslvpn1....ihd VSFlex8.CAB (ComponentOne FlexGrid 8.0 (UNICODE Light))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://znycsslvpn1....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} https://znycsslvpn1....eXClipboard.CAB (Altiris Clipboard Helper)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8318F866-762E-4871-A55B-361C2BCE8E53}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/28 19:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/30 21:06:10 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\joe\gotomypc_635.exe
[2010/02/04 09:56:48 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\joe\gotomypc_533.exe
[51 C:\Users\joe\Documents\*.tmp files -> C:\Users\joe\Documents\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/01 23:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/01 23:31:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000UA.job
[2012/11/01 23:26:39 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2012/11/01 23:25:51 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/01 23:25:26 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/11/01 23:24:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/01 23:24:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/01 23:24:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/01 23:24:28 | 4292,861,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/01 23:18:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/01 21:19:32 | 000,002,611 | ---- | M] () -- C:\Users\joe\Desktop\Microsoft Office Word 2007.lnk
[2012/11/01 14:31:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3855902550-1182629119-1387110158-1000Core.job
[2012/10/30 21:43:13 | 000,007,052 | ---- | M] () -- C:\Users\joe\AppData\Local\d3d9caps.dat
[2012/10/28 16:46:36 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/10/25 10:46:52 | 000,836,354 | ---- | M] () -- C:\Users\joe\Documents\EBRI_IB_10-2012_No377_RetHlth.pdf
[2012/10/18 19:56:55 | 002,637,914 | ---- | M] () -- C:\Users\joe\Documents\Control Scan.mht
[2012/10/18 11:55:36 | 000,020,992 | ---- | M] () -- C:\Users\joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/11 10:43:16 | 000,000,113 | ---- | M] () -- C:\Users\joe\Desktop\NAPW Community Wall.url
[2012/10/11 03:04:00 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[51 C:\Users\joe\Documents\*.tmp files -> C:\Users\joe\Documents\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/25 10:46:52 | 000,836,354 | ---- | C] () -- C:\Users\joe\Documents\EBRI_IB_10-2012_No377_RetHlth.pdf
[2012/10/18 19:56:53 | 002,637,914 | ---- | C] () -- C:\Users\joe\Documents\Control Scan.mht
[2012/02/26 16:06:29 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/04 11:07:38 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2011/11/04 11:07:38 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2011/11/04 11:07:38 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2011/11/04 11:07:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2011/11/04 11:07:38 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2011/11/04 11:07:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2011/11/04 11:07:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2011/11/04 11:07:38 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2011/11/04 11:07:38 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2011/11/04 11:07:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2011/11/04 11:07:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2011/11/04 11:07:38 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2011/11/04 11:07:38 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2011/11/04 11:07:38 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2011/11/04 10:39:12 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2011/11/04 10:39:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2011/02/21 11:37:30 | 001,291,936 | ---- | C] () -- C:\Users\joe\Nutmobile_HR.pdf
[2011/01/17 13:03:25 | 000,000,732 | ---- | C] () -- C:\Users\joe\AppData\Local\d3d9caps64.dat
[2010/07/21 14:59:22 | 000,072,080 | ---- | C] () -- C:\Users\joe\g2mdlhlpx.exe
[2009/12/23 21:29:01 | 000,020,992 | ---- | C] () -- C:\Users\joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 13:12:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations
[2009/11/01 13:12:22 | 000,000,268 | RH-- | C] () -- C:\Users\joe\AppData\Roaming\Light Machine
[2009/11/01 13:12:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/04/29 21:41:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/23 13:48:54 | 000,007,052 | ---- | C] () -- C:\Users\joe\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/21 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\5600-6600 Series
[2010/10/03 09:19:06 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\Avery
[2011/11/05 12:25:01 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\BitTorrent
[2012/03/05 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\FixCleaner
[2009/10/18 15:23:57 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\GetRightToGo
[2009/11/25 14:36:01 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\ICAClient
[2011/08/08 20:24:42 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\ID Vault
[2011/11/24 17:04:35 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\Juniper Networks
[2011/11/08 00:30:50 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\Lexmark Productivity Studio
[2009/11/01 13:16:20 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\Nikon
[2011/09/22 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\OpenCandy
[2012/08/29 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\PCCUStubInstaller
[2011/06/06 23:28:47 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\Sammsoft
[2011/08/07 11:17:21 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\Tific
[2009/08/06 22:50:34 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\TOSHIBA
[2010/01/30 20:55:05 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/10/29 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\joe\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:108D3361
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#3
Satchfan
Posted 02 November 2012 - 03:50 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello Lustig426 and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly.

Satchfan
  • 0

#4
Satchfan
Posted 02 November 2012 - 05:05 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello again.

You do indeed have some dodgy toolbars but hopefully that is all you have.

We’ll get rid of them and check to make sure they were alone and not accompanying things more sinister.


P2P - I see you have P2P software, (BitTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply
===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply

Please run OTL again when you have completed the above instructions.

Logs to be included in your next post :

AdwCleaner log
aswMBR log
OTL.txt

Can you also post Extras.txt which was produced when you ran OTL the first time: it should be in your downloads folder where OTL was saved.

Thanks

Satchfan
  • 0

#5
Satchfan
Posted 05 November 2012 - 04:51 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hi Lustig426

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan
  • 0

#6
Satchfan
Posted 06 November 2012 - 10:22 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP